The registrar agreement allows registrars to use data from Norid's systems, but only to serve own customers. In order to strengthen the protection of privacy, Norid will implement this limitation in our systems, in addition to it being regulated by the agreement. At the same time, the RDAP service will replace the current registrar WHOIS service. The changes will be implemented on 30 September. 

The changes mean that the look-up service for registrars and the EPP-service will show less data for customers who are not your own. Data displayed for domain names and objects under reg0 will be the same as if they were under another registrar.
 
These changes particularly affect what information is displayed for private individuals who are not your customers. Previously, all registrars could look up customer data for private subscribers, regardless of whether they were their own customers. This will now be restricted.

Below you can read more about what data will be available for your own and others' customers in the RDAP-service and EPP-service.

RDAP replaces the registrar WHOIS service

The registrar-specific WHOIS service (registrarwhois.norid.no) will be phased out and replaced by the RDAP service on 30 September.

From this date, registrarwhois.norid.no on port 43 and the web service at https://registrarwhois.norid.no will no longer be available.

Services that will not be affected by the changes:

  • The public look-up service
  • The regular WHOIS service (whois.norid.no on port 43). This service will show the same data as RDAP for unauthenticated users.
  • The finger/DAS service (finger.norid.no on port 79)

How to use RDAP

RDAP (Registration Data Access Protocol) is an internationally standardized protocol designed as a REST API, making it well-suited for automated lookups.

RDAP lookups can be performed anonymously or with authentication. Data visibility depends on the user level and some look ups and data will only be available for authenticated users.

As a registrar, you can use RDAP in authenticated mode, allowing more lookup options, more data visibility for your own objects and some limited data for objects belonging to other registrars.

An outline of what data is available in RDAP for your own and others' customers, when accessing the data as an authorised registrar and as a anonymous user, can be found in the table display of customer data in RDAP.

We recommend that you start using RDAP now to prepare for the transition.

Note: There will be no web proxy for RDAP lookups.

Domain availability checks via RDAP

RDAP includes additional features for checking domain name availability that can be useful. Since RDAP provides more accurate status information than the current DAS service, we recommend using RDAP instead of DAS.

More information about RDAP is available on our website.

Data restrictions in the EPP service

At the same time as the registrar WHOIS service is phased out on 30 September, we will also restrict access to data in the EPP service, for customers that belong to other registrars.

If you are taking over a domain subscription, you can access more information by entering an authentication code or one-time code in EPP-service. You will then be able to see the same data as for subscribers in your registrar portefolio. This is a new function which will be implemented in EPP domain-info and contact-info. The documentation of the EPP interface has been updated with the changes.

An outline of what data will be available in EPP for your own and others' customers after the restrictions have been implemented , can be found in the table display of customer data in EPP.

The test system

The EPP test system has been updated with the new changes. We recommend that all registrars familiarize themselves with the updates before they go live in the production system.

New public lookup feature

It is now possible to check how many domain names are registered under a personal ID in the public domain lookup service. The result will not show which domain names are registered, only the number of domains and the registrar managing them.

This can help registrars monitor quotas for personal IDs. Subscribers can also check how many domains they have registered and which registrar they need to contact.

Background for the changes - better built-in protection of privacy

Norid's handling of personal data must comply with the GDPR (General Data Protection Regulation - EU Regulation 2016/679), incorporated into Norwegian law through the Personal Data Act.

Norid’s legal basis for processing its own customers' data follows Section 6.1(b) of the Personal Data Act.

A risk assessment has been conducted to determine which data registrars need access to in order to operate. We already have a clause in the agreement with the registrars that limits registrars to only use data from Norid's systems to serve their own customers. However, after a review we see that it is also necessary to technically limit the processing of personal data so that each registrar only have access to data about subscribers and domain names in their registrar portefolio.

The RDAP protocol supports layered access, allowing users to be authenticated. This makes it better suited for compliance with privacy regulations.

Feedback

If you have any feedback or comments on these changes, please send an email to info@norid.no before 15 June 2025.

Published: 25 March 2025