Skip to content
TECHNICAL · DOMAINS · 6 min read · Updated 2026-06-02

What is RDAP? The modern replacement for WHOIS

The same questions WHOIS answered — who runs this domain, when does it expire — delivered in a format built for the modern internet.

By the Check.Systems team

TL;DR
RDAP (Registration Data Access Protocol) answers the same "who registered this domain?" questions as WHOIS, but returns clean, structured JSON over HTTPS instead of loose text. It supports server discovery and authenticated access, and since 28 January 2025 it's the official source for gTLD registration data.

What RDAP is

Think of WHOIS as a handwritten note and RDAP as the same facts in a tidy spreadsheet. The information is identical — registrar, dates, name servers — but one is loose text you have to eyeball, and the other is structured so a computer can read it without guessing.

RDAP, the Registration Data Access Protocol, is the modern, standardized way to look up registration data for domains, IP addresses, and network numbers. It's a normal web API: a client sends an HTTPS request, and the server replies with JSON — the same format that powers most of the web's APIs. It was standardized by the IETF and is now an Internet Standard (STD 95).

Why WHOIS needed replacing

WHOIS served the internet for forty years, but it was built for a smaller, more trusting network and showed its age. Its problems were structural, not cosmetic:

  • No standard format. Every registry returned its fields differently, as free-form text. Software had to scrape and guess, and a layout change could break it.
  • No real security. Classic WHOIS ran over plain port 43, unencrypted, with no standard way to authenticate the person asking.
  • All-or-nothing data. A lookup was a single public dump — fine in 1985, a privacy problem once it contained real names and addresses.
  • No internationalization or error handling. Non-Latin scripts were an afterthought, and "not found" looked different everywhere.

For the full backstory of what WHOIS does and why its data got redacted, see What is WHOIS?

What RDAP does better

CapabilityClassic WHOISRDAP
FormatFree-form textStructured JSON
TransportPlain port 43HTTPS / REST
Find the right serverYou had to know itStandardized bootstrapping
Access controlNone (public dump)Tiered / authenticated
InternationalizationPatchyBuilt in (UTF-8)
ErrorsInconsistentStandard HTTP status codes

Because the output is predictable JSON, tools and websites can present registration data cleanly and reliably — which is exactly why modern lookup services run on RDAP under the hood.

How a client finds the right server

There's no single RDAP server for the whole internet — each registry runs its own. So how does a client know whether to ask the .com server or the .dev one? Through bootstrapping.

IANA publishes small machine-readable "bootstrap" files — essentially directories that map each TLD, IP-address range, and AS number to the RDAP server responsible for it. A client checks the directory, learns the authoritative server for whatever it's looking up, and sends the query there. It's the same delegation idea that makes DNS scale: nobody holds everything; you get pointed to whoever does.

Tiered access: the post-GDPR win

This is the feature that made RDAP urgent. After Europe's GDPR forced registration data to be redacted, the old "publish everything to everyone" model was untenable — but so was hiding everything from the people with a legitimate need (law enforcement, security researchers, IP lawyers).

RDAP is designed for exactly this middle ground. Because it runs over HTTPS with proper authentication, a registry can serve public fields to anyone and additional, sensitive fields only to verified, authorized requesters. That layered model is impossible with WHOIS's single anonymous text dump, and it's a big reason the industry committed to the switch.

The 2025 WHOIS sunset

The transition reached a milestone in early 2025. As ICANN put it: as of 28 January 2025, RDAP is the definitive source for delivering gTLD registration information, in place of sunsetted WHOIS services. On that date, the contractual requirement for gTLD registries and registrars to operate legacy port-43 WHOIS was removed.

The hard truth about the "sunset"
"Sunset" means no longer required, not "switched off everywhere." Many providers kept WHOIS running voluntarily during the transition, and plenty of lookup tools still quietly speak both. So WHOIS hasn't vanished — it's just no longer the system of record. RDAP is.

Seeing it in practice

You rarely call RDAP by hand — tools do it for you. When you run a domain through our WHOIS lookup tool, you're getting registration data presented cleanly, the way RDAP makes possible. And it isn't just for domains: all five Regional Internet Registries (ARIN, RIPE NCC, APNIC, LACNIC, AFRINIC) use RDAP for IP-address and ASN registration data too — in fact, the number side of the internet adopted it first.

The takeaway: RDAP isn't a new thing to learn so much as a better pipe for the same facts. WHOIS asked "who runs this?" in a language only humans could read reliably; RDAP asks it in one that machines, privacy rules, and the modern web can all live with.

Related reading: What is WHOIS? · What is GDPR? · What is a domain name? · What is a domain registrar?

References: RFC 9082 (RDAP query format) · RFC 9083 (RDAP JSON responses) · RFC 9224 (bootstrapping) · ICANN — Launching RDAP, Sunsetting WHOIS (Jan 2025)