How WHOIS, RDAP and DNS Work (and How They Differ)
These three systems answer different questions about the same names and numbers. Mixing them up is one of the most common sources of confusion, so let's separate them clearly.
| Question | System |
|---|---|
| Who registered this domain/IP, and when? | WHOIS / RDAP |
| Which IP does this name resolve to? | DNS |
| Which network/AS announces this IP? | RDAP + ASN lookup |
WHOIS: the original
WHOIS dates back to the early 1980s. You connect to a registry's server on port 43 and get back a block of free-form text describing the registrant, the sponsoring registrar or allocated organization, and key dates.
whois example.com
The problem: the text format was never standardized. Every registry formats fields differently, which makes WHOIS painful to parse by machine and inconsistent to read.
RDAP: the modern successor
RDAP (Registration Data Access Protocol) returns the same kind of data as structured JSON over HTTPS (RFC 9083). It was designed to fix WHOIS's shortcomings:
| WHOIS | RDAP | |
|---|---|---|
| Format | Free text | JSON |
| Transport | Port 43 (cleartext) | HTTPS |
| Machine-readable | Hard | Easy |
| Standardized | Weak | RFC-defined |
| Internationalization | No | Yes |
| Differentiated access | No | Yes |
Crucially, ICANN designated RDAP as the official source of gTLD registration data, with the legacy WHOIS requirement sunset on 28 January 2025. RDAP is therefore the future-proof choice, and it is what this site uses.
# RDAP via the bootstrap service (routes to the right registry/RIR)
curl -H "Accept: application/rdap+json" https://rdap.org/domain/example.com
curl -H "Accept: application/rdap+json" https://rdap.org/ip/8.8.8.8
This site's IP Lookup and Domain Whois tools use RDAP through rdap.org, which bootstraps each query to the correct registry or RIR.
Reading domain status codes
RDAP/WHOIS domain results include EPP status codes set by the registrar or registry to control the domain's lifecycle. They are normal protective locks, not problems:
| Status | Meaning |
|---|---|
clientTransferProhibited |
Registrar lock preventing transfers |
clientHold |
Domain not in the zone (not resolving) |
pendingDelete |
Scheduled for deletion |
serverHold |
Registry-level hold |
Privacy and redaction
Since GDPR, most personal contact fields are redacted in public WHOIS/RDAP. You will typically see the registrar, status and dates, but not the registrant's name or email. To reach an owner, go through the registrar's abuse or transfer process. For IP allocations, the abuse contact is usually still published.
Domains vs IP addresses
WHOIS/RDAP covers two different worlds:
- Domains are managed by registrars under registries (gTLDs like
.com, ccTLDs like.jp). - IP addresses and ASNs are managed by the five RIRs (ARIN, RIPE NCC, APNIC, LACNIC, AFRINIC) — see IANA and the RIRs.
Versus DNS
RDAP/WHOIS tells you who registered and manages something; DNS tells you where a name points. They are completely separate systems. Check live DNS records (A/AAAA/MX/NS/TXT) with the DNS lookup tool; for IP-to-name see reverse DNS; for signing and integrity see DNSSEC.
Note: A domain can have valid DNS (it resolves and loads) while its WHOIS/RDAP shows it expiring next week. They answer different questions — always check both when diagnosing.