Hosting & Domains News

So Long Whois and Thanks for all the Fish

I’ve written about Whois, RDAP and ICANN policies many many times over the years. They’re topics that are important, but are often hard to understand due to the amount of jargon and acronyms that get used.

When you register a domain name, be that a .ie, a .com, a .eu or any other domain name, no matter what it is, you have to provide contact details for the person or organisation the domain will be registered to. The technical term for that person or entity is the “registrant”.

Blacknight acts as an intermediary or agent of the domain registries which hold the databases of domain names and in most cases we collect and process the domain registration details on their behalf. The exception would be with .com and .net where we hold the registrant details and only share the technical bits with the domain registry.

With generic top level domain names like .com or .blog (gTLD) for which Blacknight is a registrar we also have had to run a whois service.

Essentially we provide information to the rest of the internet about who has registered domains under our care. (Since the advent of GDPR in 2018 the amount of data we need to make public has been reduced significantly and this is not going to change). So if you go to our whois server and put in your domain name you’ll be able to see key data related to it such as when it was registered, when it expires and which nameservers it’s using. (If the domain isn’t registered with us we won’t be able to tell you any of that – we only care about the domains we’re looking after!)

For the last couple of years we’ve also been running an RDAP service, which is another technical approach to displaying the registration data. RDAP, which stands for “Registration Data Access Protocol”, uses a much more structured way of handling the data elements, so other systems and services are more easily able to process them consistently. RDAP is the future for registration data and has already replaced legacy whois systems in a lot of parts of the internet ecosystem.

So what’s happening now?

For now nothing, but 7th August 2023 is when the clock starts on the countdown to whois being removed.

From that date onwards we will have some new service obligations with respect to the RDAP service. Basically we have to keep it online and working or we will run afoul of our contractual obligations with ICANN.

However things will start happening in 2025.

From 28th January 2025 we, and I suspect many other registrars, will shutdown our public whois servers.

Why?

Because with RDAP up and running for 6 years at that stage and with the service level requirements firmly in place there’s no technical reason why we’d keep a second service running. Plus our contractual requirement to keep our whois server running will go away.

Could you keep your whois server online after January 2025?

Yes of course we could, however not only do we have zero incentive to do so we actually have a negative incentive. ICANN will impose SLAs on us if we voluntarily keep our public whois servers running, so there’s no sane reason why we’d want to do that.

What will happen when whois goes away?

From our perspective nothing will change. Domains (and their associated services like email, websites etc.) will keep working as they’ve always done.

Software that uses the legacy whois protocol should be replaced by RDAP, but it’s quite possible that some people either won’t have realised this change is coming or will have ignored it. So some 3rd party software might break.

If you’re a software developer that is doing anything with domains please check that you aren’t relying on Whois to check which nameservers are the right ones, or for other functionality. Even if 5% of the registrars shutdown their whois servers it’ll render it completely useless, so you really need to be using RDAP in the future (and it’s technically superior anyway!)

Don’t you use whois to check if a domain is available?

No. While you can it’s a very bad idea as the protocol is not designed for it and the results you get back are never going to be 100% reliable for multiple reasons. Registrars use EPP to check if a domain is registered or not ie. our servers talk to the registry directly and check if a domain is taken or not.

If you’re interested, or bored, you can read the very detailed background of this change here.

Exit mobile version