For over 40 years, WHOIS has been the standard way to look up domain registration information. But WHOIS has significant limitations that became impossible to ignore as the internet grew. Enter RDAP — the Registration Data Access Protocol — designed to fix everything WHOIS got wrong.
The Problems With WHOIS
WHOIS was designed in 1982 for a much smaller internet. Its limitations include:
Unstructured text output — WHOIS returns free-form text that varies between registrars. One registrar might label a field "Registrant Name" while another uses "Domain Holder". Parsing this programmatically is unreliable.
No authentication — WHOIS provides the same data to everyone. There's no way to give verified security researchers more detail than anonymous queries.
No encryption — Traditional WHOIS operates over plain TCP port 43, meaning queries and responses are sent unencrypted. Anyone on the network path can see what domains you're looking up.
No standardized error handling — When a WHOIS query fails, the error messages vary wildly between servers. Some return nothing. Some return cryptic codes.
Poor internationalization — WHOIS struggles with non-ASCII characters in domain names and contact information. International Domain Names (IDNs) are poorly supported.
How RDAP Fixes These Problems
RDAP was standardized by the IETF in RFC 7480-7484 and mandated by ICANN for all gTLD registries and registrars.
Structured JSON Responses
RDAP returns well-defined JSON objects instead of free-form text. Every field has a standardized name and format. This makes automated processing reliable and consistent across all registrars.
Built-in Access Controls
RDAP supports authentication and authorization. Registrars can provide different levels of detail based on who's asking — more data to verified law enforcement or security researchers, less to anonymous queries.
HTTPS by Default
RDAP runs over HTTPS (port 443), encrypting both the query and response. Your lookups are private.
Standardized Errors
RDAP uses standard HTTP status codes (404 for not found, 429 for rate limiting, etc.) and includes structured error messages in JSON.
Full Unicode Support
RDAP properly handles internationalized domain names, non-Latin contact information, and locale-specific formatting.
What This Means for You
If you use WHOIS lookups regularly, here's what changes:
For most users: nothing immediately. WHOIS still works and will continue to work for the foreseeable future. Both protocols run in parallel.
For developers and automated tools: start migrating. RDAP's structured JSON is much easier to parse than WHOIS text. If you're building tools that consume domain data, RDAP is the better choice.
For security researchers: RDAP enables differentiated access. As the ecosystem matures, authenticated RDAP queries will provide richer data than anonymous WHOIS lookups.
Using CheckHost for WHOIS and RDAP
CheckHost's [WHOIS lookup tool](/en/whois) automatically queries the best available source for each domain. For TLDs that support RDAP, we query RDAP first and fall back to WHOIS if needed. The results are parsed, structured, and presented in the same clean format regardless of which protocol was used behind the scenes.
You don't need to worry about which protocol to use — we handle it automatically.