Technical Guides

WHOIS is the legacy protocol for querying domain registration data using plain text over port 43. RDAP (Registration Data Access Protocol) is the modern replacement using RESTful APIs with JSON responses. RDAP provides better internationalization, authentication, consistent formatting, and GDPR-compliant data access. Most registries now support both, but RDAP is the future standard.

Query RDAP by making HTTPS GET requests to the appropriate registry's RDAP server. For .com domains, use https://rdap.verisign.com/com/v1/domain/example.com. The response is JSON with standardized fields. Most registries publish their RDAP base URL in the IANA RDAP Bootstrap Service Registry. Libraries exist for most programming languages to simplify RDAP queries.

EPP (Extensible Provisioning Protocol) status codes indicate a domain's state. Common codes include: clientTransferProhibited (transfer locked), serverHold (registry suspended domain), pendingDelete (domain deletion in progress), and ok (no restrictions). Multiple status codes can apply simultaneously. Understanding these codes is essential for automation and troubleshooting.

Use the IANA RDAP Bootstrap Service at https://data.iana.org/rdap/dns.json which maps all TLDs to their RDAP servers. For dynamic lookups, query this bootstrap file programmatically, find your TLD in the services array, and use the corresponding RDAP base URL. Most RDAP libraries handle bootstrap lookups automatically.

Essential DNS record types: A records (map domain to IPv4 address), AAAA records (IPv6 address), CNAME records (domain aliases), MX records (mail servers with priority), TXT records (text data, often for verification or SPF), NS records (nameserver delegation), and SOA records (zone authority information). Each serves a specific purpose in DNS infrastructure.

DNS resolution is recursive: your device queries a recursive resolver (typically your ISP's), which queries the root nameservers for the TLD nameservers, then queries TLD nameservers for the authoritative nameservers, then queries authoritative nameservers for the actual record. Results are cached at each level. The entire process usually completes in milliseconds due to aggressive caching.

Thin WHOIS registries (.com, .net) store only registrar and nameserver data; registrars store contact details. Thick WHOIS registries (.org, most new gTLDs) store complete registration data including contacts. This affects data availability—thick registries provide complete data in one query, while thin registries require querying both registry and registrar WHOIS servers.

Build monitoring by periodically querying RDAP/WHOIS data and comparing to previous states. Monitor for: nameserver changes, expiration date changes, status code updates, and registrar transfers. Store historical data in a database, hash records for change detection, and trigger alerts via email/webhook when changes occur. Respect rate limits—most registries allow 1-2 queries per second.

DNSSEC (DNS Security Extensions) uses cryptographic signatures to verify DNS responses haven't been tampered with. The registry signs DNS records with private keys; resolvers verify signatures with public keys in the chain of trust from root to TLD to domain. DNSSEC prevents DNS spoofing and cache poisoning attacks but requires proper key management and adds complexity to DNS operations.

Domain creation date shows original registration via WHOIS/RDAP creationDate field. However, this resets on certain transfers between registrars, so it's not always accurate for domain age. For investment research, cross-reference with Internet Archive (archive.org) snapshots to verify actual usage history. Registry creation dates are more reliable than registrar-level dates.