ICANN WHOIS: how to use the official lookup tool
ICANN Lookup is the official tool for checking domain registration data. Here is how to use it, what it shows, and where its limits are.
The ICANN (Internet Corporation for Assigned Names and Numbers) is the organization that coordinates internet naming policies worldwide. Its official lookup tool, lookup.icann.org, lets you search the registration data for any domain name. For users who want the authoritative source rather than a third-party aggregator, ICANN Lookup is the right starting point. This article covers how to use it, what it actually shows, the institutional role of ICANN in the WHOIS system, and where the tool's real limits are.
How to use the ICANN WHOIS lookup tool
The process is straightforward:
- Go to
https://lookup.icann.org - Type the domain name in the search field, with or without the extension, the tool accepts both
githubandgithub.com - Review the results under the "Registration Data" tab
Since 2019, ICANN Lookup queries RDAP in the background when the registry supports it, falling back to WHOIS for TLDs that have not yet migrated. The result is presented in a structured, readable format rather than raw protocol output.
What ICANN lookup shows (and what it does not)
| Field | Visible | Note |
|---|---|---|
| Registrar | Yes | Always displayed |
| Expiry date | Yes | Always displayed |
| Name servers | Yes | Always displayed |
| Domain status (EPP) | Yes | Always displayed |
| DNSSEC | Yes | Shown as signed or unsigned |
| Registrant name | Sometimes | Hidden if privacy enabled or GDPR redaction applies |
| Registrant email | Rarely | Redacted in the vast majority of records since 2018 |
| Registrant address | Rarely | Same, redacted for most personal registrants |
Since the GDPR came into force in 2018, the ICANN has not required registrars to publish personal registrant data for European individuals. The result: a large proportion of .com, .net, and .org registrations now show redacted or proxy contact fields. ICANN Lookup displays what the registrar has chosen to publish, it cannot surface data that has been legitimately withheld.
ICANN's role in the WHOIS system
ICANN is not a registry. It does not directly operate any WHOIS database. Its role is policy: ICANN defines what registries and registrars must collect, what they must publish, and how. The registries (Verisign for .com, AFNIC for .fr, PIR for .org) operate their own WHOIS and RDAP servers. ICANN Lookup aggregates these by querying each registry's endpoint for a given domain.
The system hierarchy looks like this:
ICANN (defines policies)
├── Registries (e.g., Verisign for .com), manage TLDs
│ └── WHOIS/RDAP servers per TLD
└── Registrars (e.g., Namecheap), sell domain registrations
└── Manage registrant data
ICANN accredits registrars and can sanction those who fail to meet their data collection and publication obligations. When a registrar publishes incorrect or incomplete WHOIS data (or when registrant contact information cannot be verified) ICANN compliance can open a complaint process.
How ICANN's WHOIS policies have evolved
The history of ICANN's WHOIS policy is essentially the history of the tension between data transparency and privacy rights:
- 1999. ICANN begins requiring accredited registrars to collect and publish registrant data (name, address, email, phone). This is the foundation of modern WHOIS policy.
- 2016-2018. GDPR debate. ICANN and registrars spend years disagreeing on whether WHOIS compliance is compatible with European privacy law. Eventually, ICANN acknowledges it cannot require publication of personal data for European individuals.
- 2018 (Temporary Specification for gTLD Registration Data. Registrars are permitted to redact personal registrant fields. The "temporary" label is something of a misnomer) this has become the de facto standard.
- 2019, RDAP becomes mandatory for all ICANN-accredited gTLD registries. ICANN Lookup starts using RDAP as its primary backend.
- 2020-2023 (EPDP Phase 2 (Expedited Policy Development Process). Community discussions on SSAD, a System for Standardized Access/Disclosure) a mechanism to allow verified third parties (law enforcement, IP lawyers, security researchers) to request non-public registrant data through a standardized process.
- Today. SSAD has not been deployed. Accredited third parties who need non-public registrant data must still contact each registrar directly with manual requests. There is no automated pathway.
ICANN WHOIS vs. RDAP: what changed in 2019
When ICANN mandated RDAP support for all gTLD registries in 2019, it also updated ICANN Lookup to use RDAP as its primary backend. For end users, the visible change is subtle: results are more consistent across TLDs, and certain structured fields (like EPP status descriptions) are more reliably populated. Behind the scenes, the tool stopped relying on fragile WHOIS text parsing for gTLD lookups.
For ccTLDs (.de, .uk, .jp), the migration to RDAP is still ongoing and not uniform. Some ccTLDs have robust RDAP endpoints; others still serve only WHOIS. ICANN Lookup handles this gracefully, falling back to WHOIS when RDAP is not available. For a technical comparison of the two protocols, see WHOIS vs RDAP.
Limitations of the ICANN lookup tool
Being direct about what the tool does not do:
- No history. ICANN Lookup shows only the current state of a domain. There is no way to see who owned it last year or what nameservers it used in 2019. For that, see domain registration history.
- No alerts. It is a point-in-time lookup tool. It does not monitor anything or notify you when something changes.
- One domain at a time. There is no bulk lookup functionality, no CSV upload, no batch API.
- Partial data for protected domains. Registrants with privacy protection or GDPR redaction will show proxy or empty contact fields.
- No public API. Direct RDAP queries (
curl https://rdap.verisign.com/com/v1/domain/example.com) are available to anyone, but ICANN Lookup itself does not expose a documented API.
ICANN Lookup is the right tool for a one-off, authoritative lookup (particularly when you want to verify data directly from the official source without relying on any intermediary. For everything beyond a single manual check) monitoring a portfolio, receiving expiry alerts, tracking nameserver changes, a dedicated tool is needed. Domain Sentinel queries RDAP directly and layers monitoring, alerting, and history on top of it. Run a lookup on any domain to see the difference.
Start with a domain you care about
Look it up for free. If you want alerts when status changes or expiry gets close, create an account. Takes about 30 seconds.