WHOIS vs RDAP

A long-standing online identification tool

WHOIS is a service that has existed since the Internet was first created. Set up in the 1980s, it was designed as a query system for publicly viewing information associated with a domain name or IP address. Its role was to provide transparency on domain registration, easily identify domain owners, and even to help retrieve an expired or abandoned domain name.

When a web user or professional performs a WHOIS search, they can access information such as:

• the domain registrar
• the domain creation date and expiry date
• the contact details of the owner, or of the administrative/technical contact
• the associated IP address (in the case of WHOIS IP)

This has long been considered a standard for managing online identities, particularly when it comes to combating internet fraud and malicious use. In just a few clicks, any user can access a domain name’s data, making it easier to monitor and verify information in a growing web space.

The limitations of WHOIS

As digital practices have evolved over time, several problems have arisen in the use of WHOIS.

• Exposure of personal data: all information on domain owners (name, address, phone number, email) was publicly accessible. This has posed significant privacy issues, particularly with the introduction of the GDPR (General Data Protection Regulation) in Europe.
• Potential for misuse: WHOIS databases have become a valuable source for spammers, cyberbullies and even unscrupulous companies, exploiting this data for unsolicited sales pitches.
• Lack of technical standardisation: The information provided by WHOIS is sent as plain text, making it difficult for software or analytics systems to interpret it automatically. This greatly limits the possibilities for technical integration or automation.
• Mishandling international character sets: Whois does not properly support non-Latin characters, which can cause problems for users in certain countries, or for domain names in Cyrillic, Arabic, or Asian alphabets.

In light of these limitations, our needs have evolved into a more secure, structured protocol that is better adapted to our confidentiality, legal compliance and web technology requirements. Thus RDAP was born.

A modern protocol to replace WHOIS

The RDAP (Registration Data Access Protocol) is the new protocol for consulting information on domain names, designed to gradually replace WHOIS. It was set up at the instigation of ICANN (Internet Corporation for Assigned Names and Numbers) with the aim of overcoming the technical and legal limitations of the previous system.

While WHOIS relied on open, unfiltered access to personal data, RDAP introduces a more secure, standardised approach, customised to the user’s profile. This more granular management system meets the new standards for privacy protection, interoperability and technical integration.

Stronger protection for personal data

One of the key advantages of RDAP is how it publishes information in a different way. Specifically, this means that the contact details of a domain name registrant are not publicly displayed by default. Access to certain sensitive information may be restricted or hidden depending on:

• the identity and rights of the user making the request (individual, authority, registrar, etc.);
• the confidentiality policy set up by the registry or registrar;
• the type of data requested (technical, administrative, legal, etc.).

This feature allows for more refined protection of domain owner identity, while retaining secure access to useful information in the event of misuse or legal disputes.

A structured and interoperable protocol

RDAP uses the JavaScript Object Notation (JSON) format to transmit domain name information. Unlike WHOIS, which provides plain text responses that are difficult to work with, JSON offers a machine-readable structure that can automatically integrate into management, analysis, or monitoring tools. This standardised format also ensures a uniform interpretation of the data, whichever registry is queried. This technical breakthrough is a major advantage for customers, service providers and web professionals, who can now harness domain information more reliably and accurately.

Better internationalisation of domain names

RDAP fully supports non-Latin characters, making it an inclusive and universal protocol. It allows you to correctly search for and display information from domain names written in any alphabet (Cyrillic, Chinese, Arabic, etc.). This facilitates:

• global domain management
• multilingual identity searches
• interoperability between global name registration services

Towards a smarter way to search

RDAP also provides advanced features that WHOIS lacks. This includes the ability to perform accurate searches on specific types of technical information, access multiple related records simultaneously (such as sub-domains or network objects), and optimise request processing through paging, filtering, and authentication mechanisms. These capabilities increase its efficiency, while ensuring better protection of personal data and a response more adapted to the current requirements of the internet and its users.

At OVHcloud, access to domain data is based on both the WHOIS protocol, still used for most national extensions (ccTLDs), and the RDAP protocol, now in place for generic extensions (gTLDs) such as .com, .tech and .app. This development is part of ICANN’s approach to align with current technical standards in terms of security, data structure and compliance with regulations such as the GDPR.

This dual support allows OVHcloud to meet the different requirements of registries, while ensuring that users get reliable and secure access to domain information.