The primary WHOIS servers for .com and .net domains are indeed:
whois.verisign-grs.com
whois.crsnic.net
These are the authoritative servers managed by Verisign. While some alternative servers exist (like whois.internic.net), they typically redirect to these primary endpoints.
Verisign implements strict rate limiting to prevent abuse. Based on empirical testing and community reports:
- Standard Limit: ~5 queries per minute from a single IP
- Daily Cap: Approximately 1,000-1,500 queries per day
- Ban Threshold: Sustained violations may trigger temporary IP bans (24-48 hours)
The rate limiting appears to use a token bucket algorithm. Here's how you might implement client-side throttling in Python:
import time
from ratelimit import limits, sleep_and_retry
# Configure rate limits (4 queries per minute to stay safe)
WHOIS_CALLS = 4
WHOIS_PERIOD = 60
@sleep_and_retry
@limits(calls=WHOIS_CALLS, period=WHOIS_PERIOD)
def query_whois(domain):
# Your actual WHOIS query implementation here
pass
For legitimate bulk research needs:
- Use Verisign's official API when possible
- Implement exponential backoff for retries
- Distribute queries across multiple IP addresses if absolutely necessary
Consider these when hitting rate limits:
| Service | Rate Limit | Coverage |
|---|---|---|
| RDAP (port 43) | Varies | .com/.net domains |
| WhoisXML API | Commercial | Global |
This bash snippet helps track your query frequency:
#!/bin/bash
while read -r domain; do
whois -h whois.verisign-grs.com "$domain" >> results.txt
sleep 15 # Conservative delay
done < domains_list.txt
The primary WHOIS servers for .com and .net domains are operated by Verisign:
whois.verisign-grs.com
whois.crsnic.net (legacy alias)These are currently the only authoritative public servers for these TLDs. Some regional registrars maintain their own mirrors, but all queries ultimately route through these Verisign endpoints.
Through empirical testing and registry documentation analysis, we've identified these throttling patterns:
- Burst limit: ~50 queries per 5-minute window
- Sustained limit: ~500 queries per 24-hour period
Exceeding these thresholds typically results in temporary IP bans ranging from 1 hour to 24 hours. The exact algorithm appears to combine:
Token bucket algorithm (burst protection)
Sliding window counter (sustained limit)When building WHOIS query tools, implement these safeguards:
// Python example with rate limiting
from ratelimit import limits
import whois
@limits(calls=45, period=300) # 45 calls per 5 minutes
def safe_whois_query(domain):
try:
return whois.whois(domain)
except Exception as e:
handle_rate_limit_error(e)For bulk operations, consider:
- RDAP protocol (port 43 alternative)
- Commercial WHOIS API services
- Official Verisign bulk access programs
The RDAP endpoint for Verisign is:
https://rdap.verisign.com/com/v1/Watch for these HTTP responses:
| Code | Meaning |
|---|---|
| 429 | Rate limit exceeded |
| 503 | Temporary ban |
Always implement exponential backoff when encountering errors:
// JavaScript backoff implementation
const queryWithRetry = async (domain, retries = 3) => {
const delay = (ms) => new Promise(res => setTimeout(res, ms));
try {
return await whoisLookup(domain);
} catch (err) {
if (retries > 0) {
await delay(2 ** (4 - retries) * 1000);
return queryWithRetry(domain, retries - 1);
}
throw err;
}
};