IT.COM

tips Checking domain name availability without using a website

Spaceship Spaceship
It's long been suspected that registrars may be registering domain names as customers search for them. Whether or not this is true, there's really no reason to be handing potential competitors your list of wanted domain names.

As a domainer, you're probably somewhat familiar with two useful services: DNS and WHOIS. What most people don't know is that WHOIS is actually a protocol that works very similarly to DNS. You can use a WHOIS client on your computer to query WHOIS servers without ever visiting a website that may be logging your requests. By combining DNS and WHOIS, it's a simple matter to test the validity of domains without tipping off the registrars.

Here are some handy instructions to build your own DNS and WHOIS toolkit. Note that checking the availability of a domain requires two steps:
  1. Run a DNS query for the domain name. If the result is NXDOMAIN--short for "non-existent domain"--then you're probably in luck. Note that receiving NXDOMAIN here doesn't necessarily mean the domain isn't registered; it just means there's no DNS information available for the domain.
  2. Run a WHOIS query for the domain name. This will return a definitive result from the registry.
Unfortunately, most registries limit the number of WHOIS queries that you can make in a short period of time. That's why you'll need to run the DNS query first: you'll be able to filter out most of the registered domains that way, and WHOIS will catch the few odd ones that are registered but lack DNS information.

Windows

Windows already comes with a simple DNS tool called nslookup. It's pretty straightforward to use.

Opening the command prompt

First, you'll need to open a command prompt:
  • Windows 7 and later: Open the Start menu or Start screen; you can do this by pressing the Windows key on your keyboard. Type cmd.exe and press Enter.
  • Windows XP and Vista: On your keyboard, hold the Windows key and press R. This will open a small Run dialog, with a single textbox. Type cmd.exe in the textbox and press Enter.
At this point, you should have a black window with white text. The last line will have a directory path, a greater-than symbol, and then a cursor. For example, here's what mine looks like:
Code:
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.

C:\Users\Paul>

Don't worry if yours says something a little different. What's important is that you're able to start typing.

Using nslookup

In the command prompt, type nslookup - 8.8.8.8 and press Enter. You should get something that looks like this:
Code:
Default Server:  google-public-dns-a.google.com
Address:  8.8.8.8

>

You'll be able to type after the greater-than symbol on the last line. If you get something different, make sure you types the code exactly as I wrote it, including the spaces.

Note: This will use Google's DNS servers. I chose Google because their DNS servers are fast and reliable, and I've never had an issue with my tested domain names being coincidentally registered the next day. If you don't trust Google, in place of 8.8.8.8, you can use 4.2.2.1 for Microsoft or 208.67.222.222 for OpenDNS. If you're particularly paranoid, you can also query a registry's nameservers directly, but that's beyond the scope of this article. It's important that you not use your ISP's default DNS server.

Now, you'll be able to type domain names and get DNS results. Simply type a domain name, press Enter, and wait for the answer. Here's what you want to see:
Code:
> somecrazynonexistentdomainname.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

*** google-public-dns-a.google.com can't find somecrazynonexistentdomainname.com: Non-existent domain

If you get:
  • Non-existent domain: The domain could be available; proceed to WHOIS check
  • Request to _______ timed-out: The DNS request failed; check your Internet connection, try again, or try another DNS server
  • Anything else: The domain is already registered
Using whois

Windows doesn't come with a WHOIS client, sadly. However, Microsoft does provide one that can be downloaded from their Sysinternals website. Here's the link as of writing; if it doesn't work, go to sysinternals.com and navigate to Networking Utilities -> Whois.

The ZIP file from Microsoft Sysinternals will contain a file named whois.exe. Unless you're familiar with configuring the command prompt, you'll probably want to put that in your system directory so that the command prompt automatically knows where to find it. Copy whois.exe to C:\Windows\System32\. If you're unsure how to get to that folder:
  1. Open My Computer, This PC, or the equivalent for your version of Windows.
  2. Several devices and folders will be listed. Open the one named C:. It will likely be called something along the lines of Windows (C:) or Local Disk (C:).
  3. Open the Windows folder.
  4. Open the System32 folder. Note the digits on the end: make sure it's System32 and not just System.
To use whois.exe, you'll need to open another command prompt, as described above. To make a query, type whois, a space, the domain name, and then press Enter. For example:
Code:
C:\Users\Paul>whois somecrazynonexistentdomain.com

Whois v1.11 - Domain information lookup utility
Sysinternals - www.sysinternals.com
Copyright (C) 2005-2012 Mark Russinovich

Connecting to COM.whois-servers.net...
No whois information found.

Not all registries provide proper WHOIS services, unfortunately. Most gTLDs and popular ccTLDs will work. If a domain lacks WHOIS information, it's probably available. Many registries will provide basic WHOIS information for reserved domain names, but not for unregistered premiums, so keep in mind that the domain could still be a premium. If this is the case, it's the registry charging the premium fee, not the registrar. New gTLDs often lack WHOIS information for reserved names as well.

Mac

Mac ships with two awesome Unix utilities that we can use: dig and whois.

Opening a terminal

To use dig and whois, you'll need to open a terminal. You can open Terminal.app just like any other application. On recent versions of Mac, the easiest way is to use Spotlight:
  1. Hold the Command key and press the spacebar
  2. The Spotlight textbox will appear. Type Terminal and press Return.
You should now have a white window with black text. On my computer, the text reads something like this:
Code:
Last login: Wed Jun  3 10:07:10 on ttys001
paul@Pauls-Mac:~$

I've customized mine, so yours will be a little different. Normally, the last line will end with a dollar sign, followed by a block-like cursor.

In the terminal, you can type commands. Each command is a single line; to execute the command, press Return.

Using dig

The following command will run a DNS query with dig:
Code:
dig @8.8.8.8 somecrazynonexistentdomainname.com

Note: This will use Google's DNS servers. I chose Google because their DNS servers are fast and reliable, and I've never had an issue with my tested domain names being coincidentally registered the next day. If you don't trust Google, in place of 8.8.8.8, you can use 4.2.2.1 for Microsoft or 208.67.222.222 for OpenDNS. If you're particularly paranoid, you can also query a registry's nameservers directly, but that's beyond the scope of this article. It's important that you not use your ISP's default DNS server.

Replace the domain name in the command with your own. You'll get something that looks like this:
Code:
; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 somecrazydomainname.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20967
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;somecrazydomainname.com.	IN	A

;; AUTHORITY SECTION:
com.			899	IN	SOA	a.gtld-servers.net. nstld.verisign-grs.com. 1433341980 1800 900 604800 86400

;; Query time: 140 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Jun  3 10:33:15 2015
;; MSG SIZE  rcvd: 114

The line we're interested in begins with ->>HEADER<<-. In particular, we want to know the status of the domain name. In this example, the status is NXDOMAIN, which is short for "non-existent domain". If the status is NOERROR, the domain is probably registered.

Using whois

Once we've verified that there's no DNS information with dig, we'll also want to check WHOIS. To do this, you'll need to run a new command in the terminal:
Code:
whois somecrazydomainname.com

Replace the domain name with your own. If the domain is unregistered, you'll get something like this:
Code:
Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

No match for "SOMECRAZYDOMAINNAME.COM".
>>> Last update of whois database: Wed, 03 Jun 2015 14:41:33 GMT <<<

There will also probably be a long legal statement to deter abuse.

Not all registries provide proper WHOIS services, unfortunately. Most gTLDs and popular ccTLDs will work. If a domain lacks WHOIS information, it's probably available. Many registries will provide basic WHOIS information for reserved domain names, but not for unregistered premiums, so keep in mind that the domain could still be a premium. If this is the case, it's the registry charging the premium fee, not the registrar. New gTLDs often lack WHOIS information for reserved names as well.
 
58
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Wonderful, That's very nice. Great information. Thank you for sharing your knowledge for saving people's time here. :)
 
0
•••
Great Info and Detailed article.

Looking more tutorials like this to upgrade our levels from domainers to tech people.

Thank you so much.
 
0
•••
0
•••
Awesome!!
I am read with my batch file now :)
Thank paul
 
0
•••
Awesome post. Thank you so much Paul!
 
0
•••
I have an idea for something if anyone has the coding skills...
 
0
•••
0
•••
With dig you can also often get the contact information if the domain is registered, letting you contact the owner to possibly make an offer.

dig SOA example.org. +short

returns

sns.dns.icann.org. noc.dns.icann.org. 2015060214 7200 3600 1209600 3600

The second string in the result - noc.dns.icann.org. - is the contact address. Removing the trailing dot and change the first dot to an @ to get noc[AT]dns.icann.org as the e-mail address.

Often they are fake, but sometimes they are real. That's who I e-mail first when I have a question about a domain because I have found it more likely to get to someone who can answer than the whois contact info (which often points to whoisguard or somesuch)
 
1
•••
Great advice if you want to avoid looking up domains at a registrar.

However keep in mind that the whois isn't necessarily authoritative either, especially when it comes to new gTLDs...
 
1
•••
Yes, it is depressing how many don't even run it. I run spam filters, and when a host gets hacked to use as a spam relay I end up blocking the IP or even the entire /24 subnet so that known bad IP addresses don't end up constantly being DNS querried on the blacklist.

It is nice when the TLD supports whois because whois and/or the SOA record are resources I use to try to contact the admin who often not even know they were hacked and are being used as a relay. I can't do a courtesy contact when there is no easy way to get the admin contact. I don't like the new trend of ngTLDs not supporting whois at all.
 
0
•••
Great tip, thank you!.

Was looking for something like that.
 
0
•••
Excellent advice. But do you have also instructions for Linux?
 
0
•••
Excellent advice. But do you have also instructions for Linux?

dig and whois ship with just about every linux distribution.

dig is part of the bind-utils package in Fedora / Redhat world - not sure in the debian / ubuntu world where they package it.

whois is packaged by itself in the whois package.
 
2
•••
0
•••
You can always query the server directly. With minimal programming knowledge you can easily query the whois server for the specific TLD you are interested in and check whether the response contains "No match for." I always write a quick Java program to check text files and such.
 
0
•••
Great tips! congrats to you!!!!!!!!!!
 
0
•••
Great Great Great and very informative. No more captcha filling. Quick info for any domain name.

Thank you for spending such time to write this excellent article.
 
0
•••
0
•••
0
•••
You can always query the server directly. With minimal programming knowledge you can easily query the whois server for the specific TLD you are interested in and check whether the response contains "No match for." I always write a quick Java program to check text files and such.

WHOIS servers tend to have restrictive rate limits, so it's better to run a DNS query first. (Also, different registries return different responses when a domain isn't found, but that's trivial.)
Great advice if you want to avoid looking up domains at a registrar.

However keep in mind that the whois isn't necessarily authoritative either, especially when it comes to new gTLDs...

WHOIS is authoritative when it's from the registry. The registry can forward you wherever it wants, much like with DNS; by that point, though, you already know the domain exists.

If you're concerned about receiving deceptive responses from registrars, or you don't want the registrar holding a domain to know that you're querying it, you can run whois -Q example.com on Mac (or -rR on Linux) instead of whois example.com. That'll query the registry and then stop, without going on to query the registrar. You'll see whether the domain exists, but you won't get any contact information. On Windows, you can run whois -v example.com. That won't prevent a query to the registrar, but the client will be sure to print every response. Look at the very first response to see whether the domain exists.

Generally, if a domain doesn't exist, there's no reason a registry should forward the query. If the domain does exist, the query will be forwarded; exactly how that works depends on the WHOIS server and client. Some servers will perform further requests themselves, but most just tell the client which server to forward the request to. RIPE-like WHOIS servers are the only ones I know of that query the upstream server on their own accord. The -Q flag on Mac will instruct the server not to do this (as well as the client), but there's no such option for the SysInternal Windows client. If you know how to use Telnet, you can open a Telnet connection to the registry's WHOIS server on port 43 and type `-r example.com`, then press Enter. RIPE-like servers take an -r flag before the query to mean that the request shouldn't be forwarded. The -Q flag on Mac and the -r flag on Linux both work by disabling recursion on the client, as well as prefixing each query with -r.
 
8
•••
WHOIS is authoritative when it's from the registry. The registry can forward you wherever it wants, much like with DNS; by that point, though, you already know the domain exists..

I should have been more specific. I meant to say that not finding a domain in the registry whois doesn't necessarily mean it's available - so it's not authoritative for availability as some registries will not tell you if it's on a reserve list, blocked by ICANN or simply too short etc. Registries are getting better at this though over time. In some registries whois updates are also not real time, they lag behind for several minutes to hours in some cases.

Whenever we implement work with a registrar/reseller we'll strongly advice to use whois to check availability for registration purposes, we recommend to look it up directly with the registry via EPP or whatever API the registry offers.
 
0
•••
If you're trying to avoid notifying a registrar that you're looking for a specific domain, unless you happen to be a registrar yourself, WHOIS is pretty much the best you can do--particularly if you're looking to automate the process. I did mention in the original post, however, that not all registries provide accurate information when it comes to reservations and such.
 
0
•••
Good technical know-how/how-to here, thanks a lot Paul.
 
0
•••
It's long been suspected that registrars may be registering domain names as customers search for them. Whether or not this is true, there's really no reason to be handing potential competitors your list of wanted domain names.

As a domainer, you're probably somewhat familiar with two useful services: DNS and WHOIS. What most people don't know is that WHOIS is actually a protocol that works very similarly to DNS. You can use a WHOIS client on your computer to query WHOIS servers without ever visiting a website that may be logging your requests. By combining DNS and WHOIS, it's a simple matter to test the validity of domains without tipping off the registrars.

I'm not super tech savvy but this is a great article with awesome step by step instructions! If I understand this process correctly it seems like it is not well suited for bulk checking availability for hundreds or thousands of domains at one time (where I am not concerned with finding WHOIS info and only want to know whether these domains are registered or not); would you agree or am I missing something here?
 
0
•••
Back