WHOIS vs RDAP: What's the Difference and Which Should You Use?

Lalit Pandit — Thu, 11 Jun 2026 01:56:40 +0000

WHOIS is being replaced by RDAP. This guide explains the difference, why it matters for domain research and OSINT, and how to look up either one online for free.

If you've ever looked up who owns a domain, you've used WHOIS. But WHOIS is an ageing protocol, and the industry has been moving to its modern replacement: RDAP. This guide explains both in plain English and shows you how to query them for free.

What is WHOIS?

WHOIS is a decades-old protocol for querying who registered a domain (or who owns an IP range). It returns free-form text: registrar, registration and expiry dates, status codes, nameservers and — historically — registrant contact details. Its biggest weaknesses are inconsistent formatting (every registry formats its output differently) and the fact that it predates modern privacy expectations.

What is RDAP?

RDAP — the Registration Data Access Protocol — is the modern, standardised replacement for WHOIS. Instead of unstructured text, RDAP returns clean, predictable JSON over HTTPS, with consistent fields, proper internationalisation, and built-in support for access control. ICANN has been steering registries and registrars toward RDAP, and for technical use it is simply better to parse and automate.

The key differences at a glance

Format: WHOIS = free-form text; RDAP = structured JSON.
Consistency: RDAP is standardised across registries; WHOIS varies.
Transport: RDAP uses HTTPS with proper status codes; WHOIS uses a legacy port-43 protocol.
Privacy: RDAP supports tiered/authenticated access to data; WHOIS is all-or-nothing.
Future: RDAP is the direction of travel; WHOIS is being phased out.

Why GDPR changed what you can see

Since privacy regulations such as GDPR took effect, most registrars redact personal registrant details (name, email, phone). This applies to both WHOIS and RDAP. What remains public — and remains extremely useful for research— is the technical and administrative metadata: creation and expiry dates, registrar, domain status codes and nameservers.

What you can still learn from a lookup

Age of a domain (creation date) — useful for spotting newly registered, possibly suspicious domains.
Expiry date — when a domain is up for renewal.
Registrar — who the domain was bought through.
Status codes — whether the domain is locked, pending deletion, etc.
Nameservers — which DNS provider runs the domain, a great pivot point.

Which should you use?

For most people the answer is: use a tool that does both. Query RDAP first for clean structured data, and fall back to WHOIS when a registry hasn't fully migrated. I built a free one (no signup) that does exactly that — you type a domain, and it returns the best available registration data without you worrying about the protocol underneath.

👉 Free WHOIS / RDAP lookup: https://osintprojects.com/whois

If you do domain research, recon, or fraud/abuse investigation, knowing how to read this data — and following the nameservers into DNS, then into IP/ASN data — gives you a remarkably complete picture from entirely public sources.

Originally published at osintprojects.com — a free, no-signup OSINT & cybersecurity toolkit.