While checking a site nonavailability issue, I came across multiple expiration dates for the domain, when checked through WHOIS. The top portion of the result showed an expiration date which is one year ahead of the expiration date shown in the lower part of the same result. This amused me a lot and inspired me to make some study regarding the perplexing scenario. I hope an explanation for whois lookup and the case study will provide better insight to whois lookups.
Domain Registration- Understand the terminologies
As described in various blogs here itself, there are different steps involved in the process of registering a domain. The authority which performs the registration of the domain on behalf of the client is called Registrar of the domain. The domain name after the registration will be stored in the Domain Registry. They actually store the information about all the necessary information for the domains registered in a TLD or in a second Level domain extension.
WHOIS
This is a TCP-based query/response protocol which is widely used for querying a registry/registrar database to retrieve the details of a registered domain like registrar,owner,NS,status etc. The data related to each domain is stored in different whois servers, when we perform the whois lookup, it contacts the corresponding whois server and gets the details.
$ whois supportsages.com
Domain Name: SUPPORTSAGES.COM
Registrar: GODADDY.COM, LLC
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Name Server: NS1.SUPPORTSAGES.COM
Name Server: NS2.SUPPORTSAGES.COM
Status: clientUpdateProhibited
Updated Date: 29-dec-2011
Creation Date: 21-jan-2009
Expiration Date: 21-jan-2017
As you can see from the output, the whois server being used for the query is whois.godaddy.com. The whois information is stored and looked up in two ways namely thick and thin.
Thick Lookup Model
In the thick model, one WHOIS server stores the WHOIS information from all the registrars for the particular set of data or for all domains of the same TLD. For eg. All whois records for the .INFO TLD will be stored in one WHOIS server irrespective of the domain registrar. You can get the details of registries corresponding to each TLD here
I shall try to explain it a bit, let us check the whois record for a couple of domains with different TLDs
@sage2:~$ whois example.org
Access to .ORG WHOIS information is provided to assist persons in
determining the contents of a domain name registration record in the
Public Interest Registry registry database.
Let us check another one
sage2:~$ whois example.info
Access to INFO WHOIS information is provided to assist persons in
determining the contents of a domain name registration record in the
Afilias registry database.
If you check the URL for the registry, you can see that the registries for the tlds .org nad .info are Public Interest Registry and Afilias Limited respectively.
The thick model usually ensures consistent data and slightly faster queries, since only one WHOIS server needs to be contacted. If a registrar goes out of business, a thick registry contains all important information and registration information can be retained.
Thin Lookup Model
A thin registry will only hold a reference to the registrar’s whois server which contains the information for the domain which is registered through them. The largest generic TLDs, .com & net, are thin registries. Here the domain registrar simply holds the registrar name and the Name Servers for the domain. Once the query for the whois record is received, it fetches the records from the WHOIS server of the domain registrar. The registrars are responsible for keeping the entire whois record.
~$ whois supportsages.com
Whois Server Version 2.0
Domain Name: SUPPORTSAGES.COM
Registrar: GODADDY.COM, LLC
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
As you can see, the whois server is of GoDaddy, the registrar for the domain.
In a thick model (org, biz, info, etc.), the software or the lookup will display only the registry expiry dates as it is the only whois server involved in the process.
For registries that use the thin model, the software will display expiry dates corresponding to the two whois servers. These are labeled registry expiry and registrar expiry.
Since the thin look up model gets details from two set of values, there can be conflicting values for the same parameter as in the case I mentioned in the beginning of the post.
Case Study
To keep the identity of the domain, I am masking the domain name with ours . So you will fail to get the same results for the same test, which are shown as examples.
$whois supportsagescom
Domain Name: supportsages.com
Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Whois Server: whois.PublicDomainRegistry.com
Referral URL: http://www.PublicDomainRegistry.com
Status: clientTransferProhibited
Updated Date: 02-oct-2012
Creation Date: 09-oct-2011
Expiration Date: 09-oct-2013
>>> Last update of whois database: Thu, 29 Nov 2012 07:17:43 UTC <<<
The lower part of the result conatians the following entries as well
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: supportsages.com
Creation Date: 10-Oct-2011
Expiration Date: 12-Oct-2013
When I checked the issue on 12th Oct 2012, the first part indicated that the domain is not expired and it is valid till 09-oct-2013. While the second part confirmed that the domain got expired on 9-Oct-2012. I cross checked it with our billing system and confirmed that the domain expired on 9th Oct and hence renewed it. This resolved the site issue, but the difference in the expiration date persists. An explanation for the paradox was essential and hence I made a detailed study and found that the first value ” 09-oct-2013″ is returned from the registry. While the second on “21-Oct-2013” is retrieved from the registrar whois record.
As mentioned in earlier parts of the article, the lookup performed for the domain is a thin lookup as it is a .com TLD domain. Hence it is probable to have multiple values for the expiration date. But in our case, we haven’t renewed the domain and hence a renewed status in the registry made too much confusion. A Proper understanding of domain expiration process removed the confusion.
Explanation
The moment any domain name reaches its expiration date, the central registry automatically bills the domain name registrar (such as GoDaddy) the annual fee, then adds a year to the expiration date. Then onwards any whois lookup performed on the registry will display the updated records.
The domain renewal is performed without seeking any confirmation from the registrar. If the registrar is not interested to renew the domain, then he can request the registry to delete the domain name within 45 days. This period is known as Grace period. The domain name owner can renew his domain with registrar during this period. If the domain name is deleted, the registrar receives a refund for the fee and the domain name will be purged from central registry’s WHOIS system, after following the domain expiration procedures.
So there is a high possibility for the existence of a registry record with a new “renewed date” during the grace period. It is up to the registrar of the domain to decide, whenever the domain is to be renewed or not, even if it is renewed by the registry. If his client is not ready to pay for the renewal, then the registrar can ask for a deletion of the record at any time and hence the records returned from the registry are considered to be meaning less, especially during the grace period.
The thin lookup guideline insists that for “.com” and “.net” names, domain name companies are required to run their own, separate WHOIS servers and those servers are the authoritative servers for the whois lookup. Hence in the above example, the actual expiration date is 12-Oct-2013. In other means, the domain was supposed to be renewed on 09-oct-2012 but the client let it expire and renewed it for one year during the grace period on 12 Oct 2012.
