[gtld-tech] RDAP Policy Questions

Brian Mountford mountford at google.com
Mon Oct 26 22:09:56 UTC 2015

1.10.3 might be referring to domain name lookups (which can also use the
name server name or IP address) rather than explicit nameserver lookups.
And as you point out, it's only for exact match searches. So I still think
the profile is constructed so as to avoid requiring registries to support
nameserver partial string match queries.

On Mon, Oct 26, 2015 at 6:06 PM, Rubens Kuhl <rubensk at nic.br> wrote:

> > Em 26 de out de 2015, à(s) 19:50:000, Brian Mountford <
> mountford at google.com> escreveu:
> >
> > Interesting. So those are intended to be independent requirements. But I
> still don't see a requirement for nameserver search with pattern strings.
> >
> > 2.1 refers specifically to search requests with pattern strings, but
> does not mention nameservers.
> >
> > 2.2 refers to searching for name servers by IP address, which as I read
> the RFC need not support wildcards (or am I wrong? can wildcards be used
> with IP addresses? if so, what are the matching rules?).
> >
> > 2.3 refers to the case of multiple hosts with the same name; it doesn't
> actually call out particular search capabilities, does it?
> >
> > 2.9 deals with entities.
> >
> > 2.10.1 calls out section 3.1.4 of RFC 7482, which deals with nameserver
> lookup by fully-qualified hostname, not using a search pattern (that's
> section 3.2.2). The rest of 2.10 appears to deal with format of the
> returned data.
> >
> > So it still looks to me like actual nameserver search, as discussed in
> RFC 7482, section 3.2.2, is not required by the ICANN profile. Is that
> correct?
> Registry Agreement Specification 4, clause 1.10:
> 1.10.      Searchability.  Offering searchability capabilities on the
> Directory Services is optional but if offered by the Registry Operator it
> shall comply with the specification described in this section.
> 1.10.1  Registry Operator will offer searchability on the web-based
> Directory Service.
> 1.10.2  Registry Operator will offer partial match capabilities, at least,
> on the following fields:  domain name, contacts and registrant’s name, and
> contact and registrant’s postal address, including all the sub-fields
> described in EPP (e.g., street, city, state or province, etc.).
> 1.10.3  Registry Operator will offer exact-match capabilities, at least,
> on the following fields:  registrar id, name server name, and name server’s
> IP address (only applies to IP addresses stored by the registry, i.e., glue
> records).
> 1.10.4  Registry Operator will offer Boolean search capabilities
> supporting, at least, the following logical operators to join a set of
> search criteria:  AND, OR, NOT.
> 1.10.5  Search results will include domain names matching the search
> criteria.
> 1.10.6  Registry Operator will:  1) implement appropriate measures to
> avoid abuse of this feature (e.g., permitting access only to legitimate
> authorized users); and 2) ensure the feature is in compliance with any
> applicable privacy laws or policies.
> 1.10.3 seem to also specify name servers, but only on exact match
> searches. RDAP Profile 2.1 seems to reflect RA 1.10.2, which does not
> specify name servers.
> Although a wildcard is not required in IP address, I could imagine it
> being done using CIDR blocks instead of character regex. And on name server
> matches, not being required does not prevent implementation if a registry
> is willing to do so, in my reading of the agreement.
> Rubens
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gtld-tech/attachments/20151026/a32ac5ce/attachment.html>

More information about the gtld-tech mailing list