[gtld-tech] RDAP Policy Questions

Rubens Kuhl rubensk at nic.br
Mon Oct 26 22:06:08 UTC 2015

> Em 26 de out de 2015, à(s) 19:50:000, Brian Mountford <mountford at google.com> escreveu:
> Interesting. So those are intended to be independent requirements. But I still don't see a requirement for nameserver search with pattern strings.
> 2.1 refers specifically to search requests with pattern strings, but does not mention nameservers.
> 2.2 refers to searching for name servers by IP address, which as I read the RFC need not support wildcards (or am I wrong? can wildcards be used with IP addresses? if so, what are the matching rules?).
> 2.3 refers to the case of multiple hosts with the same name; it doesn't actually call out particular search capabilities, does it?
> 2.9 deals with entities.
> 2.10.1 calls out section 3.1.4 of RFC 7482, which deals with nameserver lookup by fully-qualified hostname, not using a search pattern (that's section 3.2.2). The rest of 2.10 appears to deal with format of the returned data.
> So it still looks to me like actual nameserver search, as discussed in RFC 7482, section 3.2.2, is not required by the ICANN profile. Is that correct?

Registry Agreement Specification 4, clause 1.10:

1.10.      Searchability.  Offering searchability capabilities on the Directory Services is optional but if offered by the Registry Operator it shall comply with the specification described in this section.
1.10.1  Registry Operator will offer searchability on the web-based Directory Service.
1.10.2  Registry Operator will offer partial match capabilities, at least, on the following fields:  domain name, contacts and registrant’s name, and contact and registrant’s postal address, including all the sub-fields described in EPP (e.g., street, city, state or province, etc.).
1.10.3  Registry Operator will offer exact-match capabilities, at least, on the following fields:  registrar id, name server name, and name server’s IP address (only applies to IP addresses stored by the registry, i.e., glue records).
1.10.4  Registry Operator will offer Boolean search capabilities supporting, at least, the following logical operators to join a set of search criteria:  AND, OR, NOT.
1.10.5  Search results will include domain names matching the search criteria.
1.10.6  Registry Operator will:  1) implement appropriate measures to avoid abuse of this feature (e.g., permitting access only to legitimate authorized users); and 2) ensure the feature is in compliance with any applicable privacy laws or policies.

1.10.3 seem to also specify name servers, but only on exact match searches. RDAP Profile 2.1 seems to reflect RA 1.10.2, which does not specify name servers. 

Although a wildcard is not required in IP address, I could imagine it being done using CIDR blocks instead of character regex. And on name server matches, not being required does not prevent implementation if a registry is willing to do so, in my reading of the agreement. 



More information about the gtld-tech mailing list