WHOIS Right? An Analysis of WHOIS and RDAP Consistency
PAM (1)(2024)
摘要
Public registration information on domain names, such as the accredited
registrar, the domain name expiration date, or the abusecontact is crucial for
many security tasks, from automated abuse notifications to botnet or phishing
detection and classification systems. Various domain registration data is
usually accessible through the WHOIS or RDAP protocols-a priori they provide
the same data but use distinct formats and communication protocols. While WHOIS
aims to provide human-readable data, RDAP uses a machine-readable format.
Therefore, deciding which protocol to use is generally considered a
straightforward technical choice, depending on the use case and the required
automation and security level. In this paper, we examine the core assumption
that WHOIS and RDAP offer the same data and that users can query them
interchangeably. By collecting, processing, and comparing 164 million WHOIS and
RDAP records for a sample of 55 million domain names, we reveal that while the
data obtained through WHOIS and RDAP is generally consistent, 7.6
observed domains still present inconsistent data on important fields like IANA
ID, creation date, or nameservers. Such variances should receive careful
consideration from security stakeholders reliant on the accuracy of these
fields.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要