The modern internet space is increasingly focused on secure connections, privacy, and the protection of users’ personal data. Therefore, the community is actively rejecting technologies that do not meet these standards.
One such technology is WHOIS, a protocol that allows you to obtain information about the owner of a domain and IP address. It is quite simple and effective, but it violates user privacy by publicly disclosing their personal data. Because of this, it is increasingly being restricted or even completely blocked, especially after the General Data Protection Regulation (GDPR) came into force in 2018.
To adapt the domain registration system to the new requirements, ICANN (the organization that manages the global domain name system) initiated a gradual transition to a new protocol – RDAP. It protects privacy better than WHOIS and has a number of other advantages: transparency, stability, convenience for automated systems, better scalability, etc.
In this article, we will look at why the transition from WHOIS to RDAP is inevitable, how these protocols differ, and how this affects access to domain owner data.
What is WHOIS and why has it been the standard for many years
WHOIS is a special service that provides information about a website’s domain. It is most often used to find out if a website is genuine, who owns it, and how to contact the domain owner. It is also useful when checking the history of a domain, such as its legal status or reputation in search results. If the desired name is already taken, you can use the backorder service — a mechanism that allows you to reserve a domain and automatically purchase it as soon as it becomes available.
From the WHOIS record, you can find out:
- the name of the domain owner (often hidden);
- the date of registration and expiration of the domain;
- the name of the organization that owns the domain;
- the email address (sometimes hidden);
- the domain registrar;
- which DNS servers the website uses.
This service has been in use since the early days of the internet and was essentially the only technology that provided such functions. It quickly became the standard because it had a number of advantages:
- Simplicity and clarity. You can get information about a domain in just a couple of clicks. Just enter the website address into any WHOIS service or command line, and you will get an instant response.
- Centralized storage. WHOIS works with official registries, so all domain data can be obtained directly, without intermediaries. At the time, this was a real innovation.
- Versatility. Information from WHOIS is used by system administrators, cyber police, marketers, SEO specialists, developers, hosting companies, and others.
- ICANN support. The international organization ICANN officially used WHOIS as the standard for storing domain information. This meant that all registrars also had to support it.
Time passes, the internet space changes, and technologies that were popular in the past are gradually losing their relevance. Although WHOIS is still in use, it no longer performs its functions to the full extent. Much of the information (especially personal information) is hidden due to modern privacy policies and GDPR (General Data Protection Regulation) requirements.
All this led to the need for a new solution that would meet current standards and have a higher level of protection, flexibility, and scalability — which is what RDAP became.
What is RDAP and how does it differ from WHOIS
RDAP (Registration Data Access Protocol) is a new protocol for obtaining information about domain names. It was created as a more secure and private alternative to WHOIS that meets modern data protection standards.
It was developed by the international organization IETF back in 2015, but at that time RDAP was only a technical standard. In 2018, the General Data Protection Regulation (GDPR) came into force, and WHOIS, which was popular at the time, no longer met the new requirements, creating a need for a more secure alternative. In August 2019, ICAAN officially switched to RDAP and required all accredited registrars to do the same.
WHOIS disregarded privacy and openly displayed all information, from names to home addresses. RDAP, on the other hand, protects the personal data of domain owners in accordance with the requirements of the GDPR and other privacy regulations.
Let’s take a look at what data is now hidden with the RDAP protocol:
| Hidden or restricted data | Data that remains public |
| First and last name of the registrant (domain owner), marked as “REDACTED FOR PRIVACY” | Domain name |
| Mailing address: city, region, postal code, country (usually completely hidden) | Date of registration, renewal, and expiration of the domain |
| Phone number (mostly hidden) | Domain status (active, clientHold, etc.) |
| Email address (hidden or replaced with a feedback form, known as an email relay) | Registrar information (company name, website) |
| Technical or administrative contacts, if they contain personal data (often deleted or combined into a single secure contact point) | DNS servers (NS records) |
| RDAP server address or WHOIS proxy | |
| Less common: domain owner’s country (depends on the registrar’s policy) |
Since 2023, the active phase of transition to RDAP has been underway, which is set to become the primary protocol for all domain zones. In new TLDs, such as .app or .dev, WHOIS is no longer mandatory. For example, if you try to view the WHOIS record for the domain onlinecompass.app, you will not get any response. Instead, information about the domain can be found via RDAP, which has completely replaced WHOIS in this and similar zones.
However, some providers, domain verification services, and even registrars still use WHOIS. The reasons for this are as follows:
- systems and services have not yet been adapted to RDAP, and a complete transition requires a lot of time, resources, and effort;
- users are accustomed to the WHOIS interface and see no need to switch to something new;
- the service is still working, so many are postponing the transition until later.
Key differences between RDAP and WHOIS
WHOIS has long been the standard due to its simplicity, versatility, and accessibility. However, over time, it has failed to meet modern security and privacy requirements, which led to the introduction of a new protocol — RDAP. Below, we explain how it is better and what it can do that WHOIS cannot.
Personal data protection
The first and main difference between RDAP and WHOIS is access to personal data. RDAP hides personal information in accordance with modern privacy standards, while WHOIS displays it to all users. Anyone could find out the home address or mobile phone number of a website owner. This often led to spam or even invasion of privacy.
Enhanced security
RDAP works over HTTPS, a secure data transfer protocol. This means that information sent from an RDAP server cannot be intercepted or altered during transmission. WHOIS, on the other hand, uses a standard TCP protocol without encryption, which negatively affects the confidentiality and integrity of the transmitted data.
Machine-readable format
WHOIS does not structure data — it returns plain text that has to be decrypted manually. This complicates machine processing: developers have to write special scripts for reading and interpreting data. An example of a WHOIS query is shown below:
RDAP, on the other hand, uses the JSON format. Each field is clearly labeled and easily readable by programs, without additional parsing or manual analysis. This approach greatly facilitates record creation, automation, integration with other systems, report generation, and change tracking. Here’s what an RDAP query looks like:
Controlled access
RDAP has special access levels: public and restricted. This allows you to flexibly configure who can view the full domain data and under what conditions. For example, you can make it so that only law enforcement agencies can see the registrar’s email address, but regular users cannot.
However, it all depends on the registrar’s privacy policy and the type of data requested, because sometimes even having access does not guarantee that you will get the information you need.
International adaptability
Unlike WHOIS, RDAP supports queries with non-Latin characters. This significantly increases the versatility of the protocol and makes it convenient for users from countries where Latin script is not the norm. The protocol can process and display information from domains in any language — French, Chinese, Ukrainian, Arabic, etc.
RDAP uses a special UTF-8 encoding standard that converts any character into a corresponding binary string. This ensures global compatibility and accurate processing of international domains, regardless of language or alphabet.
Detailed search
WHOIS returns plain text, which means users have to search for and organize the information they need themselves. With RDAP, it’s the opposite: if you only need to know the IP address or website of the domain registrar, you can enter a specific query right away. This is especially convenient when speed is important and you don’t need to delve into unnecessary details.
In addition, RDAP allows you to search for related objects, such as IP addresses, subnets, or domains within a single registrant (provided that this is allowed by the server policy).
RDAP also supports modern query processing mechanisms, including filtering and authorization. This reduces the load on the system, restricts access to important data, and provides only relevant and up-to-date information. This approach complies with modern data protection standards and provides control over who can access what information.
Flexibility and scalability
Unlike WHOIS, which has a fixed set of features, RDAP is easily scalable—both for local use and at the global registry level. This is achieved through a modular architecture and support for extensions that allow you to customize query types, add new features, and integrate other systems via APIs—without the need for a complete system upgrade.
RDAP also supports dynamic load balancing. For example, registries with a large number of domains can place servers in different regions or redirect queries to individual nodes.
This allows the protocol to handle a large number of requests simultaneously while maintaining stable performance.
This flexibility makes RDAP ideal for long-term use, especially in large-scale projects where security, accuracy, and compatibility requirements are constantly increasing.
Why WHOIS is no longer suitable
Despite its widespread popularity in the past, WHOIS is gradually fading into the background. Users are increasingly choosing more modern solutions with better privacy protection, technical flexibility, and compliance with current standards.
Let’s look at the most common reasons for abandoning WHOIS:
- Complex format. Data is presented in an unstructured form and requires manual interpretation. Automatic processing can be configured, but this requires the creation of special scripts.
- Lack of IDN domain support. WHOIS does not process non-Latin characters correctly because it was not designed for internationalized domains. Instead of the usual Cyrillic or Arabic names, the user sees technical Punycode. This causes confusion, complicates readability, and makes it difficult to work with such domains.
- Privacy issues. Phone number, home address, email — WHOIS makes all this data public, thereby violating current privacy and confidentiality standards. Some registrars offer to block access to this information, but this is more of a workaround than a solution.
- Lack of access settings. Anyone can access the data—the protocol has no mechanisms to restrict access. This makes it difficult to regulate access to important information. More modern solutions allow you to assign special roles, such as regular user, law enforcement officer, registrar, etc.
- Technical obsolescence. WHOIS operates through outdated protocols that do not support encryption, have limited bandwidth, and can often be blocked.
- Risk of important information leaks. Open WHOIS databases have become a convenient tool for malicious actors. Private data can fall into the hands of spammers or phishers who use it for spam mailings, attacks, and other fraudulent schemes.
What does the transition to RDAP mean for users?
The transition to RDAP changes the rules of the game for everyone who interacts with domains in one way or another. It is worth noting that the protocol does not change the data itself, it only affects the format in which it is displayed. At the same time, everything depends on your role. Let’s look at the main categories of users:
Regular users and website visitors
This is the category of people for whom the transition will be least noticeable, mainly because most websites have already switched to RDAP. With the new protocol, searching for basic information about a domain has become much easier and safer. Users can check whether a website is genuine, who owns it, who the registrar is, when the domain was registered, and when it expires.
Website and domain owners
These users receive better protection for their personal information. You no longer need to worry about your email or phone number falling into the hands of malicious actors, as RDAP ensures their confidentiality. In addition, you can set access levels that allow authorized persons to view complete domain data.
As we mentioned, RDAP supports encoding and localization, which reduces the risk of data corruption when working with IDN domains — website names that contain characters from non-Latin alphabets. This is a significant advantage for websites operating in international or localized markets.
Registrars and hosters
New technical requirements are emerging for them, including JSON response format, REST API support, and mandatory use of UTF-8 encoding. This means that providers must implement an RDAP server and adapt their infrastructure, including domain databases, client panels, internal APIs, monitoring and security systems. Currently, RDAP services operate in parallel with WHOIS, but a complete transition to the new protocol requires updating all systems that work with domains.
Rights holders and lawyers
Legal entities use similar protocols to search for the contact information of domain owners. With WHOIS, this was easier because all data was publicly available. RDAP, on the other hand, hides personal information, and an official request must be submitted to obtain it. Although the process has become more complicated, from a legal standpoint, it is more correct and safer in terms of privacy compliance.
SEO specialists and cybersecurity services
For this group, the new protocol creates both limitations and new opportunities. It is now more difficult to collect information because some of the data is hidden. To access it, you need the appropriate permission or an official request. This also complicates the configuration of automated tools for collecting domain data.
At the same time, RDAP allows you to obtain complete information about a domain within the limits of the law. This approach reduces the risk of confidential information leaks and provides access to it only to authorized persons.
Finally
The transition from WHOIS to RDAP is not just a protocol change, but an important step towards improving Internet security. RDAP protects the personal data of domain owners and allows for flexible configuration of access levels. It has a convenient format for machine processing, detailed search, international scalability, and a number of other advantages.
Our HostPro team has become an officially accredited ICANN domain registrar. We already support RDAP and comply with GPDR requirements governing the processing of personal data in the global domain space. Thanks to this, our customers’ personal data is protected, and registering the desired domain is quick and convenient.