[ Technical ]

WHOIS vs RDAP: What Changed and Why It Matters

RDAP replaced WHOIS as the standard domain lookup protocol. The data is the same. The format, reliability, and machine-readability are not.

· · 6 min read

WHOIS vs RDAP: What Changed and Why It Matters

WHOIS has been the protocol for querying domain registration data since the 1970s. RDAP (Registration Data Access Protocol) replaced it as the ICANN-mandated standard in 2019. If you've used WHOIS tools recently, you've likely been getting RDAP data without knowing it.

What WHOIS Was

WHOIS is a plain-text TCP protocol (port 43). A query looks like:

$ whois example.com

The response is unstructured text — different registrars return different field names, different line formats, different encodings. Parsing WHOIS data reliably required maintaining per-registrar regex patterns. This was a real problem for any tool that needed to aggregate or compare registration data across many registrars.

Additional problems:

  • No standardised field names
  • No authentication or rate limiting at the protocol level
  • Inconsistent handling of internationalised domain names (IDNs)
  • Abuse easy to execute at scale (scraping WHOIS for contact harvesting)

What RDAP Is

RDAP is a REST API over HTTPS. A query looks like:

GET https://rdap.verisign.com/com/v1/domain/example.com

The response is structured JSON:

{
  "objectClassName": "domain",
  "ldhName": "EXAMPLE.COM",
  "status": ["client delete prohibited", "client transfer prohibited"],
  "events": [
    { "eventAction": "registration", "eventDate": "1995-08-14T04:00:00Z" },
    { "eventAction": "expiration",   "eventDate": "2026-08-13T04:00:00Z" }
  ],
  "entities": [...],
  "nameservers": [...]
}

Key improvements over WHOIS:

Property WHOIS RDAP
Format Unstructured text Structured JSON
Standardised fields No Yes (RFC 7483)
HTTPS No Yes
Bootstrap discovery Manual IANA bootstrap registry
Internationalised names Inconsistent Full support
Rate limiting Varies Standard HTTP 429

The IANA Bootstrap Registry

One of RDAP's practical improvements is bootstrap discovery. Instead of knowing which WHOIS server to query for each TLD, clients query the IANA bootstrap registry at https://data.iana.org/rdap/dns.json to find the correct RDAP endpoint for any TLD.

This is how BatchDomain handles the full range of TLDs — the bootstrap file maps every RDAP-supported TLD to its authoritative endpoint. TLDs not in the bootstrap file either don't have an RDAP server yet or are handled by a catch-all registrar endpoint.

GDPR and What's Actually in the Response

Both WHOIS and RDAP have been affected by GDPR. Since 2018, registrar-side personal data (registrant name, email, phone, address) is redacted from public responses for most gTLDs. This applies to RDAP responses the same way it applied to WHOIS.

What is not redacted:

  • Registrar name and IANA ID
  • Registration, last-changed, and expiry dates
  • EPP status codes
  • Nameservers
  • Registry-side technical contact (if applicable)

For most availability research, acquisition screening, and portfolio monitoring use cases, this is enough.

When You Still See WHOIS

Some tools labelled "WHOIS lookup" are now fetching RDAP under the hood and formatting it to look like WHOIS output. Others are querying actual legacy WHOIS servers for TLDs without RDAP coverage.

ccTLDs vary: some have full RDAP, some have WHOIS only, some have neither (requiring a web-based registry lookup). For bulk checking, any domain where no RDAP server is found in the bootstrap registry will return a "no RDAP server" result — that is not an error, it is a coverage gap for that TLD.