RDAP at CentralNic
Last Update: March 18, 2019
Introduction
The Registration Data Access Protocol, or RDAP, replaces traditional port 43 Whois. It provides a number of enhancements relative to Whois, such as transport security, internationalisation, a structured data format, differentiated access, and extensibility.
RDAP builds upon HTTP and the "REST" (REpresentational State Transfer) architectural style. RDAP servers are web servers, and RDAP clients are web clients (which includes web browsers). RDAP responses are encoded in JSON (JavaScript Object Notation) and are machine-readable rather than human-readable.
RDAP was designed by the weirds working group of the Internet Engineering Task Force (IETF), as a result of a request by ICANN for the IETF to develop a replacement for Whois. It is now maintained by the regext working group which is also responsible for EPP standards development.
CentralNic's RDAP System
CentralNic's RDAP system has been implemented to comply with the following specifications:
IETF RFCs:
- RFC7480: HTTP Usage in the Registration Data Access Protocol (RDAP)
- RFC7481: Security Services for the Registration Data Access Protocol (RDAP)
- RFC7482: Registration Data Access Protocol (RDAP) Query Format
- RFC7483: JSON Responses for the Registration Data Access Protocol (RDAP)
- RFC7484: Finding the Authoritative Registration Data (RDAP) Service
- RFC8056: Extensible Provisioning Protocol (EPP) and Registration Data Access Protocol (RDAP) Status Mapping
ICANN specifications:
CentralNic has also specified several RDAP extensions to support the gTLDs on its platform:
RDAP Infrastructure
The RDAP system runs on the same secure, resilient, high-performance infrastructure as the Whois system, and therefore enjoys the same reliability and scalability. It is available over both IPv4 and IPv6.
Like the Whois, the RDAP system uses a separate replica of the primary registry database and its own caching layer.
Rate Limiting
The RDAP system uses the same rate-limiting system as the Whois and follows the same policies. Note that this means that a port-43 whois counts against the RDAP query rate, and vice versa.
Security Controls
RDAP is only available over HTTPS, and CentralNic's HTTPS configuration is compliant with all current operational best practices for TLS deployment.
Additionally, a TLSA record has been published for rdap.centralnic.com, allowing DANE-aware client applications that use DNSSEC-validating resolvers to verify the certificate used on the RDAP service.
Deployment Process
RDAP clients which implement RFC7484 use the Bootstrap Service Registry for Domain Name Space, operated by IANA, to determine the authoritative RDAP server for a given domain name.
Prior to the deployment deadline of August 26th, 2019, CentralNic will add RDAP Base URLs to each of the gTLDs for which it provides registry services. This will allow compliant RDAP clients to automatically determine the correct RDAP URL for domains on CentralNic's registry platform.
CentralNic also intends to deploy RDAP for all ccTLDs running on the CentralNic platform, subject to approval by the appropriate national authorities.
Unfortunately, since the IANA can only accept registrations for top-level domains, CentralNic's SLD portfolio cannot be added to the registry. However, the RDAP service is available for these domains, at https://rdap.centralnic.com/{sld}.
RDAP Clients
As RDAP is a new protocol, client support is limited. However, a number of clients exist:
-
CentralNic maintains the Net::RDAP library for the Perl programming language. This library is a full implementation of the complete RDAP specification. It can be installed from CPAN, and more information may be found at:
-
rdapper is a command-line program which uses Net::RDAP to implement an interface similar to traditional whois clients. It can also be downloaded from CPAN, but more information may be found here:
Use of RDAP for Domain Availability Checks
RDAP supports use of the HEAD HTTP method to determine the existence of a domain.
However, the non-existence of a domain does not guarantee the availability of that domain (since other factors, including syntactic correctness and administrative policy) may mean that it is not available for registration.
Therefore, CentralNic does not encourage the use of RDAP HEAD queries to determine if a domain name can be registered: the EPP <check> command should be used instead.
Status of Port 43 Whois
Once RDAP has been deployed, ICANN no longer requires gTLD registries to provide a port 43 whois service. However, in order to reduce disruption to users, CentralNic will carry out a phased sunset plan to give users time to upgrade their systems to use RDAP.
We will provide more information about our plans to phase out the port 43 service in due course.
Comments and Questions
If you have any comments or questions about CentralNic's RDAP system, please email rdap@centralnic.com.