ICANN Sunsets WHOIS: What Does This Mean For You?

WHOIS? More like WHOWAS!

On January 27, 2025, ICANN, the global non-profit responsible for ensuring that website names and internet addresses work smoothly, announced the deprecation of the long-standing WHOIS protocol in favour of RDAP. Now, if you just said “What?!”, you could quite possibly imply both a concern or a complete ignorance of these acronyms. Since this transition marks a significant shift in how domain registration information will be accessed and managed moving forward, let’s unpack it briefly.

What is WHOIS? Why is it Being Replaced?

First launched in the early 1970s, WHOIS has been the cornerstone for querying domain registration details for decades. Essentially, it is a query and response protocol for querying databases that store information about domain names, IP address blocks, and autonomous system numbers. In other words, if you want domain information like registration date, contact details or status, WHOIS is your friend. Or was. Since the legacy design lacks standardised output formats and fails to integrate modern security and privacy features, it is no longer compatible with modern social norms and regulatory data protection requirements.

To elaborate, here are a few limitations driving the push for a replacement:

• Plaintext Data Transmission: WHOIS queries and responses are transmitted in plaintext. This means that sensitive registrant details—such as personal names, email addresses, and phone numbers—are openly visible, making them vulnerable to interception and misuse.
• Lack of Authentication and Encryption: Without built-in authentication or encryption, WHOIS does not verify the identity of the requestor, nor does it protect data in transit, which increases the risk of unauthorized data scraping and identity theft.
• Non-Standardised Data Formats: WHOIS responses vary widely among registries, complicating data integration and automated processing. This inconsistency hampers the development of unified, secure tools for domain management.
• Limited Access Control and Auditability: WHOIS does not support granular access controls or logging, making it difficult to track and restrict who accesses sensitive registration data.

What is RDAP?

Registration Data Access Protocol (or RDAP for short), as the name suggests, is a modern network communications protocol for accessing registration data in a secure and privacy-preserving manner. Even though it was standardised by the IETF in 2015, it has taken a decade to bootstrap the domain registrations and make them easily accessible. Developed as a modern successor to WHOIS, RDAP addresses many of the limitations highlighted in the previous section.

• Standardized Responses: Unlike WHOIS, RDAP offers consistent, machine-readable responses using JSON, making it easier for automated systems to process data.
• Enhanced Security: With built-in support for secure communications and authentication, RDAP ensures safer access to registration data.
• Flexible Data Handling: RDAP introduces granular control over query results, enabling more precise filtering and reduced data exposure.
• Improved Compliance: As privacy regulations tighten globally, RDAP is better equipped to manage sensitive data while maintaining transparency and accountability.
• Authoritative service discovery and support for internationalisation.

As a service, RDAP isn't new though - it has been offered by ICANN-accredited registrars and generic top-level domains (gTLDs) since 2019. You can use ICANN's RDAP-based lookup service, or the open-source command-line client.

So, What Does this Mean for You?

Well, for one, if you have tools and platforms built around WHOIS queries, you will need to update them to support RDAP API-based queries. You'll also need to review your compliance practices to align with the enhanced privacy standards. Of course, there may be an initial learning curve and integration challenges but, in the long term, you'll get more reliable and secure data management. And as more registrars and service providers adopt RDAP, the ecosystem as a whole will benefit from more efficient domain management processes.