At a recent hackathon event at work I looked into RDAP - the Registration Data Access Protocol. It aims to be the standard to query and present data about the owners and responsible parties of domains, IPs and ASNs (Autonomous System Numbers). This data used to be accessible only via WHOIS protocol (so much so that the data is sometimes referred to as “WHOIS data”), in plaintext via port 43. That was not great in case you needed to figure out the abuse e-mail of a domain registrar programmatically of course.

RDAP is a nice and simple RESTful API protocol that allows you to query the registrant information from the responsible registries/registrars. In theory every registry should run a RDAP server that can be queried for information about the objects (e.g. domains) it is responsible for. In case of e.g. thin registries, which don’t necessarily have all the data for their registered domains, as they were registered through sub-registrars, they can also point to the RDAP endpoint of the respective sub-registrars. The problem was to initially figure out which RDAP server was responsible for which object in the first place.

This was solved by RFC 9224 “Finding the Authoritative Registration Data Access Protocol (RDAP) Service”. In short, the IANA (Internet Assigned Numbers Authority) is hosting a bunch of files that point you to the right RDAP server for e.g. a specific TLD (or an IP, ASN, etc.).

Unfortunately not every registry has declared and is hosting an authoritative RDAP service. While gTLD registries (like .plumbing or .lamer) are required to provide such a service, the old ccTLD registries (like .de or .uk) are not. And some of the registries that do have declared it put it behind ridiculously low rate-limits. 1 The Wix.com RDAP endpoint returned a “HTTP 429 Too many requests” response on literally my first ever request-attempt to them.

But, at the time of writing, 80.49% of all TLDs have an authoritative RDAP service declared. I know that, because I built a little Mastodon Bot called @stateofRDAP@botsin.space which currently monitors the DNS RDAP bootstrap file and posts about changes to it. So, if you are on Mastodon and are as excited as I am about RDAP, feel free to follow the little fellow.

Screenshot of a post of @stateofRDAP, saying that “As of today 80.48% (1192) of all 1481 Top Level Domains have an authoritative RDAP service declared. These TLDs were added: .kids #RDAP”

Currently it just monitors the DNS RDAP boostrap file, and it just handles TLDs being added or removed, but in the future I also want to have it handle changes of RDAP endpoints (e.g. when another registry is taking over responsibility for a TLD) or potentially the other RDAP bootstrap files, depending on the noise levels.

  1. “Domain Name Registration Data at the Crossroads: The State of Data Protection, Compliance, and Contactability at ICANN” (PDF) ↩︎