RDAP Explorer

Posted on 06 February 2017 in Technology

Having fallen behind a bit on Takeout Inspector, the 12 Years of Gmail series and some other projects, I decided to try to put something very simple together from beginning to end and actually launch it. One of my previous posts, Examining the Remnants of a Small DDoS Attack introduced me to the Python package ipwhois and the alternative WHOIS system RDAP. This eventually led me to a quick and simple project called RDAP Explorer...

What is RDAP?

According to APNIC

The Registration Data Access Protocol (RDAP) is an alternative to WHOIS for accessing Internet resource registration data. RDAP is designed to address a number of shortcomings in the existing Whois service. The most important changes are:

  • Standardization of queries and responses
  • Internationalization considerations to cater for languages other than English in data objects
  • Redirection capabilities to allow seamless referrals to other registries

The most important advantage of RDAP over WHOIS is the Standardization of queries and responses. While reviewing a large set of IP addresses, I found it rather difficult to deal with non-standard (and sometimes nonsensical) output of WHOIS queries. Mostly they were easy enough to parse, but the odd balls made the process annoying and time consuming.

Enter ipwhois

Eventually I found my way to the wonderfully useful ipwhois package and this made dealing with a large set of IP addresses considerably easier. I dug in to the code a little bit to see just how this was being done and eventually learned about the aforementioned virtues of RDAP. Here is an example of the type of output ipwhois produces, for example, with one of Google's ever-popular public DNS servers -

0
1
2
3
4
import ipwhois
IP = ipwhois.IPWhois('8.8.8.8')
result = IP.lookup_rdap()
print result
{'raw': None, 'entities': [u'GOGL'], 'asn_registry': 'arin', 'network': {'status': None, 'handle': u'NET-8-8-8-0-1', 'name': u'LVLT-GOGL-8-8-8', 'links': [u'https://rdap.arin.net/registry/ip/008.008.008.000', u'https://whois.arin.net/rest/net/NET-8-8-8-0-1', u'https://rdap.arin.net/registry/ip/008.000.000.000/8'], 'raw': None, 'country': None, 'ip_version': u'v4', 'start_address': '8.8.8.0', 'notices': [{'description': u'By using the ARIN RDAP/Whois service, you are agreeing to the RDAP/Whois Terms of Use', 'links': [u'https://www.arin.net/whois_tou.html'], 'title': u'Terms of Service'}], 'end_address': '8.8.8.255', 'remarks': None, 'parent_handle': u'NET-8-0-0-0-1', 'cidr': '8.8.8.0/24', 'type': None, 'events': [{'action': u'last changed', 'timestamp': u'2014-03-14T16:52:05-04:00', 'actor': None}, {'action': u'registration', 'timestamp': u'2014-03-14T16:52:05-04:00', 'actor': None}]}, 'objects': {u'GOGL': {'status': None, 'roles': [u'registrant'], 'handle': u'GOGL', 'entities': [u'ABUSE5250-ARIN', u'ZG39-ARIN'], 'links': [u'https://rdap.arin.net/registry/entity/GOGL', u'https://whois.arin.net/rest/org/GOGL'], 'raw': None, 'notices': None, 'contact': {'kind': u'org', 'name': u'Google Inc.', 'title': None, 'phone': None, 'role': None, 'address': [{'type': None, 'value': u'1600 Amphitheatre Parkway\nMountain View\nCA\n94043\nUNITED STATES'}], 'email': None}, 'events_actor': None, 'remarks': None, 'events': [{'action': u'last changed', 'timestamp': u'2017-01-28T08:32:29-05:00', 'actor': None}, {'action': u'registration', 'timestamp': u'2000-03-30T00:00:00-05:00', 'actor': None}]}}, 'asn_country_code': 'US', 'asn_date': '', 'asn_cidr': '8.8.8.0/24', 'nir': None, 'query': '8.8.8.8', 'asn': '15169'}

With a bit of formatting, the end result looks quite nice and is easy to work with (in code):

 0
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
{
   'raw':None,
   'entities':[
      u'GOGL'
   ],
   'asn_registry':'arin',
   'network':{ ... },
   'objects':{ ... },
   'asn_country_code':'US',
   'asn_date':'',
   'asn_cidr':'8.8.8.0/24',
   'nir':None,
   'query':'8.8.8.8',
   'asn':'15169'
}

However, outside of code this is not particularly easy to parse (well, still better than WHOIS results), particularly when digging deeper in to the data with some queries producing hundreds of lines of information. There are many, many whois services available online, but I could not find a comparable service for RDAP. So I decided to try my hand at making (and, more importantly, launching) one...

RDAP Explorer

The fruit of my (light) labor is RDAP Explorer, a web interface for running RDAP queries using the ipwhois package. Currently, the output is not much more than a nicely formatted expandable tree of information. This works well for containing the vast amounts of data that RDAP queries can produce.

The website is my first project built on Django, which was pretty painless to get started with. This also enabled me to continue learning about nginx and introduced me to uwsgi. This combination proved a bit tougher to get a handle on given my greater experience with Apache and PHP, but ultimately getting everything running in "production" was not particularly difficult or time consuming.

For future development I intend to add clearer summary information for the results and searching of the full result tree. For now I will just enjoy my first launch of a Python project.

django ip ipv4 ipv6 ipwhois nginx python rdap uwsgi whois