Launching RDAP; sunsetting WHOIS

This was announced originally early last year. It removes the <i>requirement</i> for TLD and nTLD (not ccTLD) operators to have a WHOIS service available, but doesn&#x27;t mandate they must shut them down.<p>So far the sunsetting has had little effect with most TLDs still having their WHOIS services online. In reality, I think we&#x27;ll see a period of time where many TLDs and nTLDs have both WHOIS and RDAP available.<p>Additionally, since ccTLD&#x27;s aren&#x27;t governed by ICANN, many don&#x27;t even have an RDAP service available. As such, there&#x27;s going to be a mix of RDAP and WHOIS in use across the entire internet for some time to come.<p>Disclosure: I run <a href="https:&#x2F;&#x2F;viewdns.info&#x2F;" rel="nofollow">https:&#x2F;&#x2F;viewdns.info&#x2F;</a> and have spent many an hour dealing with both WHOIS and RDAP parsing to make sure that our service returns consistent data (via our web interface and API) regardless of the protocol in use.

The concept of WHOIS has felt sleazy for many years.<p>If I register a domain, the registrar will basically extort me a couple extra dollars per year for “domain privacy” for the privilege of not having my name, home address, phone number, and email publicly available and then mirrored across thousands of shady scraped content sites in perpetuity. Even If you don’t care about that, then begins the never ending emails texts and calls begin from sleazy outfits who want to sell you related domains, do SEO for you, revamp your site, schedule a call, or just fill your spam box up with legitimate scams and bootleg pharma trash.<p>All because you wanted a $10&#x2F;year dot com without paying the bribe.<p>And yes I grew up leafing through well worn phone books next to corded phones. This is not comparable.

RDAP replaces WHOIS, offering a more technologically advanced way to discover the domain is protected by privacy services.

Wow. I never noticed how much how I used the internet changed. I haven’t done a WHOIS in a decade.<p>When I started using the internet, it’s how I contacted people. If I liked their site or their blog, I’d check who was behind it and get an email address I could contact.<p>Now… humans don’t really own domains anymore. Content is so centralized. I obviously noticed this shift, but I had forgotten how I used to be able to interact with the internet.

The article is titled:<p>&gt; ICANN Update: Launching RDAP; Sunsetting WHOIS<p>Bit deceptive to editorialize it into something that sounds like something else much more interesting (removing contact info from domains) but isn&#x27;t the case at all (they&#x27;re just changing the method to access the same info).

I like WHOIS with its extreme simplicity [0]. RDAP, on the other hand, works on top of a large and changing HTTP [1], and uses a JS-derived serialization format [2]. RDAP has advantages, such as optionally benefiting from TLS, the data being better structured and defined, but the cost in added complexity seems high.<p>[0] <a href="https:&#x2F;&#x2F;datatracker.ietf.org&#x2F;doc&#x2F;html&#x2F;rfc3912" rel="nofollow">https:&#x2F;&#x2F;datatracker.ietf.org&#x2F;doc&#x2F;html&#x2F;rfc3912</a><p>[1] <a href="https:&#x2F;&#x2F;datatracker.ietf.org&#x2F;doc&#x2F;html&#x2F;rfc9082" rel="nofollow">https:&#x2F;&#x2F;datatracker.ietf.org&#x2F;doc&#x2F;html&#x2F;rfc9082</a><p>[1] <a href="https:&#x2F;&#x2F;datatracker.ietf.org&#x2F;doc&#x2F;html&#x2F;rfc9083" rel="nofollow">https:&#x2F;&#x2F;datatracker.ietf.org&#x2F;doc&#x2F;html&#x2F;rfc9083</a>

Worth mentioning are two open-source RDAP projects that are helping move the internet to a more structured system:<p>DNSBelgium: <a href="https:&#x2F;&#x2F;github.com&#x2F;DNSBelgium&#x2F;rdap" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;DNSBelgium&#x2F;rdap</a><p>RedDog: <a href="https:&#x2F;&#x2F;www.reddog.mx&#x2F;home&#x2F;2017&#x2F;12&#x2F;14&#x2F;server-1.2.2-patch-released.html" rel="nofollow">https:&#x2F;&#x2F;www.reddog.mx&#x2F;home&#x2F;2017&#x2F;12&#x2F;14&#x2F;server-1.2.2-patch-rel...</a>

Most people won&#x27;t even notice this change. They&#x27;ll still go to a &quot;whois lookup service&quot; and input a domain, and get the same results. The fact that it arrived via a different protocol (RDAP) won&#x27;t mean anything.

To be replaced with a system providing a standardized method to give law enforcement easier &quot;secure access&quot; to your redacted personal information.

Back in 2014, when TLD .church was introduced, me and my friends tried to register alonzo.church and (ab)use the contact information records to provide some biographic information and links, explaining literally <i>whois alonzo.church</i> on the command line. That would not prevent hosting whatever services on that domain as normal.<p>Sadly, we were not able to secure the domain on time, and after 11 years, the attempted trick is becoming irrelevant.

I just did an<p><pre><code> apt cache search rdap </code></pre> on a Debian (well, Devuan) system, and found nothing. Also could not find that phrase in the name of any executable in &#x2F;usr&#x2F;bin or &#x2F;usr&#x2F;sbin .<p>:-(

If distribution packages don&#x27;t abstract this trivia away I&#x27;m going to be endlessly frustrated

I don&#x27;t play with domains all day, but this very much feels like nothing important was accomplished, and things are just being made more complicated for political reasons. Sorry if that is being harsh, but I&#x27;ve never had any issue using WHOIS.

There&#x27;s something about WHOIS I&#x27;ve never understood. If you run `whois ycombinator.com` you&#x27;ll see name servers in the output.<p><pre><code> Name Server: NS-1411.AWSDNS-48.ORG Name Server: NS-1914.AWSDNS-47.CO.UK Name Server: NS-225.AWSDNS-28.COM Name Server: NS-556.AWSDNS-05.NET </code></pre> But if you run `dig ycombinator.com ANY +noall +answer` you&#x27;ll see name servers here too.<p><pre><code> ycombinator.com. 21600 IN NS ns-556.awsdns-05.net. ycombinator.com. 21600 IN NS ns-1914.awsdns-47.co.uk. ycombinator.com. 21600 IN NS ns-225.awsdns-28.com. ycombinator.com. 21600 IN NS ns-1411.awsdns-48.org. ycombinator.com. 900 IN SOA ns-225.awsdns-28.com. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 </code></pre> If you see all the output together, you&#x27;ll find the same name servers are present in WHOIS output and the DNS NS records. But wait, there&#x27;s more.<p>The name server `ns-225.awsdns-28.com` is present three times- in WHOIS, in DNS NS records, in DNS SOA record.<p>Which of these name servers get used to resolve `ycombinator.com` to its IP address like when I do `ping ycombinator.com`?<p>What if the information between the WHOIS and DNS NS records and the DNS SOA records are inconsistent? Which record wins?

I&#x27;ve had domains registered for over 30 years. I liked WHOIS because it provided a means to report abuse, which has gone from zero 30 years ago, to massive amounts of daily spam and network probes. I was not happy when ICANN began to allow privacy features in domain registration data, and I never made mine private. Most reputable sites still provide contact information via WHOIS.<p>Hopefully RDAP will be a suitable replacement. I haven&#x27;t tried it yet.

My first question when reading this was how is it going to affect the `whois` CLI tool, which I use at least weekly for both IPs and Domains. I even started trying to find source code before getting pulled away. Luckily I had an excuse to use it today and noticed that an RDAP endpoint was already being queried for the information. Good to know I won&#x27;t have to change any habits!

rdap is nice when it&#x27;s available.<p><pre><code> cargo install icann-rdap-cli rdap -O json ycombinator.com| jq .nameservers </code></pre> (or brew install, etc., depending on your os and tooling). The jq formatted output is a little more verbose than the whois one, but three cheers for a well-specified machine-parsable format. (and rdap has a pretty-printed format output also)

People say WHOIS is useless these days due to WHOIS privacy, but it&#x27;s useful for at least one thing: checking when a domain was registered&#x2F;transferred. Fishy stuff tend to be registered&#x2F;transferred recently. Also older and larger companies tend to not hide their organizational identity.<p>Btw, I tried the icann-rdap CLI tool and the default rendered-markdown output mode is atrocious. Sea of output, each nameserver has one or more standalone tables taking up 15x$repetition lines, almost impossible to fish out useful info. The retro gtld-whois mode is so much cleaner. Their web tool <a href="https:&#x2F;&#x2F;lookup.icann.org&#x2F;en&#x2F;lookup" rel="nofollow">https:&#x2F;&#x2F;lookup.icann.org&#x2F;en&#x2F;lookup</a> is fine too, don&#x27;t know why the rendered markdown mode isn&#x27;t like that. WTF.

The linked page (<a href="https:&#x2F;&#x2F;lookup.icann.org&#x2F;en" rel="nofollow">https:&#x2F;&#x2F;lookup.icann.org&#x2F;en</a>) seems to work only for .com domains?<p>&quot;No registry RDAP server was identified for this domain. Attempting lookup using WHOIS service.&quot;<p>&quot;Failed to perform lookup using WHOIS service: TLD_NOT_SUPPORTED.&quot;

I have no doubt some of the benefits are definitely to be able to resell or access that data once again. I literally just told someone yesterday “don’t pay for domain privacy, any registrar worth a damn will include it anymore”

My main use for WHOIS currently is actually not for domain names. I use it for querying IP addresses on whois.arin.net. Does anyone know how this news will impact that particular service, if at all?

I wasn&#x27;t aware of rdap.<p>Anyone experienced with this, I am not seeing abuse contact info, usually a phone number or email. Am i supposed to follow hyperlinks to get this info or something? Like search the registrar for this data?

When can I finally see an article announcing that ICANN has been sunsetted?

The fact most WHOIS is private these days makes it more or less useless.<p>I think rdap with a request&#x2F;response authentication on the requestor but that the provider can&#x27;t mask would be more practical.<p>Also requiring that registrars keep a history of changes from the time the domain was first registered would be very helpful vs relying on 3rd parties that cache the data over time (and charge for it) like domaintools.<p>Unlikely that this is in the protocol but I think it would better the entire ecosystem.

Good bye, then, whois.<p>I can remember times when you could still see the names and addresses of registrants in whois records. That was before abuse and fraud became everyday occurrences in today&#x27;s internet.<p>I miss the times when we could still believe in basic human decency.

From what I&#x27;ve seen most domain servers don&#x27;t really implement the history components of RDAP, which is a shame - being able to see if a domain ownership lapsed or was transferred historically would be great for being able to determine if somebody&#x27;s email address is still trustworthy or has been stolen by a domain transfer.

Are existing whois-clients going to be updated to support RDAP next to Whois, or will we have to use different clients?

Whois needs it&#x27;s own port open usually, this is good I suppose, now it&#x27;s all HTTPS. Now, if only passive dns resolution data was part of this same api. As it stands today, if you&#x27;re looking into WHOIS information, historical WHOIS and passive dns are a must, and they are usually provided by commercial entities.

ICANN&#x27;s DNS servers is one of the only systems on the internet that requires people to continually pay money to have a name. X, YouTube, Facebook, Reddit, Twitch, etc all let you register a name for free and without submitting all of your personal information. The entire model here is outdated with what users want.

The main benefit of whois and RDAP is to see which registrar handles a domain and when there were recent changes or upcoming expiry etc. RDAP is also useful to see who operates an IP address etc. I&#x27;ve been using RDAP for a few years but the service has been spotty, hopefully that improves now.

it was fun when having a network solutions&#x2F;internic contact handle was a badge of honor.<p>the early internet was fun. whois was always a fun dimension.<p>is there a canonical rdap client that will end up everywhere? one of the nice things about the early Internet was that there were canonical utilities that were everywhere.

Why isn&#x27;t this data simply available as a custom DNS record type?<p>Seems far simpler than a whole custom protocol.

What does this mean for the command line tool whois? It definitely works still and it&#x27;s still being updated...<p>&gt; whois ycombinator.com % IANA WHOIS server % for more information on IANA, visit <a href="http:&#x2F;&#x2F;www.iana.org" rel="nofollow">http:&#x2F;&#x2F;www.iana.org</a> % This query returned 1 object<p>refer: whois.verisign-grs.com<p>domain: COM<p>organisation: VeriSign Global Registry Services address: 12061 Bluemont Way address: Reston VA 20190 address: United States of America (the)<p>contact: administrative name: Registry Customer Service organisation: VeriSign Global Registry Services address: 12061 Bluemont Way address: Reston VA 20190 address: United States of America (the) phone: +1 703 925-6999 fax-no: +1 703 948 3978 e-mail: info@verisign-grs.com<p>contact: technical name: Registry Customer Service organisation: VeriSign Global Registry Services address: 12061 Bluemont Way address: Reston VA 20190 address: United States of America (the) phone: +1 703 925-6999 fax-no: +1 703 948 3978 e-mail: info@verisign-grs.com<p>nserver: A.GTLD-SERVERS.NET 192.5.6.30 2001:503:a83e:0:0:0:2:30 nserver: B.GTLD-SERVERS.NET 192.33.14.30 2001:503:231d:0:0:0:2:30 nserver: C.GTLD-SERVERS.NET 192.26.92.30 2001:503:83eb:0:0:0:0:30 nserver: D.GTLD-SERVERS.NET 192.31.80.30 2001:500:856e:0:0:0:0:30 nserver: E.GTLD-SERVERS.NET 192.12.94.30 2001:502:1ca1:0:0:0:0:30 nserver: F.GTLD-SERVERS.NET 192.35.51.30 2001:503:d414:0:0:0:0:30 nserver: G.GTLD-SERVERS.NET 192.42.93.30 2001:503:eea3:0:0:0:0:30 nserver: H.GTLD-SERVERS.NET 192.54.112.30 2001:502:8cc:0:0:0:0:30 nserver: I.GTLD-SERVERS.NET 192.43.172.30 2001:503:39c1:0:0:0:0:30 nserver: J.GTLD-SERVERS.NET 192.48.79.30 2001:502:7094:0:0:0:0:30 nserver: K.GTLD-SERVERS.NET 192.52.178.30 2001:503:d2d:0:0:0:0:30 nserver: L.GTLD-SERVERS.NET 192.41.162.30 2001:500:d937:0:0:0:0:30 nserver: M.GTLD-SERVERS.NET 192.55.83.30 2001:501:b1f9:0:0:0:0:30 ds-rdata: 19718 13 2 8acbb0cd28f41250a80a491389424d341522d946b0da0c0291f2d3d771d7805a<p>whois: whois.verisign-grs.com<p>status: ACTIVE remarks: Registration information: <a href="http:&#x2F;&#x2F;www.verisigninc.com" rel="nofollow">http:&#x2F;&#x2F;www.verisigninc.com</a><p>created: 1985-01-01 changed: 2023-12-07 source: IANA<p># whois.verisign-grs.com<p><pre><code> Domain Name: YCOMBINATOR.COM Registry Domain ID: 147225527_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.gandi.net Registrar URL: http:&#x2F;&#x2F;www.gandi.net Updated Date: 2025-02-14T02:53:36Z Creation Date: 2005-03-20T23:51:07Z Registry Expiry Date: 2026-03-20T22:51:07Z Registrar: Gandi SAS Registrar IANA ID: 81 Registrar Abuse Contact Email: abuse@support.gandi.net Registrar Abuse Contact Phone: +33.170377661 Domain Status: clientTransferProhibited https:&#x2F;&#x2F;icann.org&#x2F;epp#clientTransferProhibited Name Server: NS-1411.AWSDNS-48.ORG Name Server: NS-1914.AWSDNS-47.CO.UK Name Server: NS-225.AWSDNS-28.COM Name Server: NS-556.AWSDNS-05.NET DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https:&#x2F;&#x2F;www.icann.org&#x2F;wicf&#x2F;</code></pre> &gt;&gt;&gt; Last update of whois database: 2025-03-17T01:27:31Z &lt;&lt;&lt;

My favourite part of my .ca domains is that personal data is protected by default and I don&#x27;t have to pay for it as an additional service.<p>There&#x27;s no need for people to know my information because I happen to own a domain.

It doesn&#x27;t work with yandex.kz. Someone call Kazakhstan.<p>&gt; No registry RDAP server was identified for this domain. Attempting lookup using WHOIS service.<p>&gt; Failed to perform lookup using WHOIS service: TLD_NOT_SUPPORTED.

Stoked to see that ICANN reference implementations are now being written in rust!<p><a href="https:&#x2F;&#x2F;github.com&#x2F;icann&#x2F;icann-rdap" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;icann&#x2F;icann-rdap</a>

So... WHOIS is now JSON over HTTP. I guess that&#x27;s reasonable. But this warrants the sample application to need a gazillion crates why exactly?

I wonder which other old internet protocols fell into obsolescence.<p>Finger is not officially retired but no one supports it. NNTP seems it had a similar fate.

These days how can one register a domain anonymously, using crypto as payment, and without KYC?

Glad I read this, I wasn&#x27;t aware whois was being sunsetted. Now I have to change one of my critical services to do rdap. Wow. How can you sunset the main service that is the backbone of the internet?

I hope archive.org will host a WHOWAS service.

this really looks like a regression. In the sense that RDAP could be cheated

looks bad. I see a loss in trust there

Missed opportunity to call the successor `whodat`

wow! something I didn&#x27;t expect to read today, or in the near future.

r dap me up

check out the rdap deployment dashboard - <a href="https:&#x2F;&#x2F;deployment.rdap.org&#x2F;" rel="nofollow">https:&#x2F;&#x2F;deployment.rdap.org&#x2F;</a><p>it&#x27;s still unsupported by a lot of tld&#x27;s and the rate limits are atrocious. some registrar&#x27;s only allow 10 requests per day and will group huge netblocks into one single block.

This seems like it would break things.

I havent had a successful use of whois in probably over a decade. What was once a useful tool was destroyed by spammers harvesting email addresses and privacy oriented registrars.<p>I won&#x27;t even notice its gone