Registration Data Access Protocol

Last updated

The Registration Data Access Protocol (RDAP) is a computer network communications protocol standardized by a working group at the Internet Engineering Task Force in 2015, after experimental developments and thorough discussions. It is a successor to the WHOIS protocol, used to look up relevant registration data from such Internet resources as domain names, IP addresses, and autonomous system numbers.

Contents

While WHOIS essentially retrieves free text, RDAP delivers data in a standard, machine-readable JSON format. [1] In order to accomplish this goal, the output of all operative WHOIS servers was analyzed, taking a census of the labels they used. [2] RDAP designers, many of whom are members of number or name registries, strove to keep the protocol as simple as possible, since complexity was considered one of the reasons why previous attempts, such as CRISP, failed. RDAP is based on RESTful web services, so that error codes, user identification, authentication, and access control can be delivered through HTTP. [3]

The biggest delay in getting RDAP done turned out to be the bootstrap, figuring out where the server is for each top level domain, IP range, or ASN range. IANA agreed to host the bootstrap information in suitable registries, and publish it at a well-known location URLs in JSON format. Those registries started empty and will be gradually populated as registrants of domains and address spaces provide RDAP server information to IANA. [4] [5] For number registries, ARIN set up a public RDAP service which also features a bootstrap URL, similar to what they do for WHOIS. [6] For name registries, ICANN requires RDAP compliance since 2013. [7] [8]

Number resources

RDAP databases for assigned IP numbers are maintained by five Regional Internet registries. ARIN maintains a bootstrap database. [9] Thanks to the standard document format, tasks such as, for example, getting the abuse team address of a given IP number can be accomplished in a fully automated manner. [10]

Name resources

RDAP databases for registered names are maintained after ICANN agreement. [7] Name resources are much slower, as the number of registries under ICANN is huge. In addition, as the GDPR became enforceable, in May 2018, the problem of personal data divulged via WHOIS or RDAP slowed adoption further. [11] To solve the conflict between GDPR and ICANN policies ICANN published a temporary specification according to which all contact details need to be redacted for privacy reasons if they fall under the GDPR, unless the contact explicitly allows publication. This includes email addresses, however the registrar has to offer an anonymized email address or a web form to allow forwarding of information to contacts. The registry RDAP/WHOIS response has to contain a notice that these options to contact the contacts are only available in the registrar RDAP/WHOIS. [12]

To keep RDAP information accurate, registrars have to send a yearly Whois Data Reminder Policy (WDRP) notice to the registrant contact. This is commonly done via email containing all the RDAP information the registrar has and asking the registrant to update it immediately if it is incorrect, while at the same time reminding the registrant that incorrect RDAP information can lead to the deletion of the domain name. [13] Additionally each registrar has to offer an abuse contact and after being informed about incorrect RDAP information has to make sure that it is corrected quickly or suspend the domain. [7]

WHOIS Replacement

On January 19th 2023 ICANN opened voting on a global amendment to all its registry and registrar agreements. In it they defined a RDAP Ramp-Up Period of 180 days starting with the effectiveness of this amendment. 360 days after this period is defined as the WHOIS Services Sunset Date, after which it is not a requirement for registries and registrars to offer a WHOIS service and instead only a RDAP service is required. All voting thresholds were met within the 60 day voting period and the amendment will be submitted to the ICANN Board for approval and implementation. [14]

Extensions

The RDAP protocol allows for extensions and IANA is maintaining a list of known RDAP extensions. Some of these extensions are RFCs like sorting and paging, others are just for specific TLDs. [15]

Additionally ICANN has created 2 standards that need to be implemented by gTLD registries and registrars to have common output formats and require the implementation of some extensions.

Extensions

See also

Related Research Articles

The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to each of the associated entities. Most prominently, it translates readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. The Domain Name System has been an essential component of the functionality of the Internet since 1985.

<span class="mw-page-title-main">ICANN</span> American nonprofit organization that coordinates several Internet address databases

The Internet Corporation for Assigned Names and Numbers is an American multistakeholder group and nonprofit organization responsible for coordinating the maintenance and procedures of several databases related to the namespaces and numerical spaces of the Internet, ensuring the network's stable and secure operation. ICANN performs the actual technical maintenance work of the Central Internet Address pools and DNS root zone registries pursuant to the Internet Assigned Numbers Authority (IANA) function contract. The contract regarding the IANA stewardship functions between ICANN and the National Telecommunications and Information Administration (NTIA) of the United States Department of Commerce ended on October 1, 2016, formally transitioning the functions to the global multistakeholder community.

A top-level domain (TLD) is one of the domains at the highest level in the hierarchical Domain Name System of the Internet after the root domain. The top-level domain names are installed in the root zone of the name space. For all domains in lower levels, it is the last part of the domain name, that is, the last non empty label of a fully qualified domain name. For example, in the domain name www.example.com, the top-level domain is .com. Responsibility for management of most top-level domains is delegated to specific organizations by the ICANN, an Internet multi-stakeholder community, which operates the Internet Assigned Numbers Authority (IANA), and is in charge of maintaining the DNS root zone.

In the Internet, a domain name is a string that identifies a realm of administrative autonomy, authority or control. Domain names are often used to identify services provided through the Internet, such as websites, email services and more. As of 2017, 330.6 million domain names had been registered. Domain names are used in various networking contexts and for application-specific naming and addressing purposes. In general, a domain name identifies a network domain or an Internet Protocol (IP) resource, such as a personal computer used to access the Internet, or a server computer.

<span class="mw-page-title-main">Internet Assigned Numbers Authority</span> Standards organization overseeing IP addresses

The Internet Assigned Numbers Authority (IANA) is a standards organization that oversees global IP address allocation, autonomous system number allocation, root zone management in the Domain Name System (DNS), media types, and other Internet Protocol–related symbols and Internet numbers.

A domain name registry is a database of all domain names and the associated registrant information in the top level domains of the Domain Name System (DNS) of the Internet that enables third party entities to request administrative control of a domain name. Most registries operate on the top-level and second-level of the DNS.

The domain com is a top-level domain (TLD) in the Domain Name System (DNS) of the Internet. Created in the first group of Internet domains at the beginning of 1985, its name is derived from the word commercial, indicating its original intended purpose for subdomains registered by commercial organizations. Later, the domain opened for general purposes.

The Domain Name System Security Extensions (DNSSEC) are a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protocol provides cryptographic authentication of data, authenticated denial of existence, and data integrity, but not availability or confidentiality.

Domain hijacking or domain theft is the act of changing the registration of a domain name without the permission of its original registrant, or by abuse of privileges on domain hosting and registrar software systems.

<span class="mw-page-title-main">Internationalized domain name</span> Type of Internet domain name

An internationalized domain name (IDN) is an Internet domain name that contains at least one label displayed in software applications, in whole or in part, in non-latin script or alphabet or in the Latin alphabet-based characters with diacritics or ligatures. These writing systems are encoded by computers in multibyte Unicode. Internationalized domain names are stored in the Domain Name System (DNS) as ASCII strings using Punycode transcription.

A domain name registrar is a company that manages the reservation of Internet domain names. A domain name registrar must be accredited by a generic top-level domain (gTLD) registry or a country code top-level domain (ccTLD) registry. A registrar operates in accordance with the guidelines of the designated domain name registries.

The Extensible Provisioning Protocol (EPP) is a flexible protocol designed for allocating objects within registries over the Internet. The motivation for the creation of EPP was to create a robust and flexible protocol that could provide communication between domain name registries and domain name registrars. These transactions are required whenever a domain name is registered or renewed, thereby also preventing domain hijacking. Prior to its introduction, registries had no uniform approach, and many different proprietary interfaces existed. While its use for domain names was the initial driver, the protocol is designed to be usable for any kind of ordering and fulfilment system.

<span class="mw-page-title-main">.ae</span> Country code top-level domain for the United Arab Emirates

.ae is the country code top-level domain (ccTLD) in the Domain Name System of the Internet for the United Arab Emirates. It is administered by .aeDA which is part of the Telecommunications and Digital Government Regulatory Authority of UAE (TDRA).

<span class="mw-page-title-main">.tw</span> Internet country-code top-level domain for Taiwan

.tw is the Internet country code top-level domain (ccTLD) for Taiwan. The domain name is based on the ISO 3166-1 alpha-2 country code TW. The registry is maintained by the Taiwan Network Information Center (TWNIC), a Taiwanese non-profit organization appointed by the National Communications Commission (NCC) and the Ministry of Transportation and Communication. Since 1 March 2001, TWNIC has stopped allowing itself to sign up new domain names directly, instead allowing new registration through its contracted reseller registrars. As of May 2023, there are 17 registrars.

<span class="mw-page-title-main">.ma</span> Internet country code top-level domain for Morocco

.ma is the Internet country code top-level domain (ccTLD) for Morocco. A local registrar with a local Moroccan company as administrative contact is needed to register a .ma or .co.ma domain name. Further restrictions are imposed on the registering of other second-level domains.

<span class="mw-page-title-main">.na</span> Internet country code top-level domain for Namibia

.na is the Internet country code top-level domain (ccTLD) for Namibia corresponding to the two letter code from the ISO-3166 standard.

Domain privacy is a service offered by a number of domain name registrars. A user buys privacy from the company, who in turn replaces the user's information in the WHOIS with the information of a forwarding service.

WHOIS is a query and response protocol that is used for querying databases that store an Internet resource's registered users or assignees. These resources include domain names, IP address blocks and autonomous systems, but it is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format. The current iteration of the WHOIS protocol was drafted by the Internet Society, and is documented in RFC 3912.

Domain registration is the process of acquiring a domain name from a domain name registrar.

References

  1. Newton, Andrew; Hollenbeck, Scott (March 2015). JSON Responses for the Registration Data Access Protocol (RDAP). IETF. doi: 10.17487/RFC7483 . RFC 7483 . Retrieved 2016-11-10.
  2. Zhou, L.; Kong, N.; Shen, S.; Sheng, S.; Servin, A. (March 2015). Inventory and Analysis of WHOIS Registration Objects. IETF. doi: 10.17487/RFC7485 . RFC 7485 . Retrieved 2016-11-10.
  3. "Web Extensible Internet Registration Data Service (weirds)". IETF. 2015-03-25. Retrieved 2016-11-10.
  4. John Levine (2014-09-10). "The replacement for WHOIS is surprisingly close". jl.ly. Retrieved 2016-11-10.
  5. Blanchet, Marc (March 2015). Finding the Authoritative Registration Data (RDAP) Service. IETF. doi: 10.17487/RFC7484 . RFC 7484 . Retrieved 2016-11-10.
  6. "The Registration Data Access Protocol (RDAP)". ARIN. 2015-06-22. Retrieved 2016-11-10.
  7. 1 2 3 "2013 Registrar Accreditation Agreement". ICANN. Archived from the original on 2017-06-07. Retrieved 2016-11-10. Following the publication by the IETF of a Proposed Standard, Draft Standard or Internet Standard and any revisions thereto (as specified in RFC 2026) relating to the web-based directory service as specified in the IETF Web Extensible Internet Registration Data Service working group, Registrar shall implement the directory service specified in any such standard (or any revision thereto) no later than 135 days after such implementation is requested by ICANN
  8. New gTLD Program Committee (NGPC) (2013-07-02). "New gTLD Agreement" (PDF). ICANN . Retrieved 2016-11-10. Registry Operator shall implement a new standard supporting access to domain name registration data (SAC 051) no later than one hundred thirty-five (135) days after it is requested by ICANN if: 1) the IETF produces a standard (i.e., it is published, at least, as a Proposed Standard RFC as specified in RFC 2026); and 2) its implementation is commercially reasonable in the context of the overall operation of the registry
  9. "RDAP at ARIN" (PDF). September 17, 2019.
  10. "abuserdap".
  11. Kieren McCarthy (October 23, 2019). "Haunted by Europe's GDPR, ICANN sharpens wooden stake to finally slay the Whois vampire". The Register .
  12. "Temporary Specification for gTLD Registration Data - ICANN". www.icann.org. Retrieved 2023-04-08.
  13. "Whois Data Reminder Policy - ICANN". www.icann.org. Retrieved 2023-04-08.
  14. "2023 Global Amendments to the Base gTLD Registry Agreement (RA), Specification 13, and 2013 Registrar Accreditation Agreement (RAA) - ICANN". www.icann.org. Retrieved 2023-04-07.
  15. "RDAP Extensions". www.iana.org. Retrieved 2023-04-08.