How to check domains in bulk with whois

A bulk WHOIS pass helps audit a short domain list before a renewal, transfer, DNS migration, or registrar handoff without losing which lookup produced which evidence. Saving each response separately keeps thin records, rate-limit messages, and full registry output available for review after the network queries finish.

A small shell loop can read one bare domain per line, query each name, pause between requests, and write raw output files named after the input domains. A separate summary step can extract registrar, expiry, status, and nameserver lines for quick review while leaving the raw files available for fields that use different labels.

Public registration data can include contact clues, account relationships, role mailboxes, and timestamps that should not be pasted into public reports without review. Keep the raw directory private, slow the batch when a registry starts returning quota text, and treat missing summary fields as records that need manual inspection rather than successful negatives.

1. Put one bare domain per line in domains.txt.

   example.org
   iana.org
   icann.org

   Replace the sample names with domains that are in scope for the audit. Do not include URLs, paths, or comments in the list unless the loop is adjusted to ignore them.

2. Create a directory for the raw WHOIS records.

   $ mkdir -p whois-audit/raw

3. Query each domain slowly and save the output separately.

   $ while IFS= read -r domain; do
   >   [ -n "$domain" ] || continue
   >   whois "$domain" > "whois-audit/raw/$domain.whois"
   >   sleep 3
   > done < domains.txt

   Do not remove the delay to force more queries through a registry. Rate limits can block the source address or return incomplete records that look like lookup failures.

   Related: How to handle whois rate limits

4. Confirm that the batch created one raw file per input domain.

   $ ls whois-audit/raw
   example.org.whois
   iana.org.whois
   icann.org.whois

5. Build a review summary from common registration fields.

   $ grep -Ei '^(Domain Name|Registrar|Registry Expiry Date|Expiration Date|Domain Status|Name Server):' whois-audit/raw/*.whois > whois-audit/summary.txt

   The summary is a review aid, not the complete record. Keep the raw files for referrals, registry-specific labels, disclaimers, and fields that the pattern does not capture.

6. Review the summary before using it for renewal, transfer, or delegation work.

   $ cat whois-audit/summary.txt
   whois-audit/raw/example.org.whois:Domain Name: example.org
   whois-audit/raw/example.org.whois:Registry Expiry Date: 2026-08-30T04:00:00Z
   whois-audit/raw/example.org.whois:Registrar: ICANN
   whois-audit/raw/example.org.whois:Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
   whois-audit/raw/example.org.whois:Name Server: katelyn.ns.cloudflare.com
   whois-audit/raw/iana.org.whois:Domain Name: iana.org
   whois-audit/raw/iana.org.whois:Registry Expiry Date: 2027-12-08T17:00:53Z
   whois-audit/raw/iana.org.whois:Registrar: CSC Corporate Domains, Inc.
   ##### snipped #####

7. Find raw files that did not include the expected review fields.

   $ grep -L -Ei 'Registrar|Expiry|Expiration|Name Server|Domain Status' whois-audit/raw/*.whois

   No output means each raw file matched at least one review field. Any filename printed here needs manual inspection because it may be a thin record, a registry-specific format, a referral-only answer, or a rate-limit response.

8. Check a missing or ambiguous record with a single-domain query before acting on it.

   $ whois example.org

   Related: How to query a domain with whois
   Related: How to query RDAP for a domain
   Related: How to follow a WHOIS referral server

9. Sanitize the raw files or summary before sharing them outside the team.

   Related: How to sanitize whois contact data