Why check domain registration data?
Since January 28, 2025, WHOIS is no longer mandatory for gTLDs. 374 TLDs have already shut it down. By June 2025, RDAP surpassed WHOIS with 65 billion monthly queries. If you still rely on a classic WHOIS tool, you may be missing data for 87% of registered domains.
Three critical use cases:
- Security audit: a domain without
clientTransferProhibitedis vulnerable to hijacking. Check locks, DNSSEC and suspension status in one click. - Phishing investigation: 78% of phishing domains are less than 30 days old. The RDAP creation date instantly flags suspicious domains.
- Expiration monitoring: a partner domain that expires without renewal can disrupt your services. Check the dates before it is too late.
How to use the RDAP lookup in 3 steps
Step 1: Enter the domain
Type the domain name you want to analyze in the search field, for example:
captaindns.com
The tool accepts domains with or without a subdomain. IDN (internationalized domain names) are supported.
Step 2: Run the RDAP query
Click "Search". The tool automatically determines the protocol:
- RDAP: if the TLD is in the IANA bootstrap (100% of gTLDs, roughly 60% of ccTLDs)
- WHOIS: automatic fallback for TLDs without RDAP (.de, .cn, .eu, .ru, .jp)
For thin registries (.com, .net), the tool automatically follows the registrar link to retrieve full data.
Step 3: Analyze the results
You will see:
- ✅ Registrar: name, IANA ID, URL, abuse contact
- ✅ Dates: creation, expiration, last modification, domain age
- ✅ EPP status codes: each status explained with its security impact
- ✅ Nameservers: list of delegated DNS servers
- ✅ DNSSEC: signed or not, with DS records if available
- ✅ Contacts: registrant, admin, tech (if not redacted under GDPR)
- ✅ Diagnostics: security alerts (missing locks, suspension, upcoming expiration)
What is RDAP?
RDAP (Registration Data Access Protocol) is the modern protocol replacing WHOIS for querying domain registration data. Defined by RFC 9082 and RFC 9083, it returns structured JSON data over HTTPS.
Example RDAP query:
GET https://rdap.verisign.com/com/v1/domain/captaindns.com
Accept: application/rdap+json
Advantages of RDAP over WHOIS:
| Aspect | WHOIS | RDAP |
|---|---|---|
| Format | Plain text, varies by server | Structured JSON (RFC 9083) |
| Transport | TCP port 43, unencrypted | HTTPS, encrypted |
| Privacy | All or nothing | Selective redaction (GDPR) |
| Discovery | Server must be known manually | Automatic IANA bootstrap |
| Errors | Free-form text | HTTP status codes + JSON errors |
Key figures (2025):
- January 28, 2025: ICANN ends the WHOIS mandate for gTLDs
- 374 gTLDs have already shut down their WHOIS service
- 65 billion RDAP queries per month (versus 49 billion for WHOIS)
- 87% of registered domains covered by RDAP
- 100% of gTLDs support RDAP (mandatory)
What exactly does the tool analyze?
| Data | Source | Purpose |
|---|---|---|
| Registrar | RDAP/WHOIS | Identify the domain host and abuse contact |
| Creation date | RDAP/WHOIS | Calculate domain age (relevant for reputation) |
| Expiration date | RDAP/WHOIS | Anticipate renewal or detect an abandoned domain |
| EPP status codes | RDAP | Verify active protections (transfer lock, delete lock) |
| Nameservers | RDAP/WHOIS | Confirm DNS delegation |
| DNSSEC | RDAP | Check whether the DNSSEC chain of trust is configured |
| Contacts | RDAP/WHOIS | Identify the registrant (if not redacted under GDPR) |
| Diagnostics | Computed | Security alerts based on EPP codes and data |
EPP status codes: understanding your domain's status
EPP status codes (Extensible Provisioning Protocol, RFC 8056) indicate the state of a domain within the registry. Our tool translates each code into plain language.
Protection codes (severity: good)
| EPP code | Meaning | Impact |
|---|---|---|
| clientTransferProhibited | Transfer blocked by registrar | Protects against domain hijacking |
| clientDeleteProhibited | Deletion blocked by registrar | Protects against accidental deletion |
| clientUpdateProhibited | DNS changes blocked | Prevents unauthorized NS modifications |
| serverTransferProhibited | Transfer blocked by registry | Maximum protection (dispute, etc.) |
Alert codes (severity: critical)
| EPP code | Meaning | Required action |
|---|---|---|
| clientHold | Domain suspended by registrar | Contact the registrar immediately |
| serverHold | Domain suspended by registry | Contact the registry immediately |
| pendingDelete | Deletion in progress | Renew urgently if unintentional |
| redemptionPeriod | Domain deleted, recoverable | Restore via registrar (fees apply) |
Automatic security diagnostics
The tool generates diagnostics based on EPP status codes:
- No transferProhibited present: alert, domain vulnerable to hijacking
- clientHold or serverHold: critical alert, domain cannot resolve
- All locks active: positive status, domain fully protected
Real-world use cases
Case 1: Security audit before DNS migration
Symptom: You are preparing a registrar or nameserver migration for captaindns.com. Without prior verification, you risk triggering an unauthorized transfer or losing DNS delegation.
Diagnosis with the tool:
- Run an RDAP Lookup on your domain
- Verify that transfer locks are active (
clientTransferProhibited) - Note the current nameservers and expiration date
Action: Temporarily disable the transfer lock, complete the migration, then re-enable protections. Check DNS propagation after the migration.
Case 2: Suspicious domain (phishing or spam)
Symptom: You receive phishing emails from an unknown domain. Before clicking anything, you want to verify its legitimacy.
Diagnosis with the tool:
- Run an RDAP Lookup on the suspicious domain
- Check the creation date: a domain created less than 30 days ago is highly suspect
- Note the registrar and abuse contact to report the domain
Action: Report to the registrar via the abuse email shown in the results. Cross-reference with the Phishing URL Checker for a complete analysis.
Case 3: Checking a partner domain's expiration
Symptom: A business partner uses a specific domain for your exchanges. You want to confirm it will not expire unexpectedly.
Diagnosis with the tool:
- Run an RDAP Lookup on the partner's domain
- Check the expiration date and remaining days
- Verify that DNSSEC is configured for secure DNS exchanges
Action: If the domain expires within 90 days, alert your partner. Also check the overall DNS health of the domain.
Case 4: DNSSEC verification before DANE deployment
Symptom: You are deploying DANE/TLSA to secure SMTP connections to your domain. DANE requires DNSSEC to be active.
Diagnosis with the tool:
- Run an RDAP Lookup on your domain
- Verify that the DNSSEC section shows "signed" with DS records
- If DNSSEC is not active, DANE deployment will fail silently
Action: Enable DNSSEC with your registrar, then validate with the DNSSEC check before publishing your TLSA records.
❓ FAQ - Frequently asked questions
Q: What is RDAP and how does it differ from WHOIS?
A: RDAP replaced WHOIS in January 2025. It returns structured JSON over HTTPS, where WHOIS returns plain text over TCP port 43. Concrete advantages: uniform format (one parser instead of one per registrar), selective GDPR redaction, and automatic server discovery via the IANA bootstrap. 374 gTLDs have already shut down WHOIS. RDAP handles 65 billion monthly queries.
Q: How can I find out who owns a domain name?
A: Enter the domain in our RDAP Lookup tool. If contact data is not redacted under GDPR, you will see the registrant name, organization and contact details. In all cases, the registrar and technical data (nameservers, dates, EPP) remain visible.
Q: How do I check a domain's expiration date?
A: Our RDAP Lookup displays the creation, expiration and last modification dates. The tool also calculates the domain age and days until expiration for quick reference.
Q: What are EPP status codes?
A: EPP (Extensible Provisioning Protocol) status codes indicate the state of a domain within the registry. For example, clientTransferProhibited prevents unauthorized transfers, serverHold means the domain is suspended. Our tool translates each code into plain language with security implications and recommended actions.
Q: Is WHOIS data still visible after GDPR?
A: Since GDPR took effect in 2018, personal data of registrants is redacted by default for European domains and most gTLDs. Technical data remains visible: registrar, dates, nameservers, EPP status, DNSSEC. RDAP natively handles selective redaction.
Q: Why does the tool show "WHOIS protocol" instead of RDAP?
A: Some TLDs (such as .de, .cn, .eu, .ru, .jp) do not yet have an RDAP server in the IANA bootstrap. The tool falls back to WHOIS port 43 automatically. Results are normalized into the same format.
Q: My domain shows "pendingDelete", what should I do?
A: Urgent: pendingDelete means your domain will be deleted within 30 days. Contact your registrar immediately to request a restoration (redemption). Typical fees: 80 to 200 EUR. After this deadline, the domain enters final pendingDelete and becomes available for anyone to register.
Complementary tools
| Tool | Purpose |
|---|---|
| DNS Lookup | Query a domain's DNS records (A, AAAA, MX, TXT, NS) |
| DNSSEC check | Validate the complete DNSSEC chain of trust for a domain |
| Domain DNS audit | Check overall DNS health (MX, SPF, DKIM, DMARC, DNSSEC) |
| WHOIS IP | Query registration data for an IP address |
| DNS propagation | Check worldwide DNS record propagation |
| Domain blacklist | Check if a domain is on a blacklist |
Useful resources
- RFC 9082: Registration Data Access Protocol (RDAP) Query Format (RDAP query specification)
- RFC 9083: JSON Responses for RDAP (RDAP JSON response format)
- RFC 9224: Finding the Authoritative RDAP Service (IANA bootstrap mechanism)
- RFC 8056: EPP Status Codes (EPP status codes)
- IANA RDAP Bootstrap (current DNS bootstrap file)
- ICANN RDAP Technical Implementation Guide (official implementation guide)