Jump to content

Registration Data Access Protocol

From Wikipedia, the free encyclopedia
Registration Data Access Protocol
Communication protocol
AbbreviationRDAP
PurposeDomain lookup
Developer(s)Internet Engineering Task Force (IETF)
Introduction2015; 10 years ago (2015)
Based onJSON
OSI layerApplication layer (7)
RFC(s)7483

The Registration Data Access Protocol (RDAP) is a computer network communications protocol standardized by a working group at the Internet Engineering Task Force in 2015, after experimental developments and thorough discussions. It is a successor to the WHOIS protocol, used to look up relevant registration data from such Internet resources as domain names, IP addresses, and autonomous system numbers.

While WHOIS essentially retrieves free text, RDAP delivers data in a standard, machine-readable JSON format.[1] In order to accomplish this goal, the output of all operative WHOIS servers was analyzed, taking a census of the labels they used.[2] RDAP designers, many of whom are members of number or name registries, strove to keep the protocol as simple as possible, since complexity was considered one of the reasons why previous attempts, such as CRISP, failed. RDAP is based on RESTful web services, so that error codes, user identification, authentication, and access control can be delivered through HTTP.[3]

The biggest delay in getting RDAP done turned out to be the bootstrap, figuring out where the server is for each top-level domain, IP range, or ASN range. IANA agreed to host the bootstrap information in suitable registries, and publish it at a well-known location URLs in JSON format. Those registries started empty and will be gradually populated as registrants of domains and address spaces provide RDAP server information to IANA.[4][5] For number registries, ARIN set up a public RDAP service which also features a bootstrap URL, similar to what they do for WHOIS.[6] For name registries, ICANN requires RDAP compliance since 2013.[7][8]

Number resources

[edit]

RDAP databases for assigned IP numbers are maintained by five Regional Internet registries. ARIN maintains a bootstrap database.[9] Thanks to the standard document format, tasks such as, for example, getting the abuse team address of a given IP number can be accomplished in a fully automated manner.[10]

Name resources

[edit]

RDAP databases for registered names are maintained after ICANN agreement.[7] Name resources are much slower, as the number of registries under ICANN is huge. In addition, as the GDPR became enforceable, in May 2018, the problem of personal data divulged via WHOIS or RDAP slowed adoption further.[11] To solve the conflict between GDPR and ICANN policies ICANN published a temporary specification according to which all contact details need to be redacted for privacy reasons if they fall under the GDPR, unless the contact explicitly allows publication. This includes email addresses, however the registrar has to offer an anonymized email address or a web form to allow forwarding of information to contacts. The registry RDAP/WHOIS response has to contain a notice that these options to contact the contacts are only available in the registrar RDAP/WHOIS.[12]

To keep RDAP information accurate, registrars have to send a yearly Whois Data Reminder Policy (WDRP) notice to the registrant contact. This is commonly done via email containing all the RDAP information the registrar has and asking the registrant to update it immediately if it is incorrect, while at the same time reminding the registrant that incorrect RDAP information can lead to the deletion of the domain name.[13] Additionally each registrar has to offer an abuse contact and after being informed about incorrect RDAP information has to make sure that it is corrected quickly or suspend the domain.[7]

WHOIS replacement

[edit]

On January 19, 2023 ICANN opened voting on a global amendment to all its registry and registrar agreements. In it they defined a RDAP Ramp-Up Period of 180 days starting with the effectiveness of this amendment. 360 days after this period is defined as the WHOIS Services Sunset Date, after which it is not a requirement for registries and registrars to offer a WHOIS service and instead only a RDAP service is required. All voting thresholds were met within the 60 day voting period and the amendment will be submitted to the ICANN Board for approval and implementation.[14]

Query example

[edit]

To query RDAP, there are several software and web clients including icann-rdap (reference implementation command-line client by ICANN), OpenRDAP (independent command-line client), and rdap.dev web client.

In certain jurisdiction, RDAP redacted contact information as required by regulations such as General Data Protection Regulation (GDPR). Contact information for RDAP may be accessed with Registration Data Directory Services (RDDS) such as ICANN Lookup.[12][15] Non-public contact information can be requested with Registration Data Request Service (RDRS).[16]

Below is an example of RDAP data returned for an individual resource holder. This is the result of a RDAP query in raw format (using OpenRDAP client) for the website of Final Fantasy XIV, with Markmonitor as registrar:

> rdap finalfantasyxiv.com
Domain:
  Domain Name: FINALFANTASYXIV.COM
  Handle: 19576356_DOMAIN_COM-VRSN
  Status: client delete prohibited
  Status: client transfer prohibited
  Status: client update prohibited
  Conformance: rdap_level_0
  Conformance: icann_rdap_technical_implementation_guide_0
  Conformance: icann_rdap_response_profile_0
  Notice:
    Title: Terms of Use
    Description: Service subject to Terms of Use.
    Link: https://www.verisign.com/domain-names/registration-data-access-protocol/terms-service/index.xhtml
  Notice:
    Title: Status Codes
    Description: For more information on domain status codes, please visit https://icann.org/epp
    Link: https://icann.org/epp
  Notice:
    Title: RDDS Inaccuracy Complaint Form
    Description: URL of the ICANN RDDS Inaccuracy Complaint Form: https://icann.org/wicf
    Link: https://icann.org/wicf
  Link: https://rdap.verisign.com/com/v1/domain/FINALFANTASYXIV.COM
  Link: https://rdap.markmonitor.com/rdap/domain/FINALFANTASYXIV.COM
  Event:
    Action: registration
    Date: 2000-02-10T15:58:28Z
  Event:
    Action: expiration
    Date: 2026-02-10T15:58:28Z
  Event:
    Action: last changed
    Date: 2024-02-09T05:41:13Z
  Event:
    Action: last update of RDAP database
    Date: 2025-05-31T07:42:09Z
  Secure DNS:
    Delegation Signed: false
  Entity:
    Handle: 292
    Public ID:
      Type: IANA Registrar ID
      Identifier: 292
    Role: registrar
    vCard version: 4.0
    vCard fn: MarkMonitor Inc.
    Entity:
      Role: abuse
      vCard version: 4.0
      vCard tel: tel:+1.2086851750
      vCard email: abusecomplaints@markmonitor.com
  Nameserver:
    Nameserver: A1-211.AKAM.NET
  Nameserver:
    Nameserver: A13-66.AKAM.NET
  Nameserver:
    Nameserver: A2-67.AKAM.NET
  Nameserver:
    Nameserver: A22-64.AKAM.NET
  Nameserver:
    Nameserver: A24-65.AKAM.NET
  Nameserver:
    Nameserver: A3-66.AKAM.NET

Extensions

[edit]

The RDAP protocol allows for extensions and IANA is maintaining a list of known RDAP extensions. Some of these extensions are RFCs like sorting and paging, others are just for specific TLDs.[17]

[edit]
  • STD 95
  • RFC 7480, HTTP Usage in the Registration Data Access Protocol (RDAP)
  • RFC 7481, Security Services for the Registration Data Access Protocol (RDAP)
  • RFC 8056, Extensible Provisioning Protocol (EPP) and Registration Data Access Protocol (RDAP) Status Mapping
  • RFC 9082, Registration Data Access Protocol (RDAP) Query Format
  • RFC 9083, JSON Responses for the Registration Data Access Protocol (RDAP)
  • RFC 9224, Finding the Authoritative Registration Data Access Protocol (RDAP) Service

Additionally ICANN has created 2 standards that need to be implemented by gTLD registries and registrars to have common output formats and require the implementation of some extensions.

Extensions

[edit]
  • RFC 8977, Registration Data Access Protocol (RDAP) Query Parameters for Result Sorting and Paging
  • RFC 8521, Registration Data Access Protocol (RDAP) Object Tagging
  • RFC 8982, Registration Data Access Protocol (RDAP) Partial Response
  • RFC 9537, Redacted Fields in the Registration Data Access Protocol (RDAP) Response

See also

[edit]

References

[edit]
  1. ^ Newton, Andrew; Hollenbeck, Scott (March 2015). JSON Responses for the Registration Data Access Protocol (RDAP). IETF. doi:10.17487/RFC7483. RFC 7483. Retrieved 2016-11-10.
  2. ^ Zhou, L.; Kong, N.; Shen, S.; Sheng, S.; Servin, A. (March 2015). Inventory and Analysis of WHOIS Registration Objects. IETF. doi:10.17487/RFC7485. RFC 7485. Retrieved 2016-11-10.
  3. ^ "Web Extensible Internet Registration Data Service (weirds)". IETF. 2015-03-25. Archived from the original on 2015-07-11. Retrieved 2016-11-10.
  4. ^ John Levine (2014-09-10). "The replacement for WHOIS is surprisingly close". jl.ly. Archived from the original on 2022-12-25. Retrieved 2016-11-10.
  5. ^ Blanchet, Marc (March 2015). Finding the Authoritative Registration Data (RDAP) Service. IETF. doi:10.17487/RFC7484. RFC 7484. Retrieved 2016-11-10.
  6. ^ "The Registration Data Access Protocol (RDAP)". ARIN. 2015-06-22. Archived from the original on 2023-08-01. Retrieved 2016-11-10.
  7. ^ a b c "2013 Registrar Accreditation Agreement". ICANN. Archived from the original on 2017-06-07. Retrieved 2016-11-10. Following the publication by the IETF of a Proposed Standard, Draft Standard or Internet Standard and any revisions thereto (as specified in RFC 2026) relating to the web-based directory service as specified in the IETF Web Extensible Internet Registration Data Service working group, Registrar shall implement the directory service specified in any such standard (or any revision thereto) no later than 135 days after such implementation is requested by ICANN
  8. ^ New gTLD Program Committee (NGPC) (2013-07-02). "New gTLD Agreement" (PDF). ICANN. Archived (PDF) from the original on 2022-09-01. Retrieved 2016-11-10. Registry Operator shall implement a new standard supporting access to domain name registration data (SAC 051) no later than one hundred thirty-five (135) days after it is requested by ICANN if: 1) the IETF produces a standard (i.e., it is published, at least, as a Proposed Standard RFC as specified in RFC 2026); and 2) its implementation is commercially reasonable in the context of the overall operation of the registry
  9. ^ "RDAP at ARIN" (PDF). September 17, 2019. Archived (PDF) from the original on November 28, 2022. Retrieved June 8, 2020.
  10. ^ "abuserdap". Archived from the original on 2022-12-25. Retrieved 2020-06-08.
  11. ^ Kieren McCarthy (October 23, 2019). "Haunted by Europe's GDPR, ICANN sharpens wooden stake to finally slay the Whois vampire". The Register. Archived from the original on May 25, 2023. Retrieved June 8, 2020.
  12. ^ a b "Temporary Specification for gTLD Registration Data - ICANN". www.icann.org. Retrieved 2023-04-08.
  13. ^ "Whois Data Reminder Policy - ICANN". www.icann.org. Retrieved 2023-04-08.
  14. ^ "2023 Global Amendments to the Base gTLD Registry Agreement (RA), Specification 13, and 2013 Registrar Accreditation Agreement (RAA) - ICANN". www.icann.org. Archived from the original on 2023-04-07. Retrieved 2023-04-07.
  15. ^ "ICANN Lookup". lookup.icann.org. Archived from the original on 2025-05-31. Retrieved 2025-06-04.
  16. ^ "Home - Registration Data Request Service". rdrs.icann.org. Retrieved 2025-05-31.
  17. ^ "RDAP Extensions". www.iana.org. Retrieved 2023-04-08.
[edit]
Retrieved from "https://en.wikipedia.org/w/index.php?title=Registration_Data_Access_Protocol&oldid=1294181090"