WHOIS vs RDAP
WHOIS vs RDAP — a detailed comparison
RDAP is the successor to WHOIS, but both still coexist. This article compares the two from an engineer's perspective — protocol, data, compatibility, security — and explains how whois.net.tw integrates them.
Key facts: WHOIS vs RDAP
- WHOIS: 1982 (RFC 812 / current RFC 3912), TCP port 43, plain text.
- RDAP: 2015 (RFC 7480–7484), HTTPS, JSON, consistent across TLDs.
- ICANN mandates RDAP for all gTLD registrars; most major ccTLDs (.tw, .jp, .uk, .de) also support it.
- This site prefers RDAP and only falls back to port-43 WHOIS when the registry does not yet serve RDAP.
WHOIS vs RDAP at a glance
| Aspect | WHOIS | RDAP |
|---|---|---|
| RFC | 3912 (1982) | 7480–7484 (2015) |
| Transport | TCP port 43 | HTTPS (TLS) |
| Data format | Plain text | JSON |
| Cross-TLD consistency | No | Yes |
| Authentication | None | OAuth / HTTP |
| Error codes | Free-text | HTTP status codes (200 / 404 / 429) |
| Contact format | Free-text | jCard (RFC 7095) |
| Privacy redaction | REDACTED FOR PRIVACY | Structured omission |
Why RDAP? Isn't WHOIS enough?
Plain WHOIS has been in use since 1982 and has several limitations that motivated a successor: (1) the plain-text output has no standard format, so every registry/registrar emits something different; (2) there are no standard error codes or status responses; (3) internationalization (IDNs, non-ASCII data) is inconsistent; (4) there is no native encryption. IETF answered with RDAP in RFC 7480–7484 (2015), and ICANN now mandates RDAP for gTLD registrars.
Protocol differences: port 43 plain text vs HTTPS
WHOIS uses TCP port 43, no encryption, plain-text request/response, one connection per lookup. RDAP runs over HTTPS (TLS), fitting modern browsers, CDNs and API gateways, and supports proper HTTP status codes (200/404/429/500) and content negotiation. For enterprise environments that need auditability and compliance, only RDAP is realistic.
Data format: free text vs JSON
WHOIS returns a human-readable text block, formatted differently by every registry — parsing requires per-TLD rules. RDAP returns JSON conforming to RFC 9082/RFC 9083 with consistent object shapes (entities, events, nameservers, status), so client code or UI components can consume it directly without ad-hoc parsing.
Current compatibility: who already serves RDAP?
As of 2025, every ICANN gTLD (.com, .net, .org, .io, etc.) is mandated to serve RDAP via its registrars, and most major ccTLDs (.tw, .jp, .uk, .de, ...) do as well. Some smaller ccTLDs still only offer the legacy WHOIS service, which is when a port-43 fallback is needed.
How this site integrates both
The whois.net.tw backend resolves each TLD's RDAP endpoint via the IANA bootstrap registry, tries RDAP first, and falls back to port-43 WHOIS when RDAP is unavailable or returns an error. The result page always labels the data source so you can tell which protocol answered.
See the difference with a real domain
Back on the home page, type a domain — the result page's Data Source field tells you whether this lookup came back via RDAP or WHOIS.
Try a WHOIS lookupRDAP FAQ
Where are the official RDAP specs?
IETF specs: RFC 7480 (HTTP transport), RFC 7481 (security), RFC 9082 (data model), RFC 9083 (JSON response format). IANA maintains the RDAP bootstrap registry mapping each TLD to its RDAP service endpoints.
Does RDAP require authentication or an API key?
Public-data lookups generally do not. Some registries support authenticated Tiered Access (vetted law-enforcement or abuse research organizations can see the full, unredacted record). For ordinary domain owners and developers, anonymous HTTPS is enough.
Is there a rate limit on RDAP?
Yes. Each registry sets its own limit — typically a few per second to a few dozen per minute. RDAP returns HTTP 429 when you exceed it, which is much easier to detect and retry than the legacy WHOIS "connection just dropped".
Why do RDAP results contain vCard/jCard objects?
RDAP represents contact data with jCard (RFC 7095), the JSON variant of vCard. It carries name, organization, address and phone as a structured object — far more consistent than the free-text registrant blocks in legacy WHOIS.
Will WHOIS be retired?
Not soon. ICANN already mandates RDAP for gTLD registrars, but legacy WHOIS is still the de facto interface in many older systems and small ccTLDs. The pragmatic stance: target RDAP first, fall back to WHOIS when needed.