DNS Fundamentals
WHOIS vs RDAP vs DNS: What Each One Actually Tells You
9 min read · Updated 2026-06-19
Three different systems sit behind every domain name, and they answer three different questions. DNS tells you how a domain works — where it points and which servers handle its web, email, and other traffic. WHOIS and RDAP tell you about the domain's registration — who registered it, when, through which registrar, its status, and when it expires.
People reach for "WHOIS" as shorthand for all three, but the distinctions matter when you're trying to actually answer a question. This guide explains what each one is, lays them out side by side, shows where they overlap, and tells you which to use for a given problem — all of which you can run on who.is.
The core distinction: how it works vs who registered it
The single most useful idea here is the split between operation and registration.
- DNS = how the domain works. DNS holds the live records that route traffic:
AandAAAArecords (where the site's IP is),MXrecords (which servers receive its email),NSrecords (its nameservers),TXTrecords (SPF, DKIM, DMARC, verification), and more. If a page won't load or email is bouncing, the answer is almost always in DNS. See What is DNS? for the full picture. - WHOIS and RDAP = the domain's registration. These return the metadata recorded when the domain was registered and maintained since: the registrant (where it isn't redacted), the registrar, the registry, creation and expiry dates, domain status codes, and the nameservers on file. They describe the contract and ownership behind the name, not the live services it runs.
A domain can be registered and have a perfectly clean WHOIS record while its DNS points nowhere and the site is down — and vice versa. They are independent layers.
What WHOIS is
WHOIS is the long-standing protocol for looking up domain registration data. Classic WHOIS runs over port 43 and returns a block of plain text meant to be read by a human.
That design is its main weakness today. The output is human-readable but unstructured, and the exact field names, ordering, and formatting vary from one registry or registrar to the next — so parsing it reliably across TLDs is genuinely hard. Since the GDPR took effect in 2018, much of the contact data that WHOIS once exposed (registrant name, email, address, phone) is now commonly redacted or replaced with privacy-service placeholders. WHOIS is still widely used and useful, but it was never built for machines or for modern privacy expectations.
What RDAP is
RDAP — the Registration Data Access Protocol — is the modern successor to WHOIS, backed by the IETF and ICANN. It answers the same registration questions, but it fixes WHOIS's structural problems:
- HTTPS + JSON. RDAP runs over standard HTTPS and returns structured JSON instead of free-form text, so responses are consistent and easy for software to parse.
- Standardized format. The same field names and shapes apply across registries, so a tool doesn't need a custom parser per TLD.
- Differentiated and authenticated access. RDAP can return different levels of detail depending on who is asking, which supports tiered access to data that's otherwise redacted for the public.
- Internationalization. It properly supports non-ASCII data and standardized status values.
ICANN has been transitioning gTLD registration lookups from WHOIS to RDAP, and RDAP is now the system of record for many gTLDs. WHOIS hasn't vanished, and you'll still encounter it widely — but for new and structured work, RDAP is where things are headed. You can run an RDAP query on who.is RDAP.
Side by side: DNS vs WHOIS vs RDAP
The clearest way to keep these straight is to compare them directly:
| DNS | WHOIS | RDAP | |
|---|---|---|---|
| What it answers | How the domain works — where it points and which servers handle its traffic | Who registered the domain and when | Who registered the domain and when (same questions as WHOIS) |
| Transport / format | DNS protocol (UDP/TCP port 53); structured records | Port 43; plain, free-form text | HTTPS; structured JSON |
| Who runs it | Authoritative nameservers run by the domain's DNS operator | Registries and registrars | Registries and registrars |
| Structured? | Yes — defined record types | No — varies by provider | Yes — standardized JSON |
| Typical fields | A, AAAA, MX, NS, TXT, CNAME, SOA, … | Registrant (often redacted), registrar, registry, created/expiry dates, status, nameservers | Same registration fields, in consistent JSON, with status values and event dates |
In short: DNS and the registration protocols answer fundamentally different questions, while WHOIS and RDAP answer the same question in two different formats — old plaintext vs modern JSON.
What each one cannot tell you
Knowing the limits saves you from looking in the wrong place:
- DNS can't tell you who owns the domain. DNS records route traffic; they carry no registrant identity, no registrar, no purchase or expiry date. A clean set of DNS records says nothing about who controls the registration.
- WHOIS and RDAP can't tell you whether the site is up. Registration data doesn't include live
AorMXrecords, and it won't tell you why a page won't load or email is bouncing. The nameservers listed there are the ones on file at the registrar — useful, but not a live read of what those servers are actually serving right now.
If you find yourself debugging mail flow from a WHOIS record, or trying to learn ownership from DNS, you're using the wrong tool for the question.
How they connect: nameservers are the bridge
The two layers aren't entirely separate — they meet at the nameservers. When a domain is registered, the registrar passes the domain's nameservers up to the registry, which publishes them as the delegation in the parent zone. That delegation is what bootstraps DNS: it's how the rest of the internet knows which servers to ask for the domain's records.
Because of that, nameservers appear in both worlds — listed in the registration record (WHOIS/RDAP) and again as NS records in DNS. They should match. When they don't, it's often the first sign a nameserver change is half-finished. For the full mechanics, see Nameservers and NS records, or run a nameserver lookup on who.is.
Why registration data is often redacted now
If you look up a domain and the registrant's name and contact details are missing or replaced with placeholders, that's expected. Since the GDPR (2018), and through registrar-provided privacy services, much of the personal contact data that WHOIS historically exposed is now withheld from public view to protect individuals. RDAP's tiered/authenticated access exists partly to handle this — letting some data be returned to authorized parties while staying redacted for the general public.
It's worth being clear about who's showing you this: who.is is a viewer of public registry and registrar data — it is not the registrar and does not own or create the underlying records. What you see reflects what the registry and registrar publish; redactions are theirs, and who.is simply displays the public record as it exists.
Which one to use for a given question
Match the tool to the question:
- "Who registered this domain?" → WHOIS or RDAP (subject to redaction).
- "When does it expire / when was it created?" → WHOIS or RDAP.
- "Which registrar holds it? What's its status?" → WHOIS or RDAP.
- "Where does this domain point / why won't the site load?" → DNS (check
A/AAAA/CNAME). - "Why is email failing?" → DNS (check
MX, and SPF/DKIM/DMARC inTXT). - "What nameservers is it using?" → either side; cross-check the registration record against live
NSrecords.
As a rule of thumb: ownership and dates → WHOIS/RDAP; behavior and routing → DNS.
Running all three on who.is
You don't have to choose a single view. who.is lets you run each system from the same domain:
- WHOIS lookup — the classic registration record for a domain.
- RDAP lookup — the modern, structured version of the same registration data.
- DNS lookup — the live records showing how the domain actually resolves.
For most investigations, the fast path is to check the registration side first to confirm the domain exists and is active, then check DNS to see what it's actually doing. Together they give you both halves of the story.
A note on IP addresses
WHOIS and RDAP aren't just for domain names — there are parallel systems for IP addresses. Instead of registries and registrars, IP registration data is held by the Regional Internet Registries (such as ARIN, RIPE, and APNIC), and you query it to find out which organization an IP block is allocated to, its network range, and its abuse contact.
If your question is about an address rather than a name — "who runs this IP?" — use the IP WHOIS / RDAP lookup on who.is. The same WHOIS-vs-RDAP distinction applies: plaintext legacy WHOIS versus structured RDAP, just for the numbering system instead of the naming system.
Key takeaways
- DNS tells you how a domain works (where it points: A, AAAA, MX, NS, TXT); WHOIS and RDAP tell you about its registration (registrant, registrar, dates, status, nameservers).
- WHOIS is the legacy port-43 plaintext protocol — human-readable but unstructured and inconsistent across providers, and heavily redacted since GDPR (2018).
- RDAP is the modern successor: HTTPS + JSON, standardized and structured, with tiered/authenticated access and internationalization; ICANN is transitioning gTLD lookups to it.
- Nameservers appear in both worlds — in the registration record and as NS records in DNS — which is the bridge that bootstraps DNS from the registry delegation.
- Use WHOIS/RDAP for ownership and expiry; use DNS for routing and "why is it broken" questions. Neither side answers the other side’s question.
- who.is is a viewer of public registry and registrar data, not a registrar — it displays the public record, including any redactions, and does not own the data.
Run a WHOIS or RDAP lookup
Look up the registration record for any domain on who.is — WHOIS and modern RDAP, plus live DNS.
Frequently asked questions
What's the difference between WHOIS and DNS?▾
They answer different questions. DNS shows how a domain works — its live records that route web and email traffic (A, AAAA, MX, NS, TXT, and so on). WHOIS shows the domain's registration — who registered it, through which registrar, when it was created, when it expires, and its status. A domain can have a clean WHOIS record while its DNS points nowhere, and vice versa.
Is RDAP replacing WHOIS?▾
RDAP is the IETF/ICANN-backed successor to WHOIS, and ICANN has been transitioning gTLD registration lookups from WHOIS to RDAP — for many gTLDs, RDAP is now the system of record. That said, WHOIS hasn't disappeared and you'll still find it widely in use. The practical takeaway: they return the same registration data, but RDAP does it as structured JSON over HTTPS rather than free-form text over port 43.
Why is the registrant's name hidden or redacted?▾
Since the GDPR took effect in 2018, and through registrar privacy services, much of the personal contact data that WHOIS once exposed — registrant name, email, address, phone — is now withheld from public view to protect individuals. You'll often see placeholder values or "REDACTED FOR PRIVACY" in its place. RDAP's tiered/authenticated access is partly designed to handle this, returning more detail to authorized parties while keeping it redacted for the general public.
Does who.is own this data?▾
No. who.is is a viewer of public registry and registrar data — it is not the registrar and does not own or create the records. What you see reflects what the registries and registrars publish; any redactions are theirs. who.is simply presents the public registration record, alongside live DNS, so you can read it in one place.
Which should I use to find out who owns a domain?▾
Use WHOIS or RDAP — those carry the registration data, including the registrant (where it isn't redacted), the registrar, and the registry. DNS won't tell you ownership at all. Run a WHOIS lookup or RDAP lookup on who.is; bear in mind that since GDPR, the registrant details are often redacted for privacy.
How do I find out where a domain points or why its email is failing?▾
That's a DNS question, not a registration one. For "where does it point," check the A/AAAA (and CNAME) records; for email problems, check the MX records and the SPF/DKIM/DMARC entries in TXT. Run a DNS lookup on who.is to see the live records. WHOIS and RDAP won't show any of this.