Domain Intelligence

WHOIS vs RDAP: What Changed and Why It Matters

February 2, 20266 min readWHOIS · RDAP · Domain Intelligence

Introduction

The WHOIS protocol was not designed for the modern internet. Created in the early 1980s for ARPANET administrators to exchange contact information, it has run on TCP port 43 as a plaintext service for four decades. For most of that time, it worked well enough. But GDPR enforcement, the explosion of new TLDs, and the demand for machine-readable structured data exposed its fundamental limitations. In 2015, the IETF published RFC 7480, standardizing RDAP as the modern replacement. In 2025, ICANN mandated RDAP support for all accredited registrars. Understanding the difference between the two is practical knowledge for any developer who queries domain data.

What is WHOIS?

The WHOIS protocol is defined in RFC 3912 (2004), though the underlying service predates that document by two decades. A WHOIS query is a simple TCP connection to port 43 of a registrar's WHOIS server, followed by the domain name as a plaintext string. The server responds with a block of free-form text — format, field names, and content vary entirely by registry and registrar.

The practical limitations for developers are significant:

  • No standard schema. The registrant name field can appear as Registrant Name, registrant, reg-name, or dozens of other variants depending on the registry.
  • No authentication. There is no way to prove the caller's identity or enforce differential access policies.
  • No structured error codes. A non-existent domain, a rate-limited response, and a server error can all return the same empty or error-text block.
  • Opaque rate limiting. Servers may silently drop queries without any notification or Retry-After header.
  • Ad hoc GDPR redaction. Each registry handles contact field redaction differently — no consistent signal for "this field is intentionally hidden."

What is RDAP?

RDAP (Registration Data Access Protocol) is standardized across a family of RFCs. The core specifications are RFC 7480 (HTTP transport), RFC 7481 (security), and RFC 9083 (JSON response format), which supersedes the earlier RFC 7483. RDAP is built on HTTPS and returns structured JSON with a consistent schema across all compliant registries.

Key improvements over WHOIS:

  • JSON natively. No text parsing. Every field is a named JSON property with a predictable type.
  • HTTP status codes. 404 means not found. 429 means rate limited. 401 means authentication required. The semantics are standard.
  • Authentication support. Registries can require OAuth credentials for privileged access to unredacted contact data.
  • Internationalization. Full Unicode support and native IDN handling — no encoding ambiguity.
  • Standardized privacy redaction. RDAP defines a consistent model for indicating that a field has been redacted for privacy, aligned with ICANN policy.
Relevant RFCs: RFC 7480, RFC 7481, RFC 9082 (query format), RFC 9083 (JSON responses). The IANA maintains the RDAP bootstrap file mapping TLDs to their RDAP service endpoints.

WHOIS vs RDAP: Side-by-Side Comparison

FeatureWHOISRDAP
ProtocolTCP port 43HTTPS / REST
Response formatFreeform textStructured JSON
StandardRFC 3912 (minimal)RFC 7480–7483, 9082–9083
AuthenticationNoneOptional (OAuth)
Error handlingNone standardHTTP status codes
InternationalizationLimitedFull Unicode / IDN
GDPR redactionAd hoc per registryStandardized
TLD coverage (2026)~1,500+~1,200+ (growing)

Why RDAP Is Not a Full Replacement (Yet)

ICANN mandated RDAP support for all accredited registrars in 2025, but coverage is more uneven in practice. Country-code TLDs (ccTLDs) are not bound by ICANN's gTLD policies, and many ccTLD registries — which collectively manage a large volume of registered domains — have not deployed RDAP servers, with some having no timeline to do so.

The problem has two layers:

  • Missing endpoints. If a TLD does not appear in the IANA RDAP bootstrap file, there is no RDAP server to query. The only option is a WHOIS fallback.
  • Incomplete implementations. Some registrars have deployed a minimal RDAP endpoint to meet compliance requirements without ensuring data parity with their WHOIS service. An RDAP response can legally omit fields that the WHOIS response includes.
As of early 2026, roughly 85% of gTLD registrations are covered by reliable RDAP endpoints. For ccTLDs, coverage is significantly lower — estimated at under 40% across active ccTLD zones.

How WhoisJSON Handles Both Automatically

Rather than exposing the protocol complexity to developers, the WhoisJSON API abstracts it entirely. For each query, the logic is:

  1. Check whether a trusted RDAP endpoint exists for the requested TLD.
  2. If yes, query RDAP and normalize the structured JSON response.
  3. If no (or if the RDAP server returns an incomplete or error response), fall back to WHOIS and parse the plaintext output.
  4. In both cases, return the same normalized JSON schema.

The source field in the response tells you exactly which protocol was used: "rdap" or "whois". No configuration, no per-TLD conditionals in your code.

Example: a query for example.com returns "source": "rdap"; a query for a ccTLD without an RDAP server returns "source": "whois". The rest of the response object is identical in structure.

What This Means for Developers

  • Do not parse raw WHOIS text in production. Maintaining per-registry parsers is a significant ongoing burden — registries change their formats without notice, GDPR redaction patterns shift, and new TLDs introduce new server behaviours.
  • Use an API that normalizes both protocols. The fields that matter —registrar,created,expires,nameserver,contacts — are available regardless of whether the underlying query used RDAP or WHOIS.
  • Check thesource field if you need auditability. Compliance workflows and security pipelines may require knowing the data provenance.
  • Pre-computed fields depend on normalization. Objects likeage,expiration, andstatusAnalysis are only possible because the API normalizes data across both protocols into a consistent structure before computing derived values.

Conclusion

RDAP is a genuine improvement over WHOIS — structured, authenticated, and aligned with modern privacy requirements. But its rollout is incomplete, and a direct dependency on RDAP alone fails for a meaningful share of TLDs in 2026. The practical answer is an API layer that handles protocol negotiation automatically: RDAP where available, WHOIS as a fallback, and a consistent JSON schema regardless of which protocol answered the query.

If you are building domain intelligence into an application today, the right abstraction is a unified API — not a conditional branch in your codebase that checks TLD support tables and switches between TCP and HTTPS clients.

Free tier — no credit card

Query WHOIS and RDAP with One Call

WhoisJSON picks the best protocol per TLD automatically. Start with 1,000 free requests per month.

RDAP + WHOIS fallback1,500+ TLDs coveredConsistent JSON schema
Get Your Free API KeyDocumentation
Back to BlogWHOIS APIPricing