RDAP: Reasons to Opt for an Alternative that is Superior to Whois

20/11/2024

By Carlos Martinez Cagnazzo, LACNIC CTO

The need to maintain a record of the addresses and resources allocated to each organization connected to the Internet existed even before the RIRs were established. In the early days, this responsibility fell to a single individual who became famous for performing this task, Jon Postel.

Jon Postel was a researcher at the University of California who was deeply involved with the Internet, and his job was to keep a list of which IPv4 addresses and DNS domains were assigned to whom. During that period, Postel served as the registry for both names and numbers.Initially he literally wrote the records on a chalkboard, which later evolved into a notebook. Eventually, he managed to secure funds to hire a secretary, Joyce K. Reynolds.

Curiously, at one point, what we now know as the IANA functions, were performed exclusively by Joyce and Jon.They registered the addresses they assigned and regularly published the status of the registry. To query the status of a network address, the community would check the latest version of the chalkboard/notebook or call and inquire directly. 

It’s worth noting that over time, the registry managed by Postel and Reynolds evolved: on the one hand, the DNS registry was transferred to what is now ICANN; on the other, the regions that currently assign numbers started to emerge. The first of these regions was RIPE, followed by APNIC, ARIN and years later, LACNIC, and AFRINIC.

The Problems Associated with the Oldest Internet Protocol

Postel’s efforts laid the groundwork for the Whois service, a distributed information system that allows querying databases that store information about an IP address or domain name, such as their registered holder.

The problem is that the manual system was never practical or scalable. At some point, someone came up with a more efficient method for these enquiries, which led to the invention of the Whois protocol. While both share the same name, there is a difference between the service that allows looking up registration information and the mechanism or protocol used to query the registry.

The Whois protocol is probably the oldest Internet protocol still in use and works in a very basic, very elementary, and very limited way: essentially, it retrieves free text.We at LACNIC call it port 43 Whois, as it uses TCP port 43.

Each of the five registries manages its addresses and therefore, each offers a Whois service to query the status of the registration. What happens then? The protocol’s limitations make it difficult to meet the common expectation of knowing who holds a specific address on the Internet. To obtain this information, one must first determine which of the five registries manages the IP address and then query the corresponding Whois, when ideally a single query should be enough to receive a response.

Because port 43 Whois does not support this feature, a series of workarounds were implemented to allow one registry to respond on behalf of others. However, these solutions did not solve the problem and, instead, underlined the need for a more effective mechanism. That’s why the Registration Data Access Protocol (RDAP) was developed.

What information is returned when the Whois is queried?

The IP address block, its holder, technical contact, and other details. 

In the early days of the Internet, this data was critically important from an operational point of view and was one of the primary benefits of Whois as a service. As the Internet became increasingly commercial, “Whois abusers” appeared: individuals, companies, and sometimes even states for whom the information available in the Whois database has commercial value. These include spammers and people seeking the contact details of large organizations they know may need IPv4 addresses to sell them the resources. That said, there are various security tools available that are specifically designed to filter traffic which continuously perform queries to determine whether a specific IP address has been assigned. And what is the result of all this? Whois has a huge amount of traffic, so it is both costly and complex to scale and ensure that it always works well. Furthermore, there is the inevitable risk of unintentional filtering or limiting access by mistakenly identifying a query as abusive.

Another problem is that port 43 Whois responds to queries without any type of control or location information, and that it doesn’t support non-Latin characters.Finally, because of the lack of control information, dialogues are exclusively between the client and the server, and there is no way to redirect a query to another server.

Ultimately, the inability to conduct a single query for an IP address and receive a single response led to the use of proxies. For instance, if I, as LACNIC, receive a query for an IP address managed by AFRINIC, I will query AFRINIC’s Whois as if I were the user, after which AFRINIC will respond, and I will forward that response to the user.

RDAP: Security, Structure, and Internationalization

All these challenges led the IETF to consider a more effective mechanism for querying the registry.

RDAP is a protocol specifically designed to access both number and DNS registries using modern technologies for queries and responses.While Whois is associated with the TCP-based text protocol and the specific port for data transmission, the key feature of RDAP is that it works through web-based applications (HTTP or HTTPS) and provides users a summary module in JSON (JavaScript Object Notation) format, which can be used without the need for additional software or plugins.

What was the main focus when developing RDAP?

Security, structure, and internationalization. RDAP appears to be significantly more flexible than Whois, offering more freedom to retrieve data. It also makes it easier to program the query service, allowing standardized communication with various registries and the ability to deliver the required data in multiple languages, while providing differential and secure access to contact information.

It’s important to highlight that the majority of queries to LACNIC are made via Whois. Although there is a certain inertia and people are used to making their queries via Whois, the reality is that RDAP is a superior alternative. It would be very beneficial for the community to gradually shift towards an option that offers equivalent functionalities in a much more convenient format.

Additionally, ICANN has a short-term objective that will allow TLDs with port 43 Whois servers to deactivate them if they choose to do so and transition to RDAP only. Beyond this, opting for RDAP not only allows obtaining the same information as Whois, it also offers additional functionalities and features that benefit the system used to look up Internet resources registration data.

Feedback

We invite network operators and the community as a whole to discover the advantages of the RDAP protocol. With its modern design, enhanced security, and flexibility, RDAP is a superior alternative for querying registration information. To encourage its adoption, we would appreciate your feedback on any additional features or improvements you believe are necessary for RDAP to fully replace the Whois protocol. Your feedback will be key to establishing RDAP as the standard that meets the needs of our community.