WHOIS vs RDAP

WHOIS vs RDAP

What is WHOIS?

Most website owners include a means to contact them on their website. It could be an email, an address, or a phone number. However, many don’t. Moreover, not all internet resources are websites. One would usually need to do extra work using tools like myip.ms or who.is to find registrant info on these resources. These websites make use of a protocol called WHOIS.

WHOIS has been around as long as the internet has been, back when it was still known as ARPANet. It was developed for retrieving information about people and entities on the ARPANET. WHOIS is now used to retrieve information about a wider variety of internet resources and has been used to do so for the past four decades. 

While the current WHOIS protocol, also known as Port 43 WHOIS, has done relatively well in that period, it also had several lapses that needed addressing. Over the years, the Internet Corporation For Assigned Names And Numbers, ICANN, observed these shortcomings and identified the following as the major problems of the WHOIS protocol:

  • Inability to authenticate users
  • Lookup only abilities, no search support
  • No international support
  • No standardised query and response format
  • No standardised way of knowing what server to query
  • Inability to authenticate the server or encrypt data between the client and server.
  • Lack of standardised redirection or reference.

 

To solve these problems, the IETF(Internet Engineering Task Force) created RDAP.

What Is RDAP?

RDAP(Registry Data Access Protocol) is a query and response protocol used to retrieve internet resource registration data from Domain Name Registries and Regional Internet Registries. The IETF designed it to solve all of the issues present in the Port 43 WHOIS protocol. 

One of the main differences between RDAP and Port 43 WHOIS is the provision of a structured and standardised query and response format. RDAP responses are in JSON, a well-known structured data transfer and storage format. This is unlike the WHOIS protocol, whose responses are in text format. 

Though JSON isn’t as readable as text, it is easier to integrate into other services, making it more flexible than WHOIS. Because of this, RDAP can be easily implemented on a website or as a command-line tool.

API Promotion:

Differences Between RDAP And WHOIS

Below are the main differences between the RDAP and WHOIS protocol:

 

Standardized Query And Response: RDAP is a RESTful protocol that allows HTTP requests. This makes it possible to deliver responses that include error codes, user identification, authentication, and access control. It also delivers its response in JSON, as mentioned earlier. 

Differentiated Access To Registration Data: Because RDAP is RESTful, it can be used to specify different access levels for users. For example, anonymous users can be given limited access, while registered users are given full access. 

Support For International Use: The international audience wasn’t considered when WHOIS was built. Because of this, many WHOIS servers and clients used US-ASCII and didn’t consider international support until later. It is up to the application client implementing the WHOIS protocol to perform any translation. RDAP, on the other hand, has international support built into it.

Bootstrap Support: RDAP supports bootstrapping, allowing queries to be redirected to an authoritative server if the relevant data isn’t found on the initial server queried. This makes it possible for broader searches to be performed. WHOIS systems do not have information linked in this manner, limiting the amount of data retrievable from a query. 

Though RDAP was designed to resolve the issues with WHOIS( and perhaps replace it one day), the Internet Corporation For Assigned Names And Numbers only requires gTLD registries and accredited registrars to implement RDAP alongside WHOIS and not completely replace it.

WHOIS vs RDAP

WHOIS vs RDAP

WHOIS vs RDAP What is WHOIS? Most website owners include a means to contact them on their website. It could be an email, an address,

Read More »
API Load Testing With Locust

API Load Testing With Locust

API Load Testing With Locust API Load Testing With Locust: Intro You’ve probably been in this situation before: you write code that does something, an

Read More »
Top OATH API Vulnerabilites

Top OATH API Vulnerabilities

Top OATH API Vulnerabilities Top OATH API Vulnerabilities: Intro When it comes to exploits, APIs are the greatest place to start. API access usually consists

Read More »

Application Security Training Platform | Security Sherpa