In 2026 the classic WHOIS port-43 protocol is effectively retired. Its replacement is RDAP (Registration Data Access Protocol) — HTTPS + JSON, standardized redaction, and TLD-specific endpoints published in the IANA bootstrap file. To look up a domain today, open Zro7 WHOIS Lookup. It resolves the correct RDAP server for the TLD and shows a normalized view of the response.
Why WHOIS died
- Unstructured text — every registry formatted output differently, so parsers were fragile.
- No encryption — plain TCP/43, trivially observable.
- GDPR — since 2018, registrant PII has been redacted for EU-linked domains. WHOIS clients displayed 'REDACTED FOR PRIVACY' inconsistently.
- No rate-limit signaling — clients got IP-banned with no machine-readable reason.
What RDAP fixes
- JSON — one schema for every TLD (RFC 9083).
- HTTPS — authenticated, encrypted, cacheable.
- Standardized objects —
entities,events(creation/expiration),status,nameservers. - Redaction is explicit — a
redactedarray tells you which fields were withheld and why.
What you actually get in 2026
For a generic TLD (.com, .net, .org) you'll see: creation date, expiration, registrar, nameservers, DNSSEC status, and a redacted registrant (usually just 'REDACTED FOR PRIVACY' + registrar's contact form URL). Some ccTLDs (like .de, .fr, .uk) still show organization names for non-individuals. Individuals are always redacted under GDPR.
How to read the important fields
events— registration (creation), expiration, last changed. A domain created 3 days ago claiming to be a major brand is almost always phishing.status— clientTransferProhibited is normal; pendingDelete or redemptionPeriod means the owner let it expire.nameservers— cross-check with DNS Lookup; a mismatch is a red flag.secureDNS.delegationSigned— DNSSEC status. Combine with DNSSEC Check for full validation.
Steps
- Open WHOIS Lookup.
- Type any domain; Zro7 routes to the correct RDAP endpoint.
- Read
events,status, andnameservers. - For fuller intel, follow up with DNS, Reverse DNS, and DNSSEC.
Zro7