RDAP: The Modern WHOIS Replacement with Focus on Security and Automation
1. Introduction
Registration Data Access Protocol (RDAP) is a protocol developed by IETF for accessing domain registration data, IP addresses, and autonomous systems. Unlike the outdated WHOIS, RDAP uses RESTful API, returns structured data in JSON, and supports modern security mechanisms.
Why RDAP?
- WHOIS is vulnerable to MITM attacks (no TLS)
- WHOIS data is unstructured, making parsing difficult
- RDAP complies with GDPR, allowing personal data to be hidden
2. History and Background of RDAP
WHOIS, operating since 1982, has critical flaws:
- Text format → difficult parsing
- No standardization (different registrars → different formats)
- No support for authorization and ACLs
Solution: In 2015, IETF released RFC 7480-7484, defining RDAP as a WHOIS replacement.
3. How RDAP Works
3.1. Basic Query
RDAP works over HTTPS (port 443), requests are made in REST style.
Example domain query:
curl -H "Accept: application/rdap+json" https://rdap.verisign.com/com/v1/domain/example.comResponse (abbreviated JSON):
{
"objectClassName": "domain",
"handle": "2336799_DOMAIN_COM-VRSN",
"ldhName": "EXAMPLE.COM",
"status": ["active"],
"entities": [
{
"objectClassName": "entity",
"roles": ["registrant"],
"vcardArray": ["vcard", [["fn", {}, "text", "Example Inc."]]]
}
],
"secureDNS": {
"delegationSigned": true
}
}3.2. Query Hierarchy
RDAP supports IANA's Bootstrap service to find the appropriate registry:
curl https://data.iana.org/rdap/dns.json | jq '.com'→ Returns Verisign's RDAP server URL for .com domains.
4. Security in RDAP
4.1. Data Protection
- TLS is mandatory (unlike WHOIS)
- Access control (ACLs, API keys)
- Personal data is hidden according to GDPR (e.g.,
"roles": ["registrant"]without email)
4.2. Authorization (RFC 7481)
Some RDAP servers require tokens:
curl -H "Authorization: Bearer token_here" https://rdap.example.org/ip/192.0.2.04.3. Abuse Protection
- Rate-limiting (e.g., Cloudflare RDAP: 1000 requests/day)
- CAPTCHA for web interfaces
5. WHOIS vs RDAP Comparison
| Criterion | WHOIS | RDAP |
|---|---|---|
| Protocol | TCP (port 43, plaintext) | HTTPS (REST/JSON) |
| Structure | Text (non-standard) | JSON (RFC standard) |
| Security | No TLS, no ACLs | TLS, OAuth, Rate-limiting |
| IDN Support | Partial | Full (Unicode) |
6. Automation with RDAP (Python Example)
import requests
def fetch_rdap(domain: str):
url = f"https://rdap.verisign.com/com/v1/domain/{domain}"
headers = {"Accept": "application/rdap+json"}
response = requests.get(url, headers=headers)
return response.json()
data = fetch_rdap("google.com")
print(data["entities"][0]["roles"]) # ['registrant', 'administrative']Cybersecurity applications:
- Monitoring attacker domains
- Checking SSL certificates via
secureDNS
7. RDAP Challenges
- Not all registrars support it (e.g., some ccTLDs)
- No global transition (WHOIS still alive)
- Debug complexity (not all errors are RFC-described)
8. The Future of RDAP
- Complete WHOIS deprecation by 2025-2030
- Integration with DNS-over-HTTPS (DoH)
- Improved DNSSEC support in responses
9. Conclusion
RDAP is an evolution of WHOIS offering:
- ✅ Standardized API (JSON)
- ✅ Better security (TLS, ACLs)
- ✅ Automation (Python/Go integration)
Recommendations:
- For pentesting use
rdapcheck.org - For development -
python-rdap,go-rdaplibraries