codynet

Guides · RDAP

RDAP vs WHOIS: What Replaced WHOIS And Why

WHOIS is a 40-year-old plaintext protocol. RDAP returns the same data as structured JSON over HTTPS. Here's what each one is and when to use which.

By Cody · 6 min read · Published

What WHOIS actually is

WHOIS is a protocol from 1982. It runs on TCP port 43, returns free-form text, and was never designed for either machine consumption or modern privacy regulation. The reply format differs between every registry — VeriSign formats .com one way, Nominet formats .uk a different way, and ARIN's IP responses look different again.

For decades that was tolerated because the data was useful and there was nothing better. Two pressures changed that: privacy regulation made the old free-text format problematic, and automation made the lack of structure painful.

What RDAP is

RDAP — the Registration Data Access Protocol — is the IETF's successor, standardized in RFCs 7480–7484 and refined since. The important properties:

  • HTTPS instead of cleartext TCP 43.
  • JSON output with stable, documented keys.
  • Standard HTTP status codes (200, 404, 429) for errors.
  • Bootstrap registry at IANA tells you which RDAP server to query for any TLD or IP range.
  • Authentication hooks so authorized parties (law enforcement, registrars) can request fuller data.

The same query that produces a paragraph of WHOIS text produces a clean JSON object with fields like handle, status, events, and entities.

GDPR and the great redaction

Before May 2018, WHOIS for most TLDs included the registrant's full name, address, phone number, and email. After GDPR, registries and registrars covering EU registrants — effectively all of them — stopped publishing personal data of natural persons.

Today the public RDAP / WHOIS view typically shows:

  • Registrar name and IANA ID.
  • Status codes (clientTransferProhibited, etc.).
  • Creation, last-updated, and expiration dates.
  • Nameservers.
  • An abuse contact email at the registrar.

Names and personal contact details for the registrant are usually redacted. To reach the registrant, route through the registrar's disclosure process.

When to use which

Practical rule of thumb:

  • Use RDAP for anything programmatic, anything user-facing, and any new TLD. The JSON output is parseable, the errors are sensible, and it is what newer registries actually publish.
  • Use WHOIS when you specifically need a legacy text response (some tools and forensic workflows still expect it) or when querying a registry that only operates port-43 service.

Codynet's domain RDAP lookup and IP RDAP lookup both go directly against the right RDAP server using IANA bootstrap data, so you never have to remember which TLD lives where.

Reading the JSON

A trimmed RDAP response for a domain looks like:

{
  "objectClassName": "domain",
  "ldhName": "example.com",
  "status": ["client transfer prohibited"],
  "events": [
    { "eventAction": "registration",  "eventDate": "1995-08-14T04:00:00Z" },
    { "eventAction": "expiration",    "eventDate": "2027-08-13T04:00:00Z" },
    { "eventAction": "last changed",  "eventDate": "2025-08-14T07:00:00Z" }
  ],
  "nameservers": [
    { "ldhName": "a.iana-servers.net" },
    { "ldhName": "b.iana-servers.net" }
  ],
  "entities": [
    { "roles": ["registrar"], "vcardArray": [...] }
  ]
}

Every key is stable across registries. Compare that to the equivalent WHOIS response, which would be roughly 40 lines of free-form text with field names that vary by registry.

Same data, two formats

Example input
example.com
Example result
WHOIS (port 43, partial):
  Domain Name: EXAMPLE.COM
  Registrar: IANA
  Updated Date: 2025-08-14T07:00:00Z
  Creation Date: 1995-08-14T04:00:00Z
  Registry Expiry Date: 2027-08-13T04:00:00Z
  Name Server: A.IANA-SERVERS.NET
  Name Server: B.IANA-SERVERS.NET
  Status: clientTransferProhibited

RDAP (HTTPS, structured): identical data, JSON keys, machine-parseable.

Both views show the same public, post-GDPR data. RDAP gives you stable field names; WHOIS gives you free text whose format depends on the registry.

Related tools

Domain Whois / RDAP

Fetch structured domain registration data over HTTPS RDAP.

Open tool

IP Address RDAP Lookup

Find IP allocation, ASN, and registration data with RDAP.

Open tool

FAQ

Is WHOIS being shut off?

ICANN's policy direction is that RDAP is the official replacement, and many registries have already dropped the legacy WHOIS port-43 service for new TLDs. Existing gTLDs are required to operate RDAP and most still operate WHOIS in parallel, but expect WHOIS to keep narrowing.

Why is registrant data redacted in modern WHOIS / RDAP output?

GDPR took effect in 2018 and registries / registrars stopped publishing personal data of natural persons. Most lookups now return only the registrar, status fields, important dates, and abuse contact. To reach the registrant you usually have to go through the registrar's contact-disclosure process.

Can I run WHOIS queries from a script?

You can, but RDAP is dramatically easier. RDAP is JSON over HTTPS, has a published bootstrap registry that maps TLDs and IP ranges to the right server, and uses standard HTTP status codes for errors. WHOIS port-43 responses are free-form text that vary between every registry.

Do RDAP and WHOIS show the same information?

For the public, redacted post-GDPR view, the data set is essentially the same: registrar, status codes, important dates, nameservers, and abuse contact. RDAP exposes that data with stable JSON keys and standard date formats; WHOIS does the same with free text. Authenticated RDAP queries can return more, but the average user sees the same content.

Is RDAP just for domains?

No. RDAP also serves IP address allocations, ASNs, and reverse delegations from the RIRs (ARIN, RIPE, APNIC, LACNIC, AFRINIC). The same protocol surface is the right way to look up who an IP block is allocated to.

Last reviewed: 2026-05-14.