Port 648: RRP — The door that opened domain registration

Port 648 carries the Registry Registrar Protocol (RRP), the communication channel between domain registrars (companies like GoDaddy or Namecheap) and registries (the organizations that operate top-level domains like .com, .net, and .org).

What RRP Does

When you register a domain name through a registrar, that registrar needs to communicate with the registry that actually controls the TLD. RRP was the protocol that made those conversations possible.¹

RRP handles the fundamental operations of domain management:

• Registering new domain names
• Transferring domains between registrars
• Updating contact information
• Renewing registrations
• Deleting domain records

It uses a simple command-response model—text-based commands sent over a persistent TCP connection secured with SSL on port 648.²

Why Port 648 Exists: The End of a Monopoly

From 1993 to 1998, Network Solutions (NSI) was the only company that could register .com, .net, and .org domains. You wanted a domain? You went to NSI. No competition. No choice.³

In 1998, ICANN was formed to change that. Under a new agreement, NSI would continue operating the registry (the authoritative database), but would have to implement a Shared Registration System (SRS) by June 1999—meaning multiple registrars could compete to sell domain registrations.⁴

RRP was the protocol that made this possible. It was how registrars would talk to the registry. NSI developed version 1.1.0 in 1998-1999, documented in RFC 2832.⁵ VeriSign (which acquired NSI's registry business) updated it to version 2.0.0 in RFC 3632.⁶

The shared registration system went live on November 30, 1999. Port 648 was the door through which competitive domain registration became real.

How It Works

RRP operates over TCP port 648 with mandatory SSL encryption. A registrar establishes a persistent connection to the registry and sends text-based commands:

ADD
EntityName: example.com
DomainName: example.com
...

The registry responds with status codes indicating success or failure. The protocol is stateful—commands within a session can reference previous operations.

Every .com, .net, and .org domain registered between 1999 and the mid-2000s passed through port 648 at some point in its lifecycle.

The Successor: EPP

RRP did its job, but it had limitations. It was text-based and rigid, difficult to extend for new TLDs with different requirements.

The Extensible Provisioning Protocol (EPP) was designed to replace it. EPP is XML-based, more flexible, more secure, and became an IETF standard (RFC 5730) in 2009.⁷ EPP runs on port 700.

Most registries migrated from RRP to EPP in the mid-2000s. By 2010, RRP was largely obsolete. Port 648 still exists in IANA's registry, but it's a historical artifact now—the protocol that opened the door and then stepped aside.

Security Considerations

RRP required SSL/TLS encryption from the start, which was forward-thinking for 1999. But the protocol itself has weaknesses:

• Authentication relies on username/password credentials sent in each session
• No support for two-factor authentication
• Limited audit logging capabilities compared to EPP

If you encounter RRP traffic on port 648 today, it's likely either:

• A legacy system that hasn't migrated to EPP
• Testing or research environments
• Misconfigured software

Modern domain registration infrastructure uses EPP. If you're building anything new, don't use RRP.

Checking What's on Port 648

To see if anything is listening on port 648:

Linux/macOS:

sudo lsof -i :648
netstat -an | grep 648

Windows:

netstat -ano | findstr :648

You probably won't find anything. RRP's time has passed.

Related Ports

• Port 700 — EPP (Extensible Provisioning Protocol), RRP's successor
• Port 43 — WHOIS, for querying domain registration information
• Port 53 — DNS, the system that actually resolves domain names to IP addresses

Why This Port Matters

Port 648 represents a policy decision made technical. ICANN decided the domain name system should be competitive, not monopolistic. RRP was the infrastructure that made that policy real.

The protocol is obsolete now, but the principle isn't: the technical architecture of the Internet reflects choices about who gets to participate, who holds power, and how markets are structured.

Port 648 was open for about a decade. In that time, domain registration went from one company to thousands of accredited registrars worldwide.⁸ The door it opened is still open—we just use a different protocol to walk through it now.