Network6 min

WHOIS Is Dead, Long Live RDAP: Look Up Domain Ownership in 2026

ICANN retired WHOIS in favor of RDAP — structured JSON, HTTPS, rate limits, and consistent redaction. Here's what changed and how to look up a domain today.

Zro7 WHOIS Lookup queries the appropriate RDAP server for each TLD directly from your browser.

In 2026 the classic WHOIS port-43 protocol is effectively retired. Its replacement is RDAP (Registration Data Access Protocol) — HTTPS + JSON, standardized redaction, and TLD-specific endpoints published in the IANA bootstrap file. To look up a domain today, open Zro7 WHOIS Lookup. It resolves the correct RDAP server for the TLD and shows a normalized view of the response.

Why WHOIS died

  • Unstructured text — every registry formatted output differently, so parsers were fragile.
  • No encryption — plain TCP/43, trivially observable.
  • GDPR — since 2018, registrant PII has been redacted for EU-linked domains. WHOIS clients displayed 'REDACTED FOR PRIVACY' inconsistently.
  • No rate-limit signaling — clients got IP-banned with no machine-readable reason.

What RDAP fixes

  • JSON — one schema for every TLD (RFC 9083).
  • HTTPS — authenticated, encrypted, cacheable.
  • Standardized objectsentities, events (creation/expiration), status, nameservers.
  • Redaction is explicit — a redacted array tells you which fields were withheld and why.

What you actually get in 2026

For a generic TLD (.com, .net, .org) you'll see: creation date, expiration, registrar, nameservers, DNSSEC status, and a redacted registrant (usually just 'REDACTED FOR PRIVACY' + registrar's contact form URL). Some ccTLDs (like .de, .fr, .uk) still show organization names for non-individuals. Individuals are always redacted under GDPR.

How to read the important fields

  • eventsregistration (creation), expiration, last changed. A domain created 3 days ago claiming to be a major brand is almost always phishing.
  • statusclientTransferProhibited is normal; pendingDelete or redemptionPeriod means the owner let it expire.
  • nameservers — cross-check with DNS Lookup; a mismatch is a red flag.
  • secureDNS.delegationSigned — DNSSEC status. Combine with DNSSEC Check for full validation.

Steps

  1. Open WHOIS Lookup.
  2. Type any domain; Zro7 routes to the correct RDAP endpoint.
  3. Read events, status, and nameservers.
  4. For fuller intel, follow up with DNS, Reverse DNS, and DNSSEC.

Frequently asked questions

Can I still get personal info out of WHOIS?

For individuals in most gTLDs, no — it's redacted. Legitimate abuse requests go through the registrar's contact form (listed in the RDAP response) or via ICANN's compliance process.

Why is one .com response different from another?

Thin vs thick registries. .com is a thin registry — the registrar holds most data. Some TLDs are thick (registry holds it directly), giving richer RDAP responses.

What if a TLD has no RDAP endpoint?

A handful of ccTLDs still only offer legacy WHOIS. Zro7 falls back to a WHOIS-over-HTTPS gateway for those.

Is RDAP rate-limited?

Yes — usually a few queries per second per IP. Zro7 queries from your browser so you get your own quota.

Does Zro7 log queries?

No. The request goes from your browser to the public RDAP endpoint.

Related posts

← Back to blog