The Freename Forum

Starting today, Whois is no longer the definitive source of domain name ownership data. It’s now the Registration Data Access Protocol (RDAP).

RDAP has much of the same information that Whois does.

RDAP can be accessed on ICANN’s website: https://lookup.icann.org/

WHOIS is dead, long live the RDAP (Registration Data Access Protocol): the Internet administration ICANN has retired the old query protocol for contact data on domain holders and replaced it with a more modern information system.

Would you like to know the name, address, e-mail address and telephone number of the holder of a domain with a generic ending? For decades this was no problem, a WHOIS query delivered the desired result free of charge and within seconds. However, ICANN has been working on a reform of the WHOIS system since 2011, at that time at the instigation of the Security and Stability Advisory Committee. A lack of internationalization, the need for staggered access and, above all, the desire for more security against spammers in data access made a reform of the previous WHOIS protocol unavoidable. This work had to be intensified under the pressure of the General Data Protection Regulation (fines). In February 2019, ICANN created the first facts: domain registrars were given until August 26, 2019 to implement the new RDAP. The RDAP is based on the WHOIS compromise model (“Temporary Specification for gTLD Registration Data”, or “temp spec” for short) and was created by the Internet Engineering Task Force (IETF). It provides registration data in the same way as the WHOIS, but its implementation standardizes data access, among other things. It is described in more detail in IETF RFCs 7480 to 7484 and 8056.

After WHOIS and RDAP were initially operated in parallel, the old WHOIS system, accessible via the port 43/TCP defined by IANA, is now obsolete when the “WHOIS Services Sunset Date” is reached. ICANN discontinued the service on January 28, 2025, and registries and registrars are no longer obliged to offer it. Since then, the RDAP has been the only reliable source for the provision of registration information. Users are strongly encouraged by ICANN to use the RDAP-based lookup service, available at lookup.icann.org/en. In common parlance, the successor protocol RDAP is likely to be referred to as WHOIS again; there is still a query option, even if access is significantly restricted. In contrast to WHOIS, RDAP allows, among other things, tiered access so that registrars can only disclose confidential information to authorized parties such as law enforcement agencies, while it remains hidden from general users. This functionality is in stark contrast to WHOIS, which publicly displayed owner data and exposed individuals and companies to privacy risks. In addition, the RDAP supports internationalized domain names, improving its compatibility in a global Internet landscape.

The switch from WHOIS to RDAP only applies directly to generic top level domains, as ICANN is not responsible for country code top level domains. However, if it establishes itself as the industry standard, ccTLDs are likely to follow suit soon.

You can find ICANN's RDAP-based lookup service at:
https://lookup.icann.org/en

The abolition of a publicly accessible WHOIS directory as a result of the General Data Protection Regulation (GDPR) makes it more difficult for European law enforcement authorities to identify suspects. Eurojust and Europol acknowledged this in their report “Common Challenges in Cybercrime” for 2024.

In their report published on January 31, 2025, Eurojust, the European Union's agency for judicial cooperation in criminal matters, and the European police authority Europol examine persistent and emerging problems that make cybercrime investigations more difficult. This year's edition identifies the main obstacles, particularly in the area of digital evidence. The report highlights several pressing challenges facing law enforcement agencies, including the overwhelming amount of digital data, the risk of data loss and the persistent obstacles to accessing important information due to legal and technical restrictions. The increasing use of anonymization services further complicates efforts to track criminal activity online. Above all, the volume of data - we are talking about data in the terabyte and petabyte range - is giving the authorities a hard time. It requires the processing of huge amounts of data, which triggers a need for analysis techniques and considerable resources that are currently out of reach for many authorities.

IP addresses and the WHOIS are mentioned as particular challenges in connection with internet governance. In the area of IP addresses, authorities are struggling with the problem of Carrier-Grade Network Address Translation (CGNAT); it allows up to 65,000 users to share an IP address simultaneously. In practice, this means that a user is not only identified by the IP address they use, but also by the IP address and the assigned port number; however, the individual ports are usually not logged. IPv6 would provide a remedy, as it makes it easier to uniquely identify devices and therefore users. However, law enforcement officers are also struggling with the effects of the GDPR. The WHOIS database used to be an important resource when it came to assigning a domain to a person or company. However, when the GDPR came into force in 2018, ICANN instructed all registry operators and domain registrars to remove all personal data from publicly accessible WHOIS entries - with no exceptions for law enforcement authorities or the judiciary. It is hoped that the “Registration Data Request Service” (RDRS) will improve the situation. This pilot tool is a positive step; however, it is a voluntary service in which registries and registrars can decide whether or not to participate. This also means that there is no access to relevant evidence to identify who is behind an illegally used domain. Another problem with the RDRS system is the confidentiality of requests for registration data. ICANN has pointed out that the system is not designed in such a way that it can maintain the confidentiality of requests from law enforcement authorities. “This is a major deterrent for law enforcement agencies against using the system”, according to the report.

But one should not be fooled. Efforts to improve the technical and operational capacity of law enforcement agencies in the EU and to ensure that they are adequately equipped for the complexity of modern digital investigations are already underway. For example, Interpol has developed a portal that provides automated access to non-public registration data and is only accessible to law enforcement authorities. Other agencies have also begun to replace the WHOIS directory with other sources, such as the DNS Research Foundation's DAP.LIVE system. Such initiatives collect domain information from (industry) sources other than ICANN, such as phishing records, GDPR violations and blockchain domains. However, this information is unsystematic, costly and the reliability and traceability is difficult to determine, which threatens to undermine its validity for legal proceedings.

The report “Common Challenges in Cybercrime” can be found at:
https://www.europol.europa.eu/cms/sites ... e_2024.pdf

Further information on the Interpol portal mentioned can be found at:
https://www.unodc.org/documents/Cybercr ... ration.pdf