5Internet Engineering Task Force (IETF) S. Hollenbeck
6Request for Comments: 9082 Verisign Labs
9Category: Standards Track June 2021
13 Registration Data Access Protocol (RDAP) Query Format
17 This document describes uniform patterns to construct HTTP URLs that
18 may be used to retrieve registration information from registries
19 (including both Regional Internet Registries (RIRs) and Domain Name
20 Registries (DNRs)) using "RESTful" web access patterns. These
21 uniform patterns define the query syntax for the Registration Data
22 Access Protocol (RDAP). This document obsoletes RFC 7482.
26 This is an Internet Standards Track document.
28 This document is a product of the Internet Engineering Task Force
29 (IETF). It represents the consensus of the IETF community. It has
30 received public review and has been approved for publication by the
31 Internet Engineering Steering Group (IESG). Further information on
32 Internet Standards is available in Section 2 of RFC 7841.
34 Information about the current status of this document, any errata,
35 and how to provide feedback on it may be obtained at
36 https://www.rfc-editor.org/info/rfc9082.
40 Copyright (c) 2021 IETF Trust and the persons identified as the
41 document authors. All rights reserved.
43 This document is subject to BCP 78 and the IETF Trust's Legal
44 Provisions Relating to IETF Documents
45 (https://trustee.ietf.org/license-info) in effect on the date of
46 publication of this document. Please review these documents
47 carefully, as they describe your rights and restrictions with respect
48 to this document. Code Components extracted from this document must
49 include Simplified BSD License text as described in Section 4.e of
50 the Trust Legal Provisions and are provided without warranty as
51 described in the Simplified BSD License.
56 2. Conventions Used in This Document
57 2.1. Acronyms and Abbreviations
58 3. Path Segment Specification
59 3.1. Lookup Path Segment Specification
60 3.1.1. IP Network Path Segment Specification
61 3.1.2. Autonomous System Path Segment Specification
62 3.1.3. Domain Path Segment Specification
63 3.1.4. Nameserver Path Segment Specification
64 3.1.5. Entity Path Segment Specification
65 3.1.6. Help Path Segment Specification
66 3.2. Search Path Segment Specification
68 3.2.2. Nameserver Search
71 4.1. Partial String Searching
72 4.2. Associated Records
74 6. Internationalization Considerations
75 6.1. Character Encoding Considerations
76 7. IANA Considerations
77 8. Security Considerations
79 9.1. Normative References
80 9.2. Informative References
81 Appendix A. Changes from RFC 7482
87 This document describes a specification for querying registration
88 data using a RESTful web service and uniform query patterns. The
89 service is implemented using the Hypertext Transfer Protocol (HTTP)
90 [RFC7230] and the conventions described in [RFC7480]. These uniform
91 patterns define the query syntax for the Registration Data Access
92 Protocol (RDAP). This document obsoletes RFC 7482.
94 The protocol described in this specification is intended to address
95 deficiencies with the WHOIS protocol [RFC3912] that have been
96 identified over time, including:
98 * lack of standardized command structures;
100 * lack of standardized output and error structures;
102 * lack of support for internationalization and localization; and
104 * lack of support for user identification, authentication, and
107 The patterns described in this document purposefully do not encompass
108 all of the methods employed in the WHOIS and other RESTful web
109 services used by the RIRs and DNRs. The intent of the patterns
110 described here is to enable queries of:
112 * networks by IP address;
114 * Autonomous System (AS) numbers by number;
116 * reverse DNS metadata by domain;
118 * nameservers by name; and
120 * entities (such as registrars and contacts) by identifier.
122 Server implementations are free to support only a subset of these
123 features depending on local requirements. Servers MUST return an
124 HTTP 501 (Not Implemented) [RFC7231] response to inform clients of
125 unsupported query types. It is also envisioned that each registry
126 will continue to maintain WHOIS and/or other RESTful web services
127 specific to their needs and those of their constituencies, and the
128 information retrieved through the patterns described here may
129 reference such services.
131 Likewise, future IETF specifications may add additional patterns for
132 additional query types. A simple pattern namespacing scheme is
133 described in Section 5 to accommodate custom extensions that will not
134 interfere with the patterns defined in this document or patterns
135 defined in future IETF specifications.
137 WHOIS services, in general, are read-only services. Accordingly, URL
138 [RFC3986] patterns specified in this document are only applicable to
139 the HTTP [RFC7231] GET and HEAD methods.
141 This document does not describe the results or entities returned from
142 issuing the described URLs with an HTTP GET. The specification of
143 these entities is described in [RFC9083].
145 Additionally, resource management, provisioning, and update functions
146 are out of scope for this document. Registries have various and
147 divergent methods covering these functions, and it is unlikely a
148 uniform approach is needed for interoperability.
150 HTTP contains mechanisms for servers to authenticate clients and for
151 clients to authenticate servers (from which authorization schemes may
152 be built), so such mechanisms are not described in this document.
153 Policy, provisioning, and processing of authentication and
154 authorization are out of scope for this document as deployments will
155 have to make choices based on local criteria. Supported
156 authentication mechanisms are described in [RFC7481].
1582. Conventions Used in This Document
160 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
161 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
162 "OPTIONAL" in this document are to be interpreted as described in
163 BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
164 capitals, as shown here.
1662.1. Acronyms and Abbreviations
168 IDN: Internationalized Domain Name, a fully-qualified domain name
169 containing one or more labels that are intended to include one or
170 more Unicode code points outside the ASCII range (cf. "domain
171 name", "fully-qualified domain name", and "internationalized
172 domain name" in RFC 8499 [RFC8499]).
174 IDNA: Internationalized Domain Names in Applications, a protocol for
175 the handling of IDNs. In this document, "IDNA" refers
176 specifically to the version of those specifications known as
177 "IDNA2008" [RFC5890].
179 DNR: Domain Name Registry or Domain Name Registrar
181 NFC: Unicode Normalization Form C [Unicode-UAX15]
183 NFKC: Unicode Normalization Form KC [Unicode-UAX15]
185 RDAP: Registration Data Access Protocol
187 REST: Representational State Transfer. The term was first described
188 in a doctoral dissertation [REST].
190 RESTful: An adjective that describes a service using HTTP and the
193 RIR: Regional Internet Registry
1953. Path Segment Specification
197 The base URLs used to construct RDAP queries are maintained in an
198 IANA registry (the "bootstrap registry") described in [RFC7484].
199 Queries are formed by retrieving an appropriate base URL from the
200 registry and appending a path segment specified in either Sections
201 3.1 or 3.2. Generally, a registry or other service provider will
202 provide a base URL that identifies the protocol, host, and port, and
203 this will be used as a base URL that the complete URL is resolved
204 against, as per Section 5 of RFC 3986 [RFC3986]. For example, if the
205 base URL is "https://example.com/rdap/", all RDAP query URLs will
206 begin with "https://example.com/rdap/".
208 The bootstrap registry does not contain information for query objects
209 that are not part of a global namespace, including entities and help.
210 A base URL for an associated object is required to construct a
211 complete query. This limitation can be overcome for entities by
212 using the practice described in RFC 8521 [RFC8521].
214 For entities, a base URL is retrieved for the service (domain,
215 address, etc.) associated with a given entity. The query URL is
216 constructed by concatenating the base URL with the entity path
217 segment specified in either Sections 3.1.5 or 3.2.3.
219 For help, a base URL is retrieved for any service (domain, address,
220 etc.) for which additional information is required. The query URL is
221 constructed by concatenating the base URL with the help path segment
222 specified in Section 3.1.6.
2243.1. Lookup Path Segment Specification
226 A simple lookup to determine if an object exists (or not) without
227 returning RDAP-encoded results can be performed using the HTTP HEAD
228 method as described in Section 4.1 of [RFC7480].
230 The resource type path segments for exact match lookup are:
232 'ip': Used to identify IP networks and associated data referenced
233 using either an IPv4 or IPv6 address.
235 'autnum': Used to identify Autonomous System number registrations
236 and associated data referenced using an asplain Autonomous System
239 'domain': Used to identify reverse DNS (RIR) or domain name (DNR)
240 information and associated data referenced using a fully qualified
243 'nameserver': Used to identify a nameserver information query using
246 'entity': Used to identify an entity information query using a
2493.1.1. IP Network Path Segment Specification
251 Syntax: ip/<IP address> or ip/<CIDR prefix>/<CIDR length>
253 Queries for information about IP networks are of the form /ip/XXX or
254 /ip/XXX/YY where the path segment following 'ip' is either an IPv4
255 dotted decimal or IPv6 [RFC5952] address (i.e., XXX) or an IPv4 or
256 IPv6 Classless Inter-domain Routing (CIDR) [RFC4632] notation address
257 block (i.e., XXX/YY). Semantically, the simpler form using the
258 address can be thought of as a CIDR block with a prefix length of 32
259 for IPv4 and a prefix length of 128 for IPv6. A given specific
260 address or CIDR may fall within multiple IP networks in a hierarchy
261 of networks; therefore, this query targets the "most-specific" or
262 smallest IP network that completely encompasses it in a hierarchy of
265 The IPv4 and IPv6 address formats supported in this query are
266 described in Section 3.2.2 of RFC 3986 [RFC3986] as IPv4address and
267 IPv6address ABNF definitions. Any valid IPv6 text address format
268 [RFC4291] can be used. This includes IPv6 addresses written using
269 with or without compressed zeros and IPv6 addresses containing
270 embedded IPv4 addresses. The rules to write a text representation of
271 an IPv6 address [RFC5952] are RECOMMENDED. However, the zone_id
272 [RFC4007] is not appropriate in this context; therefore, the
273 corresponding syntax extension in RFC 6874 [RFC6874] MUST NOT be
274 used, and servers SHOULD ignore it.
276 For example, the following URL would be used to find information for
277 the most specific network containing 192.0.2.0:
279 https://example.com/rdap/ip/192.0.2.0
281 The following URL would be used to find information for the most
282 specific network containing 192.0.2.0/24:
284 https://example.com/rdap/ip/192.0.2.0/24
286 The following URL would be used to find information for the most
287 specific network containing 2001:db8::
289 https://example.com/rdap/ip/2001:db8::
2913.1.2. Autonomous System Path Segment Specification
293 Syntax: autnum/<autonomous system number>
295 Queries for information regarding Autonomous System number
296 registrations are of the form /autnum/XXX where XXX is an asplain
297 Autonomous System number [RFC5396]. In some registries, registration
298 of Autonomous System numbers is done on an individual number basis,
299 while other registries may register blocks of Autonomous System
300 numbers. The semantics of this query are such that if a number falls
301 within a range of registered blocks, the target of the query is the
302 block registration and that individual number registrations are
303 considered a block of numbers with a size of 1.
305 For example, the following URL would be used to find information
306 describing Autonomous System number 12 (a number within a range of
309 https://example.com/rdap/autnum/12
311 The following URL would be used to find information describing 4-byte
312 Autonomous System number 65538:
314 https://example.com/rdap/autnum/65538
318 Syntax: domain/<domain name>
320 Queries for domain information are of the form /domain/XXXX, where
321 XXXX is a fully qualified (relative to the root) domain name (as
322 specified in [RFC0952] and [RFC1123]) in either the in-addr.arpa or
323 ip6.arpa zones (for RIRs) or a fully qualified domain name in a zone
324 administered by the server operator (for DNRs). Internationalized
325 Domain Names (IDNs) represented in either A-label or U-label format
326 [RFC5890] are also valid domain names. See Section 6.1 for
327 information on character encoding for the U-label format.
329 IDNs SHOULD NOT be represented as a mixture of A-labels and U-labels;
330 that is, internationalized labels in an IDN SHOULD be either all
331 A-labels or all U-labels. It is possible for an RDAP client to
332 assemble a query string from multiple independent data sources. Such
333 a client might not be able to perform conversions between A-labels
334 and U-labels. An RDAP server that receives a query string with a
335 mixture of A-labels and U-labels MAY convert all the U-labels to
336 A-labels, perform IDNA processing, and proceed with exact-match
337 lookup. In such cases, the response to be returned to the query
338 source may not match the input from the query source. Alternatively,
339 the server MAY refuse to process the query.
341 The server MAY perform the match using either the A-label or U-label
342 form. Using one consistent form for matching every label is likely
345 The following URL would be used to find information describing the
346 zone serving the network 192.0.2/24:
348 https://example.com/rdap/domain/2.0.192.in-addr.arpa
350 The following URL would be used to find information describing the
351 zone serving the network 2001:db8:1::/48:
353 https://example.com/rdap/domain/1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa
355 The following URL would be used to find information for the
356 blah.example.com domain name:
358 https://example.com/rdap/domain/blah.example.com
360 The following URL would be used to find information for the
361 xn--fo-5ja.example IDN:
363 https://example.com/rdap/domain/xn--fo-5ja.example
3653.1.4. Nameserver Path Segment Specification
367 Syntax: nameserver/<nameserver name>
369 The <nameserver name> parameter represents a fully qualified host
370 name as specified in [RFC0952] and [RFC1123]. Internationalized
371 names represented in either A-label or U-label format [RFC5890] are
372 also valid nameserver names. IDN processing for nameserver names
373 uses the domain name processing instructions specified in
374 Section 3.1.3. See Section 6.1 for information on character encoding
375 for the U-label format.
377 The following URL would be used to find information for the
378 ns1.example.com nameserver:
380 https://example.com/rdap/nameserver/ns1.example.com
382 The following URL would be used to find information for the
383 ns1.xn--fo-5ja.example nameserver:
385 https://example.com/rdap/nameserver/ns1.xn--fo-5ja.example
3873.1.5. Entity Path Segment Specification
389 Syntax: entity/<handle>
391 The <handle> parameter represents an entity (such as a contact,
392 registrant, or registrar) identifier whose syntax is specific to the
393 registration provider. For example, for some DNRs, contact
394 identifiers are specified in [RFC5730] and [RFC5733].
396 The following URL would be used to find information for the entity
397 associated with handle XXXX:
399 https://example.com/rdap/entity/XXXX
4013.1.6. Help Path Segment Specification
405 The help path segment can be used to request helpful information
406 (command syntax, terms of service, privacy policy, rate-limiting
407 policy, supported authentication methods, supported extensions,
408 technical support contact, etc.) from an RDAP server. The response
409 to "help" should provide basic information that a client needs to
410 successfully use the service. The following URL would be used to
411 return "help" information:
413 https://example.com/rdap/help
4153.2. Search Path Segment Specification
417 Pattern matching semantics are described in Section 4.1. The
418 resource type path segments for search are:
420 'domains': Used to identify a domain name information search using a
421 pattern to match a fully qualified domain name.
423 'nameservers': Used to identify a nameserver information search
424 using a pattern to match a host name.
426 'entities': Used to identify an entity information search using a
427 pattern to match a string identifier.
429 RDAP search path segments are formed using a concatenation of the
430 plural form of the object being searched for and an HTTP query
431 string. The HTTP query string is formed using a concatenation of the
432 question mark character ('?', US-ASCII value 0x003F), a noun
433 representing the JSON object property associated with the object
434 being searched for, the equal sign character ('=', US-ASCII value
435 0x003D), and the search pattern (this is in contrast to the more
436 generic HTTP query string that allows multiple simultaneous
437 parameters). Search pattern query processing is described more fully
438 in Section 4. For the domain, nameserver, and entity objects
439 described in this document, the plural object forms are "domains",
440 "nameservers", and "entities".
442 Detailed results can be retrieved using the HTTP GET method and the
443 path segments specified here.
447 Syntax: domains?name=<domain search pattern>
449 Syntax: domains?nsLdhName=<nameserver search pattern>
451 Syntax: domains?nsIp=<nameserver IP address>
453 Searches for domain information by name are specified using this
458 XXXX is a search pattern representing a domain name in "letters,
459 digits, hyphen" (LDH) format [RFC5890]. The following URL would be
460 used to find DNR information for domain names matching the
461 "example*.com" pattern:
463 https://example.com/rdap/domains?name=example*.com
465 IDNs in U-label format [RFC5890] can also be used as search patterns
466 (see Section 4). Searches for these names are of the form
467 /domains?name=XXXX, where XXXX is a search pattern representing a
468 domain name in U-label format [RFC5890]. See Section 6.1 for
469 information on character encoding for the U-label format.
471 Searches for domain information by nameserver name are specified
474 domains?nsLdhName=YYYY
476 YYYY is a search pattern representing a host name in "letters,
477 digits, hyphen" format [RFC5890]. The following URL would be used to
478 search for domains delegated to nameservers matching the
479 "ns1.example*.com" pattern:
481 https://example.com/rdap/domains?nsLdhName=ns1.example*.com
483 Searches for domain information by nameserver IP address are
484 specified using this form:
488 ZZZZ is an IPv4 [RFC1166] or IPv6 [RFC5952] address. The following
489 URL would be used to search for domains that have been delegated to
490 nameservers that resolve to the "192.0.2.0" address:
492 https://example.com/rdap/domains?nsIp=192.0.2.0
4943.2.2. Nameserver Search
496 Syntax: nameservers?name=<nameserver search pattern>
498 Syntax: nameservers?ip=<nameserver IP address>
500 Searches for nameserver information by nameserver name are specified
503 nameservers?name=XXXX
505 XXXX is a search pattern representing a host name in "letters,
506 digits, hyphen" format [RFC5890]. The following URL would be used to
507 find information for nameserver names matching the "ns1.example*.com"
510 https://example.com/rdap/nameservers?name=ns1.example*.com
512 Internationalized nameserver names in U-label format [RFC5890] can
513 also be used as search patterns (see Section 4). Searches for these
514 names are of the form /nameservers?name=XXXX, where XXXX is a search
515 pattern representing a nameserver name in U-label format [RFC5890].
516 See Section 6.1 for information on character encoding for the U-label
519 Searches for nameserver information by nameserver IP address are
520 specified using this form:
524 YYYY is an IPv4 [RFC1166] or IPv6 [RFC5952] address. The following
525 URL would be used to search for nameserver names that resolve to the
528 https://example.com/rdap/nameservers?ip=192.0.2.0
532 Syntax: entities?fn=<entity name search pattern>
534 Syntax: entities?handle=<entity handle search pattern>
536 Searches for entity information by name are specified using this
541 XXXX is a search pattern representing the "fn" property of an entity
542 (such as a contact, registrant, or registrar) name as described in
543 Section 5.1 of [RFC9083]. The following URL would be used to find
544 information for entity names matching the "Bobby Joe*" pattern:
546 https://example.com/rdap/entities?fn=Bobby%20Joe*
548 Searches for entity information by handle are specified using this
553 XXXX is a search pattern representing an entity (such as a contact,
554 registrant, or registrar) identifier whose syntax is specific to the
555 registration provider. The following URL would be used to find
556 information for entity handles matching the "CID-40*" pattern:
558 https://example.com/rdap/entities?handle=CID-40*
560 URLs MUST be properly encoded according to the rules of [RFC3986].
561 In the example above, "Bobby Joe*" is encoded to "Bobby%20Joe*".
565 Servers indicate the success or failure of query processing by
566 returning an appropriate HTTP response code to the client. Response
567 codes not specifically identified in this document are described in
5704.1. Partial String Searching
572 Partial string searching uses the asterisk ('*', US-ASCII value 0x2A)
573 character to match zero or more trailing characters. A character
574 string representing a domain label suffix MAY be concatenated to the
575 end of the search pattern to limit the scope of the search. For
576 example, the search pattern "exam*" will match "example.com" and
577 "example.net". The search pattern "exam*.com" will match
578 "example.com". If an asterisk appears in a search string, any label
579 that contains the non-asterisk characters in sequence plus zero or
580 more characters in sequence in place of the asterisk would match. A
581 partial string search MUST NOT include more than one asterisk.
582 Additional pattern matching processing is beyond the scope of this
585 If a server receives a search request but cannot process the request
586 because it does not support a particular style of partial match
587 searching, it SHOULD return an HTTP 422 (Unprocessable Entity)
588 [RFC4918] response (unless another response code is more appropriate
589 based on a server's policy settings) to note that search
590 functionality is supported, but this particular query cannot be
591 processed. When returning a 422 error, the server MAY also return an
592 error response body as specified in Section 6 of [RFC9083] if the
593 requested media type is one that is specified in [RFC7480].
595 Partial matching is not feasible across combinations of Unicode
596 characters because Unicode characters can be combined with each
597 other. Servers SHOULD NOT partially match combinations of Unicode
598 characters where a legal combination is possible. It should be
599 noted, though, that it may not always be possible to detect cases
600 where a character could have been combined with another character,
601 but was not, because characters can be combined in many different
604 Clients SHOULD NOT submit a partial match search of Unicode
605 characters where a Unicode character may be legally combined with
606 another Unicode character or characters. Partial match searches with
607 incomplete combinations of characters where a character must be
608 combined with another character or characters are invalid. Partial
609 match searches with characters that may be combined with another
610 character or characters are to be considered non-combined characters
611 (that is, if character x may be combined with character y but
612 character y is not submitted in the search string, then character x
613 is a complete character and no combinations of character x are to be
6164.2. Associated Records
618 Conceptually, any query-matching record in a server's database might
619 be a member of a set of related records, related in some fashion as
620 defined by the server -- for example, variants of an IDN. The entire
621 set ought to be considered as candidates for inclusion when
622 constructing the response. However, the construction of the final
623 response needs to be mindful of privacy and other data-releasing
624 policies when assembling the RDAP response set.
626 Note too that due to the nature of searching, there may be a list of
627 query-matching records. Each one of those is subject to being a
628 member of a set as described in the previous paragraph. What is
629 ultimately returned in a response will be the union of all the sets
630 that has been filtered by whatever policies are in place.
632 Note that this model includes arrangements for associated names,
633 including those that are linked by policy mechanisms and names bound
634 together for some other purposes. Note also that returning
635 information that was not explicitly selected by an exact-match
636 lookup, including additional names that match a relatively fuzzy
637 search as well as lists of names that are linked together, may cause
640 Note that there might not be a single, static information return
641 policy that applies to all clients equally. Client identity and
642 associated authorizations can be a relevant factor in determining how
643 broad the response set will be for any particular query.
647 This document describes path segment specifications for a limited
648 number of objects commonly registered in both RIRs and DNRs. It does
649 not attempt to describe path segments for all of the objects
650 registered in all registries. Custom path segments can be created
651 for objects not specified here using the process described in
652 Section 6 of "HTTP Usage in the Registration Data Access Protocol
655 Custom path segments can be created by prefixing the segment with a
656 unique identifier followed by an underscore character (0x5F). For
657 example, a custom entity path segment could be created by prefixing
658 "entity" with "custom_", producing "custom_entity". Servers MUST
659 return an appropriate failure status code for a request with an
660 unrecognized path segment.
6626. Internationalization Considerations
664 There is value in supporting the ability to submit either a U-label
665 (Unicode form of an IDN label) or an A-label (US-ASCII form of an IDN
666 label) as a query argument to an RDAP service. Clients capable of
667 processing non-US-ASCII characters may prefer a U-label since this is
668 more visually recognizable and familiar than A-label strings, but
669 clients using programmatic interfaces might find it easier to submit
670 and display A-labels if they are unable to input U-labels with their
671 keyboard configuration. Both query forms are acceptable.
673 Internationalized domain and nameserver names can contain character
674 variants and variant labels as described in [RFC4290]. Clients that
675 support queries for internationalized domain and nameserver names
676 MUST accept service provider responses that describe variants as
677 specified in "JSON Responses for the Registration Data Access
678 Protocol (RDAP)" [RFC9083].
6806.1. Character Encoding Considerations
682 Servers can expect to receive search patterns from clients that
683 contain character strings encoded in different forms supported by
684 HTTP. It is entirely possible to apply filters and normalization
685 rules to search patterns prior to making character comparisons, but
686 this type of processing is more typically needed to determine the
687 validity of registered strings than to match patterns.
689 An RDAP client submitting a query string containing non-US-ASCII
690 characters converts such strings into Unicode in UTF-8 encoding. It
691 then performs any local case mapping deemed necessary. Strings are
692 normalized using Normalization Form C (NFC) [Unicode-UAX15]; note
693 that clients might not be able to do this reliably. UTF-8 encoded
694 strings are then appropriately percent-encoded [RFC3986] in the query
697 After parsing any percent-encoding, an RDAP server treats each query
698 string as Unicode in UTF-8 encoding. If a string is not valid UTF-8,
699 the server can immediately stop processing the query and return an
700 HTTP 400 (Bad Request) response.
702 When processing queries, there is a difference in handling DNS names,
703 including those with putative U-labels, and everything else. DNS
704 names are treated according to the DNS matching rules as described in
705 Section 3.1 of RFC 1035 [RFC1035] for Non-Reserved LDH (NR-LDH)
706 labels and the matching rules described in Section 5.4 of RFC 5891
707 [RFC5891] for U-labels. Matching of DNS names proceeds one label at
708 a time because it is possible for a combination of U-labels and NR-
709 LDH labels to be found in a single domain or host name. The
710 determination of whether a label is a U-label or an NR-LDH label is
711 based on whether the label contains any characters outside of the US-
712 ASCII letters, digits, or hyphen (the so-called LDH rule).
714 For everything else, servers map fullwidth and halfwidth characters
715 to their decomposition equivalents. Servers convert strings to the
716 same coded character set of the target data that is to be looked up
717 or searched, and each string is normalized using the same
718 normalization that was used on the target data. In general, storage
719 of strings as Unicode is RECOMMENDED. For the purposes of
720 comparison, Normalization Form KC (NFKC) [Unicode-UAX15] with case
721 folding is used to maximize predictability and the number of matches.
722 Note the use of case-folded NFKC as opposed to NFC in this case.
7247. IANA Considerations
726 This document has no IANA actions.
7288. Security Considerations
730 Security services for the operations specified in this document are
731 described in "Security Services for the Registration Data Access
732 Protocol (RDAP)" [RFC7481].
734 Search functionality typically requires more server resources (such
735 as memory, CPU cycles, and network bandwidth) when compared to basic
736 lookup functionality. This increases the risk of server resource
737 exhaustion and subsequent denial of service due to abuse. This risk
738 can be mitigated by developing and implementing controls to restrict
739 search functionality to identified and authorized clients. If those
740 clients behave badly, their search privileges can be suspended or
741 revoked. Rate limiting as described in Section 5.5 of "HTTP Usage in
742 the Registration Data Access Protocol (RDAP)" [RFC7480] can also be
743 used to control the rate of received search requests. Server
744 operators can also reduce their risk by restricting the amount of
745 information returned in response to a search request.
747 Search functionality also increases the privacy risk of disclosing
748 object relationships that might not otherwise be obvious. For
749 example, a search that returns IDN variants [RFC6927] that do not
750 explicitly match a client-provided search pattern can disclose
751 information about registered domain names that might not be otherwise
752 available. Implementers need to consider the policy and privacy
753 implications of returning information that was not explicitly
756 Note that there might not be a single, static information return
757 policy that applies to all clients equally. Client identity and
758 associated authorizations can be a relevant factor in determining how
759 broad the response set will be for any particular query.
7639.1. Normative References
765 [RFC0952] Harrenstien, K., Stahl, M., and E. Feinler, "DoD Internet
766 host table specification", RFC 952, DOI 10.17487/RFC0952,
767 October 1985, <https://www.rfc-editor.org/info/rfc952>.
769 [RFC1035] Mockapetris, P., "Domain names - implementation and
770 specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,
771 November 1987, <https://www.rfc-editor.org/info/rfc1035>.
773 [RFC1123] Braden, R., Ed., "Requirements for Internet Hosts -
774 Application and Support", STD 3, RFC 1123,
775 DOI 10.17487/RFC1123, October 1989,
776 <https://www.rfc-editor.org/info/rfc1123>.
778 [RFC1166] Kirkpatrick, S., Stahl, M., and M. Recker, "Internet
779 numbers", RFC 1166, DOI 10.17487/RFC1166, July 1990,
780 <https://www.rfc-editor.org/info/rfc1166>.
782 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
783 Requirement Levels", BCP 14, RFC 2119,
784 DOI 10.17487/RFC2119, March 1997,
785 <https://www.rfc-editor.org/info/rfc2119>.
787 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
788 Resource Identifier (URI): Generic Syntax", STD 66,
789 RFC 3986, DOI 10.17487/RFC3986, January 2005,
790 <https://www.rfc-editor.org/info/rfc3986>.
792 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
793 Architecture", RFC 4291, DOI 10.17487/RFC4291, February
794 2006, <https://www.rfc-editor.org/info/rfc4291>.
796 [RFC4632] Fuller, V. and T. Li, "Classless Inter-domain Routing
797 (CIDR): The Internet Address Assignment and Aggregation
798 Plan", BCP 122, RFC 4632, DOI 10.17487/RFC4632, August
799 2006, <https://www.rfc-editor.org/info/rfc4632>.
801 [RFC4918] Dusseault, L., Ed., "HTTP Extensions for Web Distributed
802 Authoring and Versioning (WebDAV)", RFC 4918,
803 DOI 10.17487/RFC4918, June 2007,
804 <https://www.rfc-editor.org/info/rfc4918>.
806 [RFC5396] Huston, G. and G. Michaelson, "Textual Representation of
807 Autonomous System (AS) Numbers", RFC 5396,
808 DOI 10.17487/RFC5396, December 2008,
809 <https://www.rfc-editor.org/info/rfc5396>.
811 [RFC5730] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)",
812 STD 69, RFC 5730, DOI 10.17487/RFC5730, August 2009,
813 <https://www.rfc-editor.org/info/rfc5730>.
815 [RFC5733] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)
816 Contact Mapping", STD 69, RFC 5733, DOI 10.17487/RFC5733,
817 August 2009, <https://www.rfc-editor.org/info/rfc5733>.
819 [RFC5890] Klensin, J., "Internationalized Domain Names for
820 Applications (IDNA): Definitions and Document Framework",
821 RFC 5890, DOI 10.17487/RFC5890, August 2010,
822 <https://www.rfc-editor.org/info/rfc5890>.
824 [RFC5891] Klensin, J., "Internationalized Domain Names in
825 Applications (IDNA): Protocol", RFC 5891,
826 DOI 10.17487/RFC5891, August 2010,
827 <https://www.rfc-editor.org/info/rfc5891>.
829 [RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6
830 Address Text Representation", RFC 5952,
831 DOI 10.17487/RFC5952, August 2010,
832 <https://www.rfc-editor.org/info/rfc5952>.
834 [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
835 Protocol (HTTP/1.1): Message Syntax and Routing",
836 RFC 7230, DOI 10.17487/RFC7230, June 2014,
837 <https://www.rfc-editor.org/info/rfc7230>.
839 [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
840 Protocol (HTTP/1.1): Semantics and Content", RFC 7231,
841 DOI 10.17487/RFC7231, June 2014,
842 <https://www.rfc-editor.org/info/rfc7231>.
844 [RFC7480] Newton, A., Ellacott, B., and N. Kong, "HTTP Usage in the
845 Registration Data Access Protocol (RDAP)", STD 95,
846 RFC 7480, DOI 10.17487/RFC7480, March 2015,
847 <https://www.rfc-editor.org/info/rfc7480>.
849 [RFC7481] Hollenbeck, S. and N. Kong, "Security Services for the
850 Registration Data Access Protocol (RDAP)", STD 95,
851 RFC 7481, DOI 10.17487/RFC7481, March 2015,
852 <https://www.rfc-editor.org/info/rfc7481>.
854 [RFC7484] Blanchet, M., "Finding the Authoritative Registration Data
855 (RDAP) Service", RFC 7484, DOI 10.17487/RFC7484, March
856 2015, <https://www.rfc-editor.org/info/rfc7484>.
858 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
859 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
860 May 2017, <https://www.rfc-editor.org/info/rfc8174>.
862 [RFC8499] Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS
863 Terminology", BCP 219, RFC 8499, DOI 10.17487/RFC8499,
864 January 2019, <https://www.rfc-editor.org/info/rfc8499>.
866 [RFC9083] Hollenbeck, S. and A. Newton, "JSON Responses for the
867 Registration Data Access Protocol (RDAP)", STD 95,
868 RFC 9083, DOI 10.17487/RFC9083, June 2021,
869 <https://www.rfc-editor.org/info/rfc9083>.
872 The Unicode Consortium, "Unicode Standard Annex #15:
873 Unicode Normalization Forms", September 2013,
874 <https://www.unicode.org/reports/tr15/>.
8769.2. Informative References
878 [REST] Fielding, R., "Architectural Styles and the Design of
879 Network-based Software Architectures", Ph.D.
880 Dissertation, University of California, Irvine, 2000,
881 <https://www.ics.uci.edu/~fielding/pubs/dissertation/
882 fielding_dissertation.pdf>.
884 [RFC3912] Daigle, L., "WHOIS Protocol Specification", RFC 3912,
885 DOI 10.17487/RFC3912, September 2004,
886 <https://www.rfc-editor.org/info/rfc3912>.
888 [RFC4007] Deering, S., Haberman, B., Jinmei, T., Nordmark, E., and
889 B. Zill, "IPv6 Scoped Address Architecture", RFC 4007,
890 DOI 10.17487/RFC4007, March 2005,
891 <https://www.rfc-editor.org/info/rfc4007>.
893 [RFC4290] Klensin, J., "Suggested Practices for Registration of
894 Internationalized Domain Names (IDN)", RFC 4290,
895 DOI 10.17487/RFC4290, December 2005,
896 <https://www.rfc-editor.org/info/rfc4290>.
898 [RFC6874] Carpenter, B., Cheshire, S., and R. Hinden, "Representing
899 IPv6 Zone Identifiers in Address Literals and Uniform
900 Resource Identifiers", RFC 6874, DOI 10.17487/RFC6874,
901 February 2013, <https://www.rfc-editor.org/info/rfc6874>.
903 [RFC6927] Levine, J. and P. Hoffman, "Variants in Second-Level Names
904 Registered in Top-Level Domains", RFC 6927,
905 DOI 10.17487/RFC6927, May 2013,
906 <https://www.rfc-editor.org/info/rfc6927>.
908 [RFC8521] Hollenbeck, S. and A. Newton, "Registration Data Access
909 Protocol (RDAP) Object Tagging", BCP 221, RFC 8521,
910 DOI 10.17487/RFC8521, November 2018,
911 <https://www.rfc-editor.org/info/rfc8521>.
913Appendix A. Changes from RFC 7482
915 * Addressed known errata.
917 * Addressed other reported clarifications and corrections: IDN,
918 IDNA, and DNR definitions. Noted that registrars are entities.
919 Added a reference to RFC 8521 to address the bootstrap registry
920 limitation. Removed extraneous "...". Clarified HTTP query
921 string, search pattern, name server search, domain label suffix,
924 * Addressed "The HTTP query string" clarification.
926 * Modified coauthor address.
928 * Updated references to RFC 7483 to RFC 9083.
930 * Added an IANA Considerations section. Changed references to use
933 * Changed "XXXX is a search pattern representing the "FN" property
934 of an entity (such as a contact, registrant, or registrar) name as
935 specified in Section 5.1" to "Changed "XXXX is a search pattern
936 representing the "fn" property of an entity (such as a contact,
937 registrant, or registrar) name as described in Section 5.1".
939 * Added acknowledgments.
941 * Changed "The intent of the patterns described here are to enable
942 queries" to "The intent of the patterns described here is to
945 * Changed "the corresponding syntax extension in RFC 6874 [RFC6874]
946 MUST NOT be used, and servers are to ignore it if possible" to
947 "the corresponding syntax extension in RFC 6874 [RFC6874] MUST NOT
948 be used, and servers SHOULD ignore it".
950 * Changed "Only a single asterisk is allowed for a partial string
951 search" to "A partial string search MUST NOT include more than one
954 * Changed "Clients should avoid submitting a partial match search of
955 Unicode characters where a Unicode character may be legally
956 combined with another Unicode character or characters" to "Clients
957 SHOULD NOT submit a partial match search of Unicode characters
958 where a Unicode character may be legally combined with another
959 Unicode character or characters".
961 * Changed description of nameserver IP address "search pattern" in
962 Sections 3.2.1 and 3.2.2.
964 * IESG review feedback: Added "obsoletes 7482" to the headers,
965 Abstract, and Introduction. Changed "IETF standards" to "IETF
966 specifications" and "Therefore" to "Accordingly" in Section 1.
967 Updated the BCP 14 boilerplate. Added definition of "bootstrap
968 registry" and changed "concatenating ... to" to "concatenating ...
969 with" in Section 3. Changed "bitmask length" to "prefix length"
970 and "2001:db8::0" to "2001:db8::" in Section 3.1.1. Added "in
971 contrast to the more generic HTTP query string that admits
972 multiple simultaneous parameters" in Section 3.2. Changed
973 "0x002A" to "0x2A" in Section 4.1. Clarified use of HTTP 422
974 SHOULD in Section 4.1.
978 This document is derived from original work on RIR query formats
979 developed by Byron J. Ellacott of APNIC, Arturo L. Servin of LACNIC,
980 Kaveh Ranjbar of the RIPE NCC, and Andrew L. Newton of ARIN.
981 Additionally, this document incorporates DNR query formats originally
982 described by Francisco Arias and Steve Sheng of ICANN and Scott
983 Hollenbeck of Verisign Labs.
985 The authors would like to acknowledge the following individuals for
986 their contributions to this document: Francisco Arias, Marc Blanchet,
987 Ernie Dainow, Jean-Philippe Dionne, Byron J. Ellacott, Behnam
988 Esfahbod, John Klensin, John Levine, Edward Lewis, Mario Loffredo,
989 Patrick Mevzek, Mark Nottingham, Kaveh Ranjbar, Arturo L. Servin,
990 Steve Sheng, Jasdip Singh, and Andrew Sullivan.
998 United States of America
1000 Email: shollenbeck@verisign.com
1001 URI: https://www.verisignlabs.com/
1005 Amazon Web Services, Inc.
1006 13200 Woodland Park Road
1008 United States of America