RDAP vs WHOIS: Understanding the Domain Lookup Transition

The internet's domain name system has relied on WHOIS for over four decades. First defined in RFC 812 in 1982, WHOIS was designed in an era when the entire internet had fewer than 500 hosts. Today, with over 350 million registered domain names according to Verisign's Q4 2023 Domain Name Industry Brief, WHOIS is showing its age. RDAP, the Registration Data Access Protocol, was developed as its modern replacement. ICANN has been pushing the transition from WHOIS to RDAP since 2015, and in 2024 announced that gTLD WHOIS services could begin sunsetting as RDAP achieves full coverage. This article explains both protocols, their key differences, and what the transition means for anyone who monitors or manages domain names.

What Is WHOIS?

WHOIS is a TCP-based protocol that runs on port 43 and returns domain registration data as unstructured plain text. When you query a WHOIS server, it sends back a human-readable text block containing information about the domain's registrant, registrar, nameservers, status codes, and important dates like creation, update, and expiration. The protocol is dead simple by design. You open a TCP connection, send the domain name, and receive a text response. There is no authentication, no encryption, and no standardized output format. Each registry and registrar formats their WHOIS output differently.

This simplicity was a strength in the early internet but has become a serious limitation. Because WHOIS output is plain text with no formal schema, every parser must handle dozens of different formats. A .com WHOIS response looks different from a .org response, which looks different from a .de response. Date formats vary between registrars. Field names are inconsistent. Some registrars include extra fields, others omit standard ones. Building reliable automated tools that parse WHOIS data across thousands of TLDs requires constant maintenance as registrars change their output formatting without notice. This fragmentation was one of the primary motivations for developing a replacement protocol.

What Is RDAP?

RDAP, the Registration Data Access Protocol, is defined in a series of RFCs published by the IETF in 2015 (RFC 7480 through RFC 7484). Unlike WHOIS, RDAP is an HTTP-based protocol that returns data in structured JSON format. This means every RDAP response follows a defined schema, making it straightforward to parse programmatically regardless of which registry or registrar serves the data. RDAP also runs over HTTPS, providing encryption for queries and responses, something WHOIS has never offered. The protocol supports internationalized domain names and multilingual contact data natively.

RDAP introduces several capabilities that WHOIS lacks entirely. Differentiated access control allows RDAP servers to return different levels of detail depending on who is making the query. A law enforcement request might receive full registrant details, while a public query receives only non-personal data. This built-in access control aligns with GDPR and other privacy regulations far more naturally than WHOIS, which was an all-or-nothing system that registrars had to modify post-GDPR by simply redacting fields. RDAP also uses standard HTTP redirects for referrals between servers, replacing the ad-hoc text-based referral hints that WHOIS used. The IANA maintains a bootstrap registry (published as JSON at data.iana.org) that maps each TLD to its authoritative RDAP server.

Key Differences Between RDAP and WHOIS

The differences between RDAP and WHOIS span every aspect of how domain registration data is queried, transmitted, and consumed. WHOIS was designed for a small internet where security and machine-readability were not priorities. RDAP was designed for today's internet where privacy, automation, and international support are essential. Here is a detailed comparison of the two protocols across the most important dimensions for domain monitoring and management.

• Data format: WHOIS returns unstructured plain text that varies between providers. RDAP returns standardized JSON with a consistent schema across all providers.
• Transport security: WHOIS sends data as cleartext over TCP port 43. RDAP uses HTTPS (TLS encryption) for all queries and responses.
• Authentication: WHOIS has no authentication mechanism. RDAP supports OAuth and other HTTP-based authentication for tiered access.
• Query structure: WHOIS uses a simple text string as input. RDAP uses RESTful HTTP URLs with defined path segments for domains, IPs, and entities.
• Internationalization: WHOIS has no support for non-ASCII characters. RDAP natively supports internationalized domain names and Unicode contact data.
• Referral handling: WHOIS uses text-based referral hints that clients must parse. RDAP uses standard HTTP 301/302 redirects.
• Error handling: WHOIS has no standardized error responses. RDAP uses HTTP status codes (404, 400, 429, etc.) with JSON error bodies.
• Bootstrapping: WHOIS relies on hard-coded server lists. RDAP uses the IANA bootstrap registry to discover authoritative servers dynamically.

The ICANN Transition Timeline

ICANN has been driving the WHOIS-to-RDAP transition for over a decade. In 2015, ICANN required all gTLD registries and registrars to implement RDAP alongside their existing WHOIS services. By 2019, RDAP was mandatory for all gTLD operators. In January 2024, ICANN's Generic Names Supporting Organization (GNSO) began discussing the formal deprecation of gTLD WHOIS services, with a proposed timeline that could see WHOIS servers turned off for gTLDs as early as 2027. However, the transition is not uniform. Many country-code TLD registries operate independently of ICANN and have adopted RDAP at their own pace, or not at all. As of 2025, approximately 1,200 TLDs have RDAP servers listed in the IANA bootstrap registry, while many ccTLDs like .de, .jp, .ru, and .it still rely exclusively on WHOIS. This mixed landscape means that any practical domain lookup system must support both protocols for the foreseeable future.

What This Means for Domain Monitoring

For anyone who monitors domain names, whether for renewal tracking, brand protection, or acquisition, the RDAP transition has practical implications. Tools that rely solely on WHOIS will eventually stop working for gTLDs as registries phase out the old protocol. But tools that rely solely on RDAP will miss data from the many ccTLDs that have not adopted it yet. The correct approach is a dual-protocol strategy: use RDAP as the primary lookup method where available, and fall back to WHOIS for TLDs that do not yet support RDAP.

DomainExpiryCheck.com implements exactly this dual-protocol approach. The system checks WHOIS first and automatically falls back to RDAP when WHOIS data is unavailable or insufficient. It maintains an up-to-date map of which TLDs support RDAP by syncing with the IANA bootstrap registry daily. For RDAP-only TLDs, meaning those where WHOIS returns no usable data, the system skips WHOIS entirely and queries RDAP directly. This ensures accurate expiry data regardless of whether a given TLD has completed the transition or still relies on the legacy protocol. As the transition progresses and more TLDs adopt RDAP, monitoring tools will gradually shift to RDAP-primary operation, but WHOIS compatibility will remain important for at least several more years.