RDAP Transparency Report
Dear colleagues, At RIPE 88, Leo Vegoda asked in the DB-WG session for a transparency report on RDAP, and in particular any functionality gaps between RDAP and Whois in the RIPE database. The Registration Data Access Protocol (RDAP) is an alternative protocol to Whois that specifies how to access Internet resource registration data. It is specifically designed to address various shortcomings in Whois. Because of these improvements in RDAP, we want to encourage its adoption. However, at least for the RIPE Database, over 90% of Whois queries are still on port 43. In 2015, the Whois output from both Regional Internet Registries (RIRs) and Domain Name Registries (DNSs) were collected and analysed, and created an object registry in RFC 7485, "Inventory and Analysis of WHOIS Registration Objects". https://www.rfc-editor.org/rfc/rfc7485 This formed the basis of the various object types supported in RDAP. There are gaps where Whois object types or attribute types are not supported by RDAP. One difficulty is that the Whois object model is different for each RIR. This makes supporting specific attributes in RDAP more difficult. For this analysis we will focus on the RIPE Database. Also specifically for the RIPE NCC service region, known differences between RDAP and the RIPE Database are listed in the Whois GitHub repository: https://github.com/RIPE-NCC/whois/blob/master/README.RDAP.md Once it is clear where the gaps are, we will work with the community to prioritise work to close the gaps between RDAP and Whois. We also plan to cooperate with the other RIRs to help standardise any changes. Let's now analyse the gaps by functional area between the RIPE Database and RDAP. The following sections document how RPSL attributes for different object types are mapped to RDAP. Attributes common to most or all object types follow at the end of the document. Internet Number Registry (INR) ------------------------------ The Internet Number Registry (INR) is a subset of the RIPE Database containing information about resources, including IPv4 and IPv6 prefixes and AS numbers. AS-BLOCK As-block objects are *not* returned by RDAP. If an in-region AS number is not found, even if the parent as-block exists, then HTTP status 404 “Not Found” is returned for that AS number. AUT-NUM +---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | aut-num | /handle | | | /startAutnum | | | /endAutnum | +---------------------------------------+---------------------------------------+ | as-name | /name | +---------------------------------------+---------------------------------------+ | member-of | N/A (not returned) | +---------------------------------------+---------------------------------------+ | import-via | N/A | +---------------------------------------+---------------------------------------+ | import | N/A | +---------------------------------------+---------------------------------------+ | mp-import | N/A | +---------------------------------------+---------------------------------------+ | export-via | N/A | +---------------------------------------+---------------------------------------+ | export | N/A | +---------------------------------------+---------------------------------------+ | mp-export | N/A | +---------------------------------------+---------------------------------------+ | default | N/A | +---------------------------------------+---------------------------------------+ | mp-default | N/A | +---------------------------------------+---------------------------------------+ | sponsoring-org | N/A | +---------------------------------------+---------------------------------------+ | status | N/A | +---------------------------------------+---------------------------------------+ INETNUM +---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | inetnum | /handle | | | /startAddress | | | /endAddress | | | /ipVersion ("v4") | +---------------------------------------+---------------------------------------+ | netname | /name | +---------------------------------------+---------------------------------------+ | country | /country | | | (Whois "country" is multiple but | | | single in RDAP. Only the first value | | | is returned). | +---------------------------------------+---------------------------------------+ | geofeed | /links/ | | | "rel": "geo" | | | "type": "application/geofeed+csv" | | | See draft-ietf-regext-rdap-geofeed | +---------------------------------------+---------------------------------------+ | geoloc | /vcardArray "geo" (N.B. this attribute| | | is not related to Geofeed) | +---------------------------------------+---------------------------------------+ | language | /lang | | | (Whois "language" is multiple but | | | single in RDAP). | +---------------------------------------+---------------------------------------+ | sponsoring-org | N/A (not returned) | +---------------------------------------+---------------------------------------+ | status | /type | +---------------------------------------+---------------------------------------+ | assignment-size | N/A (not returned) | +---------------------------------------+---------------------------------------+ INET6NUM +---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | inet6num | /handle | | | /startAddress | | | /endAddress | | | /ipVersion ("v6") | +---------------------------------------+---------------------------------------+ | netname | /name | +---------------------------------------+---------------------------------------+ | country | /country | | | ("country" is multiple in Whois but | | | single in RDAP. Only the first value | | | is returned). | +---------------------------------------+---------------------------------------+ | geofeed | /links/ | | | "rel": "geo" | | | "type": "application/geofeed+csv" | | | See draft-ietf-regext-rdap-geofeed | +---------------------------------------+---------------------------------------+ | geoloc | /vcardArray "geo" (N.B. this attribute| | | is not related to Geofeed) | +---------------------------------------+---------------------------------------+ | language | /lang | | | ("language" is multiple in Whois but | | | single in RDAP. Only the first value | | | is returned). | +---------------------------------------+---------------------------------------+ | sponsoring-org | N/A (not returned) | +---------------------------------------+---------------------------------------+ | status | /type | +---------------------------------------+---------------------------------------+ | assignment-size | N/A (not returned) | +---------------------------------------+---------------------------------------+ Entity Object Types ------------------- Entities in RDAP include organisation, maintainer, person and role contact types. MNTNER +---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | mntner | /handle | +---------------------------------------+---------------------------------------+ | upd-to | N/A (not intended as a contact | | | email address) | +---------------------------------------+---------------------------------------+ | mnt-nfy | N/A (not intended as a contact | | | email address) | +---------------------------------------+---------------------------------------+ | auth | N/A (mot returned) | +---------------------------------------+---------------------------------------+ ORGANISATION +---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | organisation | /handle | +---------------------------------------+---------------------------------------+ | org-name | /vcardArray | | | "text": "org" | +---------------------------------------+---------------------------------------+ | org-type | N/A (not returned) | +---------------------------------------+---------------------------------------+ | address | /vcardArray | | | "adr" | +---------------------------------------+---------------------------------------+ | country | /country | | | ("country" is single in Whois and | | | single in RDAP. Only the first value | | | is returned). | +---------------------------------------+---------------------------------------+ | phone | /vcardArray | | | "tel" | | | "type": "voice" | +---------------------------------------+---------------------------------------+ | fax-no | /vcardArray | | | "tel" | | | "type": "fax" | +---------------------------------------+---------------------------------------+ | e-mail | /vcardArray | | | "email" | | | The "e-mail" value is filtered in | | | Whois but not in RDAP. | +---------------------------------------+---------------------------------------+ | geoloc | /vcardArray "geo" (N.B. this attribute| | | is not related to Geofeed) | +---------------------------------------+---------------------------------------+ | language | /lang ("language" is multiple in Whois| | | but single in RDAP. Only the first | | | value is returned). | +---------------------------------------+---------------------------------------+ | ref-nfy | N/A (not intended as a contact email | | | address) | +---------------------------------------+---------------------------------------+ ROLE +---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | role | /vcardArray | | | "fn" | +---------------------------------------+---------------------------------------+ | address | /vcardArray | | | "adr" | +---------------------------------------+---------------------------------------+ | phone | /vcardArray | | | "tel" | | | "type": "voice" | +---------------------------------------+---------------------------------------+ | fax-no | /vcardArray | | | "tel" | | | "type": "fax" | +---------------------------------------+---------------------------------------+ | e-mail | /vcardArray | | | "email" | +---------------------------------------+---------------------------------------+ | nic-hdl | /handle | +---------------------------------------+---------------------------------------+ PERSON +---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | person | /vcardArray | | | "fn" | +---------------------------------------+---------------------------------------+ | address | /vcardArray | | | "adr" | +---------------------------------------+---------------------------------------+ | phone | /vcardArray | | | "tel" | | | type": "voice" | +---------------------------------------+---------------------------------------+ | fax-no | /vcardArray | | | "tel" | | | "type": "fax" | +---------------------------------------+---------------------------------------+ | e-mail | /vcardArray | | | "email" | +---------------------------------------+---------------------------------------+ | nic-hdl | /handle | +---------------------------------------+---------------------------------------+ Internet Routing Registry (IRR) ------------------------------- The Internet Routing Registry (IRR) is a database of Routing policy information, including route objects and related sets. None of the IRR object types are currently returned by RDAP, including: ROUTE: IPv4 route ROUTE6: IPv6 route RTR-SET: Set of routers ROUTE-SET: Set of routes AS-SET: Set of aut-num objects FILTER-SET: Set of routes matched by its filter PEERING-SET: Set of peerings INET-RTR: Internet router Reverse Delegation ------------------ The RIPE Database contains information about the provisioning of Reverse Domain Name System (DNS) delegations, contained in the domain object type. DOMAIN +---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | domain | /handle | | | /ldhName | +---------------------------------------+---------------------------------------+ | zone-c | /entities | | | "roles": "zone" | | | ("zone" is a non-standard entity type)| +---------------------------------------+---------------------------------------+ | nserver | /nameServers | +---------------------------------------+---------------------------------------+ | ds-rdata | secureDNS/dsData | +---------------------------------------+---------------------------------------+ Other Object Types ------------------ The RIPE Database also contains some other object types. IRT: referenced IRT objects are returned, but not directly. KEY-CERT : not returned by RDAP. Common Attributes ----------------- Some attributes appear on some or all object types in the RIPE Database and are mapped to RDAP as follows. +---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | abuse-c | /entities/ | | | role: "technical" | | | email type "abuse" | +---------------------------------------+---------------------------------------+ | admin-c | /entities/ | | | role: "administrative" | +---------------------------------------+---------------------------------------+ | tech-c | /entities/ | | | role: "technical" | +---------------------------------------+---------------------------------------+ | descr | /remarks/description/ | +---------------------------------------+---------------------------------------+ | mnt-by | /entities/ | | mnt-lower | In RDAP the role "registrant" is used | | mnt-routes | to identify both organisations and | | mnt-domains | maintainer entities. | | mnt-irt | In RDAP only the "mnt-by" value is | | mnt-ref | returned and not the other mnt types. | +---------------------------------------+---------------------------------------+ | org | /entities/ | | | In RDAP the role "registrant" is used | | | to identify both organisations and | | | maintainer entities. | +---------------------------------------+---------------------------------------+ | notify | N/A (not returned in RDAP response) | +---------------------------------------+---------------------------------------+ | remarks | /remarks/description/ | +---------------------------------------+---------------------------------------+ | created | /eventeventAction "registration" | +---------------------------------------+---------------------------------------+ | last-modified | /events/ | | | eventAction: "last changed" | +---------------------------------------+---------------------------------------+ | source | /notices/ | | | title: "source" | | | description: ["Objects returned came | | | from source", "RIPE"] | +---------------------------------------+---------------------------------------+ RDAP Object Classes ------------------- The RIPE database RDAP implementation supports the following object classes: * entity - returns Whois person, role, organisation, mntner types * ip - returns Whois inetnum and inet6num types * autnum - returns Whois aut-num type * domain - returns Whois domain type It does not support the nameserver class, used for forward DNS names. RDAP Query Flags ---------------- Supported query flags in the RIPE Database can be found in the Database documentation: https://docs.db.ripe.net/Types-of-Queries/ RDAP supports the following query flags: * For entity queries there is “fn” which is used as a search term for person, role and organisation name. Also “handle” which is used as a search term just for organisation and nic-hdl. Both cannot be used at the same time. * For ip queries there is “name” or “handle” both are used as a search term for netname (which maps to “name” in RDAP). * For autnum queries, “name” which is used to specify the search term for as-name, and “handle” for aut-num. * For domain queries, “name” which is used as a search term for domain. Conclusion ---------- The RDAP protocol addresses various shortcomings in Whois. Support for resource types and contact types is reasonably good, but there is no support for Internet Routing Registry (IRR) object types in particular. We must work to close the remaining gaps between RDAP and Whois if we want to increase the adoption of RDAP. --- Regards Ed Shryane RIPE NCC
Dear colleagues, The Secret Working Group pointed out that POEM and POETIC-FORM object types were missing from the RDAP transparency report. These types have no operational use, but they are part of the database history and we should consider *all* object types and attributes for discussion to make RDAP feature complete. My apologies for the omission. I've made the changes to the "Other Object Types" section below. I also clarified how referenced IRT objects are returned under "/entities/" in RDAP but cannot be queried for directly as an "/entity/", as IRT is not a supported object class. Please feel free to suggest any other corrections or improvements to the document and I will update accordingly. Regards Ed Shryane RIPE NCC ----------------------- Dear colleagues, At RIPE 88, Leo Vegoda asked in the DB-WG session for a transparency report on RDAP, and in particular any functionality gaps between RDAP and Whois in the RIPE database. The Registration Data Access Protocol (RDAP) is an alternative protocol to Whois that specifies how to access Internet resource registration data. It is specifically designed to address various shortcomings in Whois. Because of these improvements in RDAP, we want to encourage its adoption. However, at least for the RIPE Database, over 90% of Whois queries are still on port 43. In 2015, the Whois output from both Regional Internet Registries (RIRs) and Domain Name Registries (DNSs) were collected and analysed, and created an object registry in RFC 7485, "Inventory and Analysis of WHOIS Registration Objects". https://www.rfc-editor.org/rfc/rfc7485 This formed the basis of the various object types supported in RDAP. There are gaps where Whois object types or attribute types are not supported by RDAP. One difficulty is that the Whois object model is different for each RIR. This makes supporting specific attributes in RDAP more difficult. For this analysis we will focus on the RIPE Database. Also specifically for the RIPE NCC service region, known differences between RDAP and the RIPE Database are listed in the Whois GitHub repository: https://github.com/RIPE-NCC/whois/blob/master/README.RDAP.md Once it is clear where the gaps are, we will work with the community to prioritise work to close the gaps between RDAP and Whois. We also plan to cooperate with the other RIRs to help standardise any changes. Let's now analyse the gaps by functional area between the RIPE Database and RDAP. The following sections document how RPSL attributes for different object types are mapped to RDAP. Attributes common to most or all object types follow at the end of the document. Internet Number Registry (INR) ------------------------------ The Internet Number Registry (INR) is a subset of the RIPE Database containing information about resources, including IPv4 and IPv6 prefixes and AS numbers. AS-BLOCK As-block objects are *not* returned by RDAP. If an in-region AS number is not found, even if the parent as-block exists, then HTTP status 404 “Not Found” is returned for that AS number. AUT-NUM +---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | aut-num | /handle | | | /startAutnum | | | /endAutnum | +---------------------------------------+---------------------------------------+ | as-name | /name | +---------------------------------------+---------------------------------------+ | member-of | N/A (not returned) | +---------------------------------------+---------------------------------------+ | import-via | N/A | +---------------------------------------+---------------------------------------+ | import | N/A | +---------------------------------------+---------------------------------------+ | mp-import | N/A | +---------------------------------------+---------------------------------------+ | export-via | N/A | +---------------------------------------+---------------------------------------+ | export | N/A | +---------------------------------------+---------------------------------------+ | mp-export | N/A | +---------------------------------------+---------------------------------------+ | default | N/A | +---------------------------------------+---------------------------------------+ | mp-default | N/A | +---------------------------------------+---------------------------------------+ | sponsoring-org | N/A | +---------------------------------------+---------------------------------------+ | status | N/A | +---------------------------------------+---------------------------------------+ INETNUM +---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | inetnum | /handle | | | /startAddress | | | /endAddress | | | /ipVersion ("v4") | +---------------------------------------+---------------------------------------+ | netname | /name | +---------------------------------------+---------------------------------------+ | country | /country | | | (Whois "country" is multiple but | | | single in RDAP. Only the first value | | | is returned). | +---------------------------------------+---------------------------------------+ | geofeed | /links/ | | | "rel": "geo" | | | "type": "application/geofeed+csv" | | | See draft-ietf-regext-rdap-geofeed | +---------------------------------------+---------------------------------------+ | geoloc | /vcardArray "geo" (N.B. this attribute| | | is not related to Geofeed) | +---------------------------------------+---------------------------------------+ | language | /lang | | | (Whois "language" is multiple but | | | single in RDAP). | +---------------------------------------+---------------------------------------+ | sponsoring-org | N/A (not returned) | +---------------------------------------+---------------------------------------+ | status | /type | +---------------------------------------+---------------------------------------+ | assignment-size | N/A (not returned) | +---------------------------------------+---------------------------------------+ INET6NUM +---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | inet6num | /handle | | | /startAddress | | | /endAddress | | | /ipVersion ("v6") | +---------------------------------------+---------------------------------------+ | netname | /name | +---------------------------------------+---------------------------------------+ | country | /country | | | ("country" is multiple in Whois but | | | single in RDAP. Only the first value | | | is returned). | +---------------------------------------+---------------------------------------+ | geofeed | /links/ | | | "rel": "geo" | | | "type": "application/geofeed+csv" | | | See draft-ietf-regext-rdap-geofeed | +---------------------------------------+---------------------------------------+ | geoloc | /vcardArray "geo" (N.B. this attribute| | | is not related to Geofeed) | +---------------------------------------+---------------------------------------+ | language | /lang | | | ("language" is multiple in Whois but | | | single in RDAP. Only the first value | | | is returned). | +---------------------------------------+---------------------------------------+ | sponsoring-org | N/A (not returned) | +---------------------------------------+---------------------------------------+ | status | /type | +---------------------------------------+---------------------------------------+ | assignment-size | N/A (not returned) | +---------------------------------------+---------------------------------------+ Entity Object Types ------------------- Entities in RDAP include organisation, maintainer, person and role contact types. MNTNER +---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | mntner | /handle | +---------------------------------------+---------------------------------------+ | upd-to | N/A (not intended as a contact | | | email address) | +---------------------------------------+---------------------------------------+ | mnt-nfy | N/A (not intended as a contact | | | email address) | +---------------------------------------+---------------------------------------+ | auth | N/A (mot returned) | +---------------------------------------+---------------------------------------+ ORGANISATION +---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | organisation | /handle | +---------------------------------------+---------------------------------------+ | org-name | /vcardArray | | | "text": "org" | +---------------------------------------+---------------------------------------+ | org-type | N/A (not returned) | +---------------------------------------+---------------------------------------+ | address | /vcardArray | | | "adr" | +---------------------------------------+---------------------------------------+ | country | /country | | | ("country" is single in Whois and | | | single in RDAP. Only the first value | | | is returned). | +---------------------------------------+---------------------------------------+ | phone | /vcardArray | | | "tel" | | | "type": "voice" | +---------------------------------------+---------------------------------------+ | fax-no | /vcardArray | | | "tel" | | | "type": "fax" | +---------------------------------------+---------------------------------------+ | e-mail | /vcardArray | | | "email" | | | The "e-mail" value is filtered in | | | Whois but not in RDAP. | +---------------------------------------+---------------------------------------+ | geoloc | /vcardArray "geo" (N.B. this attribute| | | is not related to Geofeed) | +---------------------------------------+---------------------------------------+ | language | /lang ("language" is multiple in Whois| | | but single in RDAP. Only the first | | | value is returned). | +---------------------------------------+---------------------------------------+ | ref-nfy | N/A (not intended as a contact email | | | address) | +---------------------------------------+---------------------------------------+ ROLE +---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | role | /vcardArray | | | "fn" | +---------------------------------------+---------------------------------------+ | address | /vcardArray | | | "adr" | +---------------------------------------+---------------------------------------+ | phone | /vcardArray | | | "tel" | | | "type": "voice" | +---------------------------------------+---------------------------------------+ | fax-no | /vcardArray | | | "tel" | | | "type": "fax" | +---------------------------------------+---------------------------------------+ | e-mail | /vcardArray | | | "email" | +---------------------------------------+---------------------------------------+ | nic-hdl | /handle | +---------------------------------------+---------------------------------------+ PERSON +---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | person | /vcardArray | | | "fn" | +---------------------------------------+---------------------------------------+ | address | /vcardArray | | | "adr" | +---------------------------------------+---------------------------------------+ | phone | /vcardArray | | | "tel" | | | type": "voice" | +---------------------------------------+---------------------------------------+ | fax-no | /vcardArray | | | "tel" | | | "type": "fax" | +---------------------------------------+---------------------------------------+ | e-mail | /vcardArray | | | "email" | +---------------------------------------+---------------------------------------+ | nic-hdl | /handle | +---------------------------------------+---------------------------------------+ Internet Routing Registry (IRR) ------------------------------- The Internet Routing Registry (IRR) is a database of Routing policy information, including route objects and related sets. None of the IRR object types are currently returned by RDAP, including: ROUTE: IPv4 route ROUTE6: IPv6 route RTR-SET: Set of routers ROUTE-SET: Set of routes AS-SET: Set of aut-num objects FILTER-SET: Set of routes matched by its filter PEERING-SET: Set of peerings INET-RTR: Internet router Reverse Delegation ------------------ The RIPE Database contains information about the provisioning of Reverse Domain Name System (DNS) delegations, contained in the domain object type. DOMAIN +---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | domain | /handle | | | /ldhName | +---------------------------------------+---------------------------------------+ | zone-c | /entities | | | "roles": "zone" | | | ("zone" is a non-standard entity type)| +---------------------------------------+---------------------------------------+ | nserver | /nameServers | +---------------------------------------+---------------------------------------+ | ds-rdata | secureDNS/dsData | +---------------------------------------+---------------------------------------+ Other Object Types ------------------ The RIPE Database also contains some other object types, which cannot be queried for in RDAP. IRT: referenced IRT objects as "mnt-irt:" are returned in /entities/ in the RDAP response, but cannot be queried for themselves. KEY-CERT : not returned by RDAP. POEM: A poem object contains a poem that is submitted by a user. POETIC-FORM: A poetic-form object defines the supported poem types. Common Attributes ----------------- Some attributes appear on some or all object types in the RIPE Database and are mapped to RDAP as follows. +---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | abuse-c | /entities/ | | | role: "technical" | | | email type "abuse" | +---------------------------------------+---------------------------------------+ | admin-c | /entities/ | | | role: "administrative" | +---------------------------------------+---------------------------------------+ | tech-c | /entities/ | | | role: "technical" | +---------------------------------------+---------------------------------------+ | descr | /remarks/description/ | +---------------------------------------+---------------------------------------+ | mnt-by | /entities/ | | mnt-lower | In RDAP the role "registrant" is used | | mnt-routes | to identify both organisations and | | mnt-domains | maintainer entities. | | mnt-irt | In RDAP only the "mnt-by" value is | | mnt-ref | returned and not the other mnt types. | +---------------------------------------+---------------------------------------+ | org | /entities/ | | | In RDAP the role "registrant" is used | | | to identify both organisations and | | | maintainer entities. | +---------------------------------------+---------------------------------------+ | notify | N/A (not returned in RDAP response) | +---------------------------------------+---------------------------------------+ | remarks | /remarks/description/ | +---------------------------------------+---------------------------------------+ | created | /eventeventAction "registration" | +---------------------------------------+---------------------------------------+ | last-modified | /events/ | | | eventAction: "last changed" | +---------------------------------------+---------------------------------------+ | source | /notices/ | | | title: "source" | | | description: ["Objects returned came | | | from source", "RIPE"] | +---------------------------------------+---------------------------------------+ RDAP Object Classes ------------------- The RIPE database RDAP implementation supports the following object classes: * entity - returns Whois person, role, organisation, mntner types * ip - returns Whois inetnum and inet6num types * autnum - returns Whois aut-num type * domain - returns Whois domain type It does not support the nameserver class, used for forward DNS names. RDAP Query Flags ---------------- Supported query flags in the RIPE Database can be found in the Database documentation: https://docs.db.ripe.net/Types-of-Queries/ RDAP supports the following query flags: * For entity queries there is “fn” which is used as a search term for person, role and organisation name. Also “handle” which is used as a search term just for organisation and nic-hdl. Both cannot be used at the same time. * For ip queries there is “name” or “handle” both are used as a search term for netname (which maps to “name” in RDAP). * For autnum queries, “name” which is used to specify the search term for as-name, and “handle” for aut-num. * For domain queries, “name” which is used as a search term for domain. Conclusion ---------- The RDAP protocol addresses various shortcomings in Whois. Support for resource types and contact types is reasonably good, but there is no support for Internet Routing Registry (IRR) object types in particular. We must work to close the remaining gaps between RDAP and Whois if we want to increase the adoption of RDAP. --- Regards Ed Shryane RIPE NCC
On 16 Oct 2024, at 16:50, Edward Shryane <eshryane@ripe.net> wrote:
Dear colleagues,
At RIPE 88, Leo Vegoda asked in the DB-WG session for a transparency report on RDAP, and in particular any functionality gaps between RDAP and Whois in the RIPE database.
The Registration Data Access Protocol (RDAP) is an alternative protocol to Whois that specifies how to access Internet resource registration data. It is specifically designed to address various shortcomings in Whois. Because of these improvements in RDAP, we want to encourage its adoption. However, at least for the RIPE Database, over 90% of Whois queries are still on port 43.
In 2015, the Whois output from both Regional Internet Registries (RIRs) and Domain Name Registries (DNSs) were collected and analysed, and created an object registry in RFC 7485, "Inventory and Analysis of WHOIS Registration Objects". https://www.rfc-editor.org/rfc/rfc7485 This formed the basis of the various object types supported in RDAP. There are gaps where Whois object types or attribute types are not supported by RDAP.
One difficulty is that the Whois object model is different for each RIR. This makes supporting specific attributes in RDAP more difficult. For this analysis we will focus on the RIPE Database.
Also specifically for the RIPE NCC service region, known differences between RDAP and the RIPE Database are listed in the Whois GitHub repository: https://github.com/RIPE-NCC/whois/blob/master/README.RDAP.md
Once it is clear where the gaps are, we will work with the community to prioritise work to close the gaps between RDAP and Whois. We also plan to cooperate with the other RIRs to help standardise any changes.
Let's now analyse the gaps by functional area between the RIPE Database and RDAP. The following sections document how RPSL attributes for different object types are mapped to RDAP. Attributes common to most or all object types follow at the end of the document.
Internet Number Registry (INR) ------------------------------
The Internet Number Registry (INR) is a subset of the RIPE Database containing information about resources, including IPv4 and IPv6 prefixes and AS numbers.
AS-BLOCK
As-block objects are *not* returned by RDAP. If an in-region AS number is not found, even if the parent as-block exists, then HTTP status 404 “Not Found” is returned for that AS number.
AUT-NUM
+---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | aut-num | /handle | | | /startAutnum | | | /endAutnum | +---------------------------------------+---------------------------------------+ | as-name | /name | +---------------------------------------+---------------------------------------+ | member-of | N/A (not returned) | +---------------------------------------+---------------------------------------+ | import-via | N/A | +---------------------------------------+---------------------------------------+ | import | N/A | +---------------------------------------+---------------------------------------+ | mp-import | N/A | +---------------------------------------+---------------------------------------+ | export-via | N/A | +---------------------------------------+---------------------------------------+ | export | N/A | +---------------------------------------+---------------------------------------+ | mp-export | N/A | +---------------------------------------+---------------------------------------+ | default | N/A | +---------------------------------------+---------------------------------------+ | mp-default | N/A | +---------------------------------------+---------------------------------------+ | sponsoring-org | N/A | +---------------------------------------+---------------------------------------+ | status | N/A | +---------------------------------------+---------------------------------------+
INETNUM
+---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | inetnum | /handle | | | /startAddress | | | /endAddress | | | /ipVersion ("v4") | +---------------------------------------+---------------------------------------+ | netname | /name | +---------------------------------------+---------------------------------------+ | country | /country | | | (Whois "country" is multiple but | | | single in RDAP. Only the first value | | | is returned). | +---------------------------------------+---------------------------------------+ | geofeed | /links/ | | | "rel": "geo" | | | "type": "application/geofeed+csv" | | | See draft-ietf-regext-rdap-geofeed | +---------------------------------------+---------------------------------------+ | geoloc | /vcardArray "geo" (N.B. this attribute| | | is not related to Geofeed) | +---------------------------------------+---------------------------------------+ | language | /lang | | | (Whois "language" is multiple but | | | single in RDAP). | +---------------------------------------+---------------------------------------+ | sponsoring-org | N/A (not returned) | +---------------------------------------+---------------------------------------+ | status | /type | +---------------------------------------+---------------------------------------+ | assignment-size | N/A (not returned) | +---------------------------------------+---------------------------------------+
INET6NUM
+---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | inet6num | /handle | | | /startAddress | | | /endAddress | | | /ipVersion ("v6") | +---------------------------------------+---------------------------------------+ | netname | /name | +---------------------------------------+---------------------------------------+ | country | /country | | | ("country" is multiple in Whois but | | | single in RDAP. Only the first value | | | is returned). | +---------------------------------------+---------------------------------------+ | geofeed | /links/ | | | "rel": "geo" | | | "type": "application/geofeed+csv" | | | See draft-ietf-regext-rdap-geofeed | +---------------------------------------+---------------------------------------+ | geoloc | /vcardArray "geo" (N.B. this attribute| | | is not related to Geofeed) | +---------------------------------------+---------------------------------------+ | language | /lang | | | ("language" is multiple in Whois but | | | single in RDAP. Only the first value | | | is returned). | +---------------------------------------+---------------------------------------+ | sponsoring-org | N/A (not returned) | +---------------------------------------+---------------------------------------+ | status | /type | +---------------------------------------+---------------------------------------+ | assignment-size | N/A (not returned) | +---------------------------------------+---------------------------------------+
Entity Object Types -------------------
Entities in RDAP include organisation, maintainer, person and role contact types.
MNTNER
+---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | mntner | /handle | +---------------------------------------+---------------------------------------+ | upd-to | N/A (not intended as a contact | | | email address) | +---------------------------------------+---------------------------------------+ | mnt-nfy | N/A (not intended as a contact | | | email address) | +---------------------------------------+---------------------------------------+ | auth | N/A (mot returned) | +---------------------------------------+---------------------------------------+
ORGANISATION
+---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | organisation | /handle | +---------------------------------------+---------------------------------------+ | org-name | /vcardArray | | | "text": "org" | +---------------------------------------+---------------------------------------+ | org-type | N/A (not returned) | +---------------------------------------+---------------------------------------+ | address | /vcardArray | | | "adr" | +---------------------------------------+---------------------------------------+ | country | /country | | | ("country" is single in Whois and | | | single in RDAP. Only the first value | | | is returned). | +---------------------------------------+---------------------------------------+ | phone | /vcardArray | | | "tel" | | | "type": "voice" | +---------------------------------------+---------------------------------------+ | fax-no | /vcardArray | | | "tel" | | | "type": "fax" | +---------------------------------------+---------------------------------------+ | e-mail | /vcardArray | | | "email" | | | The "e-mail" value is filtered in | | | Whois but not in RDAP. | +---------------------------------------+---------------------------------------+ | geoloc | /vcardArray "geo" (N.B. this attribute| | | is not related to Geofeed) | +---------------------------------------+---------------------------------------+ | language | /lang ("language" is multiple in Whois| | | but single in RDAP. Only the first | | | value is returned). | +---------------------------------------+---------------------------------------+ | ref-nfy | N/A (not intended as a contact email | | | address) | +---------------------------------------+---------------------------------------+
ROLE
+---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | role | /vcardArray | | | "fn" | +---------------------------------------+---------------------------------------+ | address | /vcardArray | | | "adr" | +---------------------------------------+---------------------------------------+ | phone | /vcardArray | | | "tel" | | | "type": "voice" | +---------------------------------------+---------------------------------------+ | fax-no | /vcardArray | | | "tel" | | | "type": "fax" | +---------------------------------------+---------------------------------------+ | e-mail | /vcardArray | | | "email" | +---------------------------------------+---------------------------------------+ | nic-hdl | /handle | +---------------------------------------+---------------------------------------+
PERSON
+---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | person | /vcardArray | | | "fn" | +---------------------------------------+---------------------------------------+ | address | /vcardArray | | | "adr" | +---------------------------------------+---------------------------------------+ | phone | /vcardArray | | | "tel" | | | type": "voice" | +---------------------------------------+---------------------------------------+ | fax-no | /vcardArray | | | "tel" | | | "type": "fax" | +---------------------------------------+---------------------------------------+ | e-mail | /vcardArray | | | "email" | +---------------------------------------+---------------------------------------+ | nic-hdl | /handle | +---------------------------------------+---------------------------------------+
Internet Routing Registry (IRR) -------------------------------
The Internet Routing Registry (IRR) is a database of Routing policy information, including route objects and related sets.
None of the IRR object types are currently returned by RDAP, including:
ROUTE: IPv4 route ROUTE6: IPv6 route RTR-SET: Set of routers ROUTE-SET: Set of routes AS-SET: Set of aut-num objects FILTER-SET: Set of routes matched by its filter PEERING-SET: Set of peerings INET-RTR: Internet router
Reverse Delegation ------------------
The RIPE Database contains information about the provisioning of Reverse Domain Name System (DNS) delegations, contained in the domain object type.
DOMAIN
+---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | domain | /handle | | | /ldhName | +---------------------------------------+---------------------------------------+ | zone-c | /entities | | | "roles": "zone" | | | ("zone" is a non-standard entity type)| +---------------------------------------+---------------------------------------+ | nserver | /nameServers | +---------------------------------------+---------------------------------------+ | ds-rdata | secureDNS/dsData | +---------------------------------------+---------------------------------------+
Other Object Types ------------------
The RIPE Database also contains some other object types.
IRT: referenced IRT objects are returned, but not directly. KEY-CERT : not returned by RDAP.
Common Attributes -----------------
Some attributes appear on some or all object types in the RIPE Database and are mapped to RDAP as follows.
+---------------------------------------+---------------------------------------+ | WHOIS | RDAP | +---------------------------------------+---------------------------------------+ | abuse-c | /entities/ | | | role: "technical" | | | email type "abuse" | +---------------------------------------+---------------------------------------+ | admin-c | /entities/ | | | role: "administrative" | +---------------------------------------+---------------------------------------+ | tech-c | /entities/ | | | role: "technical" | +---------------------------------------+---------------------------------------+ | descr | /remarks/description/ | +---------------------------------------+---------------------------------------+ | mnt-by | /entities/ | | mnt-lower | In RDAP the role "registrant" is used | | mnt-routes | to identify both organisations and | | mnt-domains | maintainer entities. | | mnt-irt | In RDAP only the "mnt-by" value is | | mnt-ref | returned and not the other mnt types. | +---------------------------------------+---------------------------------------+ | org | /entities/ | | | In RDAP the role "registrant" is used | | | to identify both organisations and | | | maintainer entities. | +---------------------------------------+---------------------------------------+ | notify | N/A (not returned in RDAP response) | +---------------------------------------+---------------------------------------+ | remarks | /remarks/description/ | +---------------------------------------+---------------------------------------+ | created | /eventeventAction "registration" | +---------------------------------------+---------------------------------------+ | last-modified | /events/ | | | eventAction: "last changed" | +---------------------------------------+---------------------------------------+ | source | /notices/ | | | title: "source" | | | description: ["Objects returned came | | | from source", "RIPE"] | +---------------------------------------+---------------------------------------+
RDAP Object Classes ------------------- The RIPE database RDAP implementation supports the following object classes:
* entity - returns Whois person, role, organisation, mntner types * ip - returns Whois inetnum and inet6num types * autnum - returns Whois aut-num type * domain - returns Whois domain type
It does not support the nameserver class, used for forward DNS names.
RDAP Query Flags ----------------
Supported query flags in the RIPE Database can be found in the Database documentation: https://docs.db.ripe.net/Types-of-Queries/
RDAP supports the following query flags:
* For entity queries there is “fn” which is used as a search term for person, role and organisation name. Also “handle” which is used as a search term just for organisation and nic-hdl. Both cannot be used at the same time. * For ip queries there is “name” or “handle” both are used as a search term for netname (which maps to “name” in RDAP). * For autnum queries, “name” which is used to specify the search term for as-name, and “handle” for aut-num. * For domain queries, “name” which is used as a search term for domain.
Conclusion ----------
The RDAP protocol addresses various shortcomings in Whois. Support for resource types and contact types is reasonably good, but there is no support for Internet Routing Registry (IRR) object types in particular. We must work to close the remaining gaps between RDAP and Whois if we want to increase the adoption of RDAP.
---
Regards Ed Shryane RIPE NCC
participants (1)
-
Edward Shryane