Launching RDAP; sunsetting WHOIS
354 comments
·March 17, 2025hughesey
tephra
I think RDAP is going to be adopted by more and more ccTLDs as well. WHOIS is not a particularly well liked protocol (I was at an IETF meeting where ICANN did a presentation on the timeline and people were literally cheering for the demise of WHOIS).
Disclosure: Work in the ccTLD space.
hughesey
100% agree that there will be more ccTLD operators that will implement RDAP. The sooner we're on a consistent protocol the better!
dubbel
Self-plug: I run a little mastodon/activity pub bot that monitors DNS RDAP adoption according to the official bootstrap file: https://social.haukeluebbers.de/@stateofrdap
Last post from yesterday:
> As of today 82.25% (1187) of all 1443 Top Level Domains have an authoritative RDAP service declared.
> These TLDs were added:
> .ye
jbverschoor
It's funny to see that a lot of services are finally moving from a human-readable / plain text format towards structured protocols right at the point where we can finally have LLMS parse the unstructured protocols :-)
ajnin
Well you can't really trust an LLM to give you reproducible output every time, you can't even trust it to be faithful to the input data, so that's nice to have a standard format now. And for like a millionth of the computing resources to parse it. Also Whois was barely human-readable, with the fields all over the place, missing or different from one registry to the other. A welcome change that should have come really sooner.
vrighter
we can't ever have LLMs reliably parse any form of data. You know what can parse it perfectly though? A parser. Which works perfectly, and consistently.
derefr
Except that the whole problem of WHOIS, that RDAP is solving, is that a WHOIS response an unstructured plaintext response, that's entirely arbitrarily formatted according to the whims of the TLD manager.
Ever tried to parse WHOIS data? You literally have to write a parser per TLD.
And things get even more stupid when you start talking about WHOIS records for IP ranges. Then you have to write a parser per IP-range delegation — starting at IANA, and working recursively, all the way down to the individual ASN. Where you have no idea how many delegating parties are going to be involved — and so get their own step in the chain, formatted however they wish — for any given IP address. (Ask me how I know.)
robotresearcher
> Which works perfectly
... on conformant inputs, when it has no bugs.
TeMPOraL
Of course we can. Reliability is a spectrum, not a binary state. You can push it up however high you like, and stop somewhere between "we don't care about error rate this low" and "error rate is so low it's unlikely to show in practice".
It's not like this is a new concept. There are plenty of algorithms we've been using for decades that are only statistically correct. A perfect example of this is efficient primality testing, which is probabilistic in nature[0], but you can easily make the probability of error as small as "unlikely to happen before heat death of the universe".
--
[0] - https://en.wikipedia.org/wiki/Primality_test#Probabilistic_t...
_ache_
If you job is to be a referent, to have authority. You absolutely don't want to make any error. Pretty safe isn't enough, you need to be absolutely sure that you control the output.
You only have one job, don't delegate authority.
francislavoie
But isn't using LLM for that really expensive? Seems wasteful.
adrianmonk
I wouldn't use LLMs, but if I did, I would try to get the LLM to write parser code instead.
If it can convert from one format to another, then it can generate test cases for the parser. Then hopefully it can use those to iterate on parser code until it passes the tests.
In a sense, asking it to automate the work isn't as straightforward as asking it to do the work. But if the approach does pan out, it might be easier overall since it's probably easier to deploy generated code to production (than deploying LLMs).
genewitch
My desktop GPU can run small models at 185 tokens a second. Larger models with speculative decoding: 50t/s. With a small, finetuned model as the draft model, no, this won't take much power at all to run inference.
Training, sure, but that's buy once cry once.
Whether this means it's a good idea, I don't think so, but the energy usage for parsing isn't why.
genmon
My assumption is that models are getting cheaper, fast. So you can build now with OpenAI/Anthropic/etc and swap it out for a local or hosted model in a year.
This doesn't work for all use cases but data extraction is pretty safe. Treat it like a database query -- a slow but high availability and relatively cheap call.
permo-w
deepseek API costs are quite literally pennies per million tokens
RealStickman_
Off topic thank you for runnig viewdns.info. I don't use it regularly, mainly for the occasional WHOIS information lookup and it has always worked perfectly.
hughesey
Thanks for the kind words and glad it's been useful :).
tecleandor
It's kind of funny some operators have never had it in practice. For example, .es never had a public whois, and need to register with a national ID (and I think with a fixed IP address) to get access to it.
berkes
That need for a national ID hasn't been in place for a long time, AFAIK.
I have a .es (my nickname berkes, domain berk.es) for almost 16 years now, and live in the EU, but not in Spain. In the beginning I used a small company that offered services for non-spanish companies to register .es through them (I believe they technically owned the domains?). But today it's just in my local domain registrar without need for an ID.
That .es has no whois has struck me as somewhat of a benefit actually. Back in the days, it kept away a lot of spam from spammers that'd just lift email-addresses off the whois. My .com, .nl and other domains recieve(d) significant more such spam. Let alone phone-number and other personal details delivered over an efficient, decentralized network. Though recent privacy addons(?) have mitigated that a little.
tecleandor
I meant for accessing the whois, not for registering. If you try any type of WHOIS request you'll be replied with a message sending you to nic.es site, where you'll be presented with a captcha if you try to get information about a registered domain.
It's not very well documented, but you can register at a government site using a national ID and they'll open WHOIS access for a fixed IP address, for a maximum of 10 queries a minute. [0]
Context for any of you not used to the .es ccTLDs: Until some years ago, and simplifying a bit, if you wanted to register a .es TLD you had to be an Spanish national or company, and be the legal holder of the domain name you wanted to register (or your name and surnames).
--
0: https://sede.red.gob.es/es/procedimientos/solicitud-de-acceso-servicio-de-whois-por-el-puerto-43belorn
Usually, the need to use an ID is only for private persons (and usually only if they are nationals). Anyone else should not need that. The general theory is that a nation can only verify data that they themselves have.
Some ccTLD's have rules against registrations by people not located within the country that owns the ccTLD, in which case a valid national id or organization number would be required. From what I can see, .es does not have that requirement.
tecleandor
Se my other comment [0] but I meant for accessing the WHOIS service, not for registering. If you try any type of WHOIS request you'll be replied with a message sending you to nic.es site, where you'll be presented with a captcha if you try to get information about a registered domain.
--
0: https://news.ycombinator.com/item?id=43392356reaperducer
For example, .es never had a public whois, and need to register with a national ID (and I think with a fixed IP address) to get access to it.
Is this new? I had an .es domain around 2011, and am not Spanish, or even European.
tecleandor
Se my other comment [0] but I meant for accessing the WHOIS service, not for registering. If you try any type of WHOIS request you'll be replied with a message sending you to nic.es site, where you'll be presented with a captcha if you try to get information about a registered domain.
--
0: https://news.ycombinator.com/item?id=43392356account42
You don't need WHOIS to register a domain.
spurgu
Hey, I've been looking for a tool that can do reverse NS lookup for a nameserver pairs (ie. which domains have nameservers ns1.example.com and ns2.example.com) but all the services out there that I've found can only do one. Is this something you would consider implementing?
notRobot
Thank you so much for running your service. I've used it for years, and LOVE how functional and useful it is!
transcriptase
The concept of WHOIS has felt sleazy for many years.
If I register a domain, the registrar will basically extort me a couple extra dollars per year for “domain privacy” for the privilege of not having my name, home address, phone number, and email publicly available and then mirrored across thousands of shady scraped content sites in perpetuity. Even If you don’t care about that, then begins the never ending emails texts and calls begin from sleazy outfits who want to sell you related domains, do SEO for you, revamp your site, schedule a call, or just fill your spam box up with legitimate scams and bootleg pharma trash.
All because you wanted a $10/year dot com without paying the bribe.
And yes I grew up leafing through well worn phone books next to corded phones. This is not comparable.
Tarball10
This is about sunsetting the WHOIS protocol in favor of RDAP, not doing away with domain owner registration data.
anthropodie
It's crazy how many people just read the headline and choose to comment or upvote these links.
Also, why the title is not same as the article? It makes no sense.
jader201
To be fair, OP never said this was necessarily related directly to the article.
I’ll often post loosely related tangents like this because I would enjoy discussing the tangent with the HN crowd, but there’s often not a better opportunity to discuss it, so why not while we’re sort of on the topic anyway.
Ack that I don’t think it makes sense to discuss not even remotely related topics. But as long as it’s in the ballpark and it’s not going against other guidelines and leads to interesting discussion, I think it’s fine.
mattl
The site tweaks some words out of titles
vachina
I can’t downvote. Not sure about others.
raldi
From the link:
RDAP offers several advantages over WHOIS including [...] the ability to provide differentiated access to registration data.
kelnos
In other words, it provides the ability to monetize and extract more money from people. Like we need more of that...
whalesalad
Tangentially - RDAP was created partially to resolve issues with PII in WHOIS
jsheard
That was a common racket a long time ago, but pretty much every widely recommended registrar offers free whois privacy now. At least when they're allowed to, some TLDs forbid obfuscating the whois information.
mrbluecoat
For example, *.us domain registrars aren't allowed to privacy protect your domain: https://www.reddit.com/r/webdev/comments/101qjbq/wow_never_b...
airstrike
a little less than a year ago, my wife registered a .us domain that she ended up not using at all. she still gets phone calls nearly daily from people trying to sell her web design/dev work
wtmt
Same with registry.in in India (for .in domains), where WHOIS privacy is not allowed as per the terms and conditions. [1]
[1]: https://www.registry.in/system/files/Terms_and_Conditions_fo...
throwaway150
Wow! These policies are like 30 years behind. Exposing your phone number and address on WHOIS makes absolutely no sense in this day and age!
dicknuckle
I don't understand why people aren't using fake addresses for registering domains. I've had a few registered to 1001 Main St in my local town and a made up phone number for over 10 years now with no issue. Main Street will never be over 40 addresses for the foreseeable future and I can just update the record if need be.
danielscrubs
So .us is more trustworthy than .com. Good to know.
Im one of those that think that developers are hiding too much, which makes things like vs code extension viruses rampant.
I wont force you to not be anonymous, but if you are going to run your software on my device I want some accountability. Our salaries should also reflect that.
Im sure that this will be unpopular though.
ForOldHack
"E-ZPass Outstanding Toll Notification
Dear User,Our system has identified an unpaid toll charge linked to your vehicle. To avoid additional fees or service disruptions, please settle this matter within 12 hours.
https://e-zpass.org-qrh.xin/indexshtml"
Best of luck trying to get an unknown Chinese registrar to stop their spam. My carrier does not even have a clue. My routers now block anything *.Xin. Anything and everything.
ForOldHack
Apparently, Xin has not learned about hiding info: bj#xinnet.com (Change the # to an @ ). Some how someone lists it as "Elegant Leader Limited"
re-thc
> but pretty much every widely recommended registrar offers free whois privacy now
If you go by the book e.g. Cloudflare not every field (e.g. state and country) is hidden. So not exactly.
kelnos
> The concept of WHOIS has felt sleazy for many years.
More recently, yes. But the original (perhaps naive) goal was to keep domain owners accountable for whatever they were serving from hosts under their domains. That seems reasonable, at least on a more "polite" internet, where things weren't scraped and monetized and SEO'd into garbage.
belorn
The general purpose of publicly accessible registrant data is that people should be able to contact the owner of the domain in case of an issue, rather than the registry or registrar. "domain privacy" is simply the registrar putting themselves as the domain contact and becoming a forwarding service to you.
For large companies, and registrants under those ccTLD's that require local presence, it not uncommon that a legal firm acts like a proxy for the domain owner. This is a service that they take a few dollars for, and is in many ways similar to domain privacy.
The requirement of having the registrant as the contact person for a domain is something that (to my knowledge) comes from ICANN, and I think it has a positive effect. A domain should be owned and controlled by the registrant and not the registrar, which is then reflected in the contact information. In an alternate history we could see that the registrar (or even registry) owned the domain and only leased it to the registrant, in which case the registrant's power would be limited to other online services that people "buy" today.
october8140
You’re just using bad registrars.
CursedSilicon
Porkbun only came out in 2014
Two decades late on a problem
nextts
Oh the good ol days. $10/m for slow PHP shared hosting and $150 for an SSL certificate too.
doublepg23
I've never had to pay Namecheap extra for WHOIS protection.
renewiltord
They always list it in the line items and in the renewal but whatever. In fact, it looks like I forgot to turn on auto-renew on their domain privacy product so it's sitting there in the 'grace' period. They work as a registrar so I use it.
TZubiri
It used to be more common back then
billpg
I was going to buy a domain back in my student days, but I stopped when I realised I didn't have a phone number. I used the public phone-box on the corner whenever I needed to actually call anyone. It was a little annoying to have to register a phone number when I didn't actually want anyone to call me.
inetknght
> The concept of WHOIS has felt sleazy for many years.
The concept of most internet things has felt sleazy for many years. Right around the time that businesses started monetizing the internet is when that feeling really kicked off tbqh
brown
RDAP replaces WHOIS, offering a more technologically advanced way to discover the domain is protected by privacy services.
jeroenhd
Domain whois is useless, but IP whois is at least kind of useful to check before blanket banning entire IP ranges.
grendelt
Interestingly, when discussing WHOIS with my networking students, I discovered .edu WHOIS is not (cannot?) hidden. I suppose EDUCAUSE either requires WHOIS to remain open or they do not offer information hiding.
Doing some WHOIS lookups, we found a point of contact at a university, called the network admin said hello and launched into an impromptu network admin interview. It was cool stuff. I emailed him later in the day to apologize to and thank him for being a good sport about the whole thing. He (fortunately) found it all rather enjoyable.
kelnos
Some other TLDs, like .us and .in, also forbid WHOIS privacy. TLD owners are free to set whatever policy they want around this. Perhaps .edu does the same.
homebrewer
It's useful for checking if a domain name is taken without doing that through a registrar, which is both less convenient, and (in case of shitty registrars) can be sold to domain speculators.
eXpl0it3r
Depends what endpoint you hit, the look up data will likely be sold regardless.
whalesalad
whois/rdap is very useful to identify if a domain is registered or not, and if so with whom. still lots of use there without pii data.
nine_k
Both give you a way to find out the domain's registrar, registration date, transfer status, and administrative contacts like abuse@. Nameserver data can also be somehow useful.
Otherwise, what did you expect the registrar to divulge to you, a random passer-by?
HeatrayEnjoyer
As a random passer-by I can look up the registered ownership of any building on the street.
skissane
As an Australian, I can look up the ownership of random properties in the US for free. But if I want to do the same for a building on my own street, I have to pay a US$11 fee per a property searched.
The US has a reputation of being a hypercapitalist society, yet they seem to be behind Australia in the descent into hypercapitalism by not (yet) privatising the registration of land titles. [0]
[0] https://www.abc.net.au/news/2017-04-12/$2.6-billion-price-ta...
TZubiri
I get the joke, but whois is super valuable for abuse report contact and for registrar and even ip block info!
Huge protocol for cybersecurity
gkoberger
Wow. I never noticed how much how I used the internet changed. I haven’t done a WHOIS in a decade.
When I started using the internet, it’s how I contacted people. If I liked their site or their blog, I’d check who was behind it and get an email address I could contact.
Now… humans don’t really own domains anymore. Content is so centralized. I obviously noticed this shift, but I had forgotten how I used to be able to interact with the internet.
icameron
And after you emailed them you could finger their address and see when they last checked their email, and their unread message count usually.
giancarlostoro
I had no idea this was a thing for email... Wow.
sedatk
Not just that. People had ".plan" files that could be viewed with finger, and they would post updates there. I specifically remember John Carmack sharing daily news and updates on his account. It was the first form of "Twitter" back in the 90's.
layer8
Only for Unix accounts.
tombert
I think in most ways it's better, it makes the web more approachable to less technical users, making it less gate-keepey, but I also kind of miss the loosely-coupled cluster of web pages from the late-90's and early 2000's web.
Stuff felt less homogeneous; everyone had kind of a loose understanding of HTML, and people would customize their pages in horrendously wonderful ways. It felt more personal.
jfengel
So many tech people have a fondness for that time. To me, it was a very narrow slice of the human experience. Today I can find sites and communities on any subject I can conceive and billions more that I cannot.
And personally I found it more horrendously ugly than horrendously wonderful. But that's just my opinion.
tombert
Yeah, as I said in most way things are better now than they were in the rose-tinted memories of the late 90's and early 2000's. Now if you want to say something on the internet, you can open up a Substack, or a Bluesky, or a Medium, or you can find a niche Subreddit. You don't need to know anything very technical, and that's a good thing.
I'll acknowledge that the old web was ugly, even at the time. I guess I just liked how much of it was, for lack of a better word, "custom". Most people were pretty bad at HTML, common web standards really hadn't caught out outside of "make it work in Internet Explorer", and CSS really hadn't caught on, so people glued together websites the best that they could.
Most websites looked pretty bad, but they were genuine. They didn't feel like some corporation built them, they felt like they were made by actual humans, and a lot of the time, actual children. I was one of those children.
I posted about this a week ago [1], but my first foray into programming was making crappy websites. It felt cool to me that a nine year old could make and publish a website, just like the grownups could. I didn't know anything about style so I had bright green backgrounds and used marquee tags and blink tags and I believe I had a midi of the X-files theme song playing in the background.
I guess it's the same sentimentality that I have when I look at a child's terrible drawing or reading one of my old terrible essays I wrote when I was eleven years old that my mom kept around. They're bad, they're embarrassing, but they're also kind of charming.
Aachen
> I think in most ways it's better, it makes the web more approachable to less technical users
There's a big gap between looking up someone's contact info using a protocol that many tools and websites implement (anyone can open www.who.is from search results) and the second example of needing an understanding of HTML to make a webpage. I don't think it's gatekeepey to be able to email the human behind a given website, whereas the current internet is full of walled gardens, gatekeepers, and faceless/supportless services (thinking of Discord, Cloudflare, and Google as respective examples)
We can have both human-run services and WYSIWYG website builders on the internet concurrently
_ink_
Less gate keepey? Big Tech is literally the gatekeeper. Want to see a story without account? Too bad. What to see what events are going on without Facebook account? Too bad. Want to search discord or twitter. Too bad. Big Tech sucks in all user content and then hides it behind paywalls.
graemep
This was exactly my reaction.
I think a lot of people fail to appreciate that the alternative to big tech taking over was not keeping things exactly the same as they were 20 or 30 years ago, but developing in a different direction.
It was the direction in which people expected things to develop: decentralised and democratised. There was a lot of optimism about empowering individuals.
xeckr
My only nitpick is that humans still own domains, but I agree with the overall sentiment and thank you for sharing this perspective.
It is fascinating to consider how our experience with the internet is changing over time.
Remember phreaking? Having been born in the Netscape era, I certainly don't, but I can imagine that losing the ability to pull that trick off must have felt like a loss to those who were initiated in the art.
Thankfully the trend appears to be that new technologies and thus new 1337 h4x are still forthcoming.
dkh
I sometimes use whois multiple times in a day lol.
Should it exist? Maybe not, probably not, but that doesn't stop me from using it when I want to try to do some sleuthing. Most of the time though it doesn't work because they have privacy enabled.
I did get screwed once with certain TLDs not being able to enable privacy. I had registered a .at domain to use with a video site I had that at the time was reasonably popular and going viral fairly regularly. I hadn't realized beforehand that privacy wasn't possible, but once I learned, I didn't love it, but I wasn't sure if it would matter that much. I was wrong. I was getting calls and emails regularly from random people on the internet who found our content on reddit or whatever and decided to do some sleuthing
bdcravens
I use it primarily to lookup info on an IP address.
pavel_lishin
> Now… humans don’t really own domains anymore.
Even when they do, it's generally a smart idea to anonymize the whois information.
You might be looking up my domain to make a buddy, but someone else might be looking up my domain to SWAT me.
neom
Although shit did happen back in the day. Someone show up at the house of the DeviantART CEO in like... I wanna say like, mmm.. 2007? and slashed his tires etc. WhoIs was only cool in the 90s.
flowerthoughts
I did a Whois last week to prove to my previous registrar that I'm no longer with them, and that the invoice they sent was invalid. Unexpected use-case, but useful.
0x6c6f6c
On the other hand, I did a WHOIS days ago to check up on a potential scam site my partner landed on while working on an e-commerce platform. I hope some alternative exists, people using Let's Encrypt leaves an entry in the transparency log but people don't necessarily need to use that. I haven't researched the alternatives to WHOIS yet but now I'll have to.
areyourllySorry
did you find anything useful?
imoreno
The article is titled:
> ICANN Update: Launching RDAP; Sunsetting WHOIS
Bit deceptive to editorialize it into something that sounds like something else much more interesting (removing contact info from domains) but isn't the case at all (they're just changing the method to access the same info).
defanor
I like WHOIS with its extreme simplicity [0]. RDAP, on the other hand, works on top of a large and changing HTTP [1], and uses a JS-derived serialization format [2]. RDAP has advantages, such as optionally benefiting from TLS, the data being better structured and defined, but the cost in added complexity seems high.
[0] https://datatracker.ietf.org/doc/html/rfc3912
roelschroeven
As far as I can see, an RDAP request is a simple HTTP request, looking like http://example.com/rdap/ip/192.0.2.0. Web servers still support HTTP/1.1 (or probably even HTTP/1.0 and HTTP/0.9). This is trivial to implement for clients. A simple HTTP request like that is about he simplest thing to do. You'll have to use curl or wget instead of netcat if you want to do it manually. No big deal.
"A JS-derived serialization format" ... You mean JSON, which is about the lowest common denominator in Internet data exchange these days (and has been ever since we found out that XML was overly complex and JSON was much easier to use). You'll have to use something like jq instead of grep to extract information from the data manually. Or rather, you'll be able to use the powers of jq. Again, I don't really see the problem here.
defanor
I did not mean that there is a problem with it, only that I appreciate the simplicity of WHOIS. While HTTP-with-JSON is perhaps the most practical solution these days.
To clarify my point of view, an ad hoc HTTP client for this indeed should not be hard to write from scratch, demonstrating that there is not much complexity in that. The server part would be a little more tricky; still doable, but not as easily as for WHOIS, and in most cases a more sensible approach would be to use libraries (or a program like curl, in case of shell scripting or manual usage) for that, as you said. Likewise with JSON: though one can deal with it as with text, some added tools (a library or jq, depending on context) would be sensible to use. But then added dependencies lead to all kinds of issues in non-ideal conditions (e.g., when it is problematic to install those). But again, I am not saying that this should stop adoption of RDAP.
On top of that, a complete and proper HTTP 1.1 implementation, server or client, would be quite large. And JSON, while indeed common and not particularly complicated, still has bits I find awkward (no sum types or a standard way to encode those, but has "objects", arbitrary-looking primitive types; no single standard for streaming, either), so working around it is not exactly pleasurable. Those add up to a difference between a trivial protocol and, well, a non-trivial one. I appreciate such trivial yet working and useful solutions, though the other kind is commonly useful as well.
donio
curl -s https://rdap.verisign.com/com/v1/domain/example.com|jq -r '.events[] | select(.eventAction == "expiration") | .eventDate'
tankenmate
Also, a large number of command line RDAP clients output plain text instead of JSON if you ask nicely.
_verandaguy
It's a bit unreasonable, IMO, to criticize the fact that RDAP communicates using a JSON API -- while JSON is inexorably related to JavaScript (and it's not without its issues), it's ubiquitous on the modern web for serializing data, in any even vaguely REST-shaped API.
You could argue that a more compact, binary, wire format is more appropriate (though I wouldn't, in this case, since for small, simple payloads, I think simplicity and human readability trumps sheer wire efficiency). You could argue that JSON's a poor serialization language in general (which is debatable, contextual, and in this case, I don't think there's a widely-accepted better option).
But let's not act like "a JS-derived serialization format" is some kind of mark of the beast here.
TheSaifurRahman
Worth mentioning are two open-source RDAP projects that are helping move the internet to a more structured system:
DNSBelgium: https://github.com/DNSBelgium/rdap
RedDog: https://www.reddog.mx/home/2017/12/14/server-1.2.2-patch-rel...
tankenmate
https://github.com/openrdap/rdap
Golang, single binary, cross platform, download and use.
tankenmate
Just noticed that someone is going and down voting any mention of any implementations of rdap clients for this news item. Very strange.
TheSaifurRahman
Whois it ;)
TheSaifurRahman
I’m assuming this is a client app, and not a server implementation.
tankenmate
Yes, it's a rdap client, command line
phendrenad2
Most people won't even notice this change. They'll still go to a "whois lookup service" and input a domain, and get the same results. The fact that it arrived via a different protocol (RDAP) won't mean anything.
vekatimest
To be replaced with a system providing a standardized method to give law enforcement easier "secure access" to your redacted personal information.
dawnerd
Wait, people use real information?
kelnos
I do. The terms of the domain registration say that providing incorrect information can result in revocation of the registration. Not really worth the risk, IMO, for any domain I actually care about.
Aachen
Not just that, but also if the registrar turns out to be fraudulent or someone convinces your registrar to transfer the domain (scam the support team), or they get your account password and transfer the domain that way (data leak elsewhere, password reset with a sim swap, you name it)... there are so many ways you can have "technical difficulties", but in the end: you're the one with an ID card that has your name on it. You can take the TLD to court and have them give you back the domain that was legally purchased in your name
Except if it's not in your name
So yep, as you say: make this decision (fake or real information) knowing the risks involved in not legally owning it
riffic
that's grounds for cancellation of a domain sooooo.....
wmf
We have ownership records for real estate for a reason. Domains need some level of accountability.
idle_zealot
I'm not sure this follows. You're allowed to publish, say, a book or pamphlet without signing it with your legal name and address. So is a website more like a book, or a building?
callc
Somewhere in the middle IMO. If the domain name is desirable it looks more like a building, because people generally care about who owns the land when it is not getting put to good use.
Websites are more like books when they have a domain no else else cares about.
greyface-
Domains point to IPs, and IPs already have subpoenable ownership records at RIRs. In the real estate metaphor: we have property ownership records, but we don't have records of every rental tenancy.
RIMR
This is completely untrue.
https://www.zdnet.com/home-and-office/networking/court-rules...
IncRnd
That's not true. Those are registration records NOT ownership records. People do not purchase ip address or domains. They register them for temporary use.
longtailofsighs
ICANN accredited domain registrars (so any registrar selling generic TLDs like .org, .com, .design etc) have contractual obligations related to technical abuses like phishing, malware, and botnets, insofar as they intersect with a domain name.
Content/expression related harms are outside of ICANNs bylaws and any obligations related to what a domain points at are not from ICANN, but from the laws in the jurisdiction in which the registrar operates. This is generally good. There is no global standard for acceptable limits on expression, with the possible exception of CSAM which is illegal everywhere.
Requiring domain registrars to arbitrate what content should be accessible via the DNS is perilous.
imoreno
No they don't.
nine_k
Back in 2014, when TLD .church was introduced, me and my friends tried to register alonzo.church and (ab)use the contact information records to provide some biographic information and links, explaining literally whois alonzo.church on the command line. That would not prevent hosting whatever services on that domain as normal.
Sadly, we were not able to secure the domain on time, and after 11 years, the attempted trick is becoming irrelevant.
einpoklum
I just did an
apt cache search rdap
:-(
kseistrup
It's in experimental:
tempodox
The linked article points to a GitHub repo. Clone it and do `cargo install icann-rdap-cli`. Of course you need the Rust toolchain for that.
bravetraveler
If distribution packages don't abstract this trivia away I'm going to be endlessly frustrated
This was announced originally early last year. It removes the requirement for TLD and nTLD (not ccTLD) operators to have a WHOIS service available, but doesn't mandate they must shut them down.
So far the sunsetting has had little effect with most TLDs still having their WHOIS services online. In reality, I think we'll see a period of time where many TLDs and nTLDs have both WHOIS and RDAP available.
Additionally, since ccTLD's aren't governed by ICANN, many don't even have an RDAP service available. As such, there's going to be a mix of RDAP and WHOIS in use across the entire internet for some time to come.
Disclosure: I run https://viewdns.info/ and have spent many an hour dealing with both WHOIS and RDAP parsing to make sure that our service returns consistent data (via our web interface and API) regardless of the protocol in use.