Domain Lock Monitor
Registrars expose a set of EPP status codes on every domain — short labels like clientTransferProhibited or serverHold that describe what's locked, what's in flight, and what's about to be deleted. This check parses those states from the most recent WHOIS record and flags anything that warrants attention.
What we check
We read the states array on the zone's most recent successful WHOIS record. State values come back differently depending on which provider answered the WHOIS query — clienttransferprohibited from one source, client transfer prohibited from another — so each value is normalized to lowercase alphanumerics before comparison.
The check then groups what it sees into three buckets: critical lifecycle states that mean the domain is suspended or being deleted, transfer-lock states that protect against unauthorized transfer, and the in-flight pendingTransfer state.
Why it matters
A domain without clientTransferProhibited can be transferred away with just an auth code — a real attack vector for high-value domains. A domain in serverHold isn't resolving at all. A domain in redemptionPeriod has expired and is on a clock to deletion. These states aren't all visible in normal monitoring, but they all matter.
Status outcomes
At least one transfer-lock state (clientTransferProhibited or serverTransferProhibited) is set, with no critical lifecycle states or pending transfer.
No transfer lock is set (any CA-customer or third party with an auth code could initiate a transfer), or pendingTransfer is in progress.
A critical state is present: clientHold or serverHold (the domain is suspended), pendingDelete (queued for deletion), or redemptionPeriod (expired and on the path to deletion).
No WHOIS data yet or the record contained no states.
How to fix
For missing transfer locks, set clientTransferProhibited at the registrar (sometimes called "registrar lock" or "domain lock" in the UI). For high-value domains, registry-level locks (serverTransferProhibited) provide stronger protection but typically require contacting the registrar.
Critical states almost always trace back to the registrar: a hold may indicate a billing problem or compliance flag; redemption means the domain has already expired and renewal needs to happen immediately. Pending transfer is fine if you initiated it — investigate immediately if you didn't.