| Internet-Draft | Efficient RDAP Referrals | January 2026 |
| Brown & Newton | Expires 27 July 2026 | [Page] |
This document describes an RDAP extension that allows RDAP clients to request to be referred to a related RDAP record for a resource.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 27 July 2026.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Many Registration Data Access Protocol (RDAP, described in [RFC7480], [RFC7481], [RFC9082], [RFC9083] and others) resources contain links to related RDAP resources.¶
For example, in the domain space, an RDAP record for a domain name received from the registry operator may include a link for the RDAP record for the same object provided by the sponsoring registrar (for example, see [gtld-rdap-profile]), while in the IP address space, an RDAP record for an address allocation may include links to enclosing or sibling prefixes.¶
In both cases, RDAP service users are often equally if not more interested in these related RDAP resources than the resource provided by the TLD registry or RIR.¶
While RDAP supports redirection of RDAP requests using HTTP redirections (which
use a 3xx HTTP status and the "Location" header field, see Section 15.4 of
[RFC9110]), it is not possible for RDAP servers to know a priori whether a
client requesting an RDAP record is doing so because it wants to retrieve a
related RDAP record, or its own, so it can only respond by providing the full
RDAP response. The client must then parse that response in order to extract the
relevant URL from the "links" property of the object.¶
This results in the wasteful expenditure of time, compute resources and bandwidth on the part of both the client and server.¶
This document describes an extension to RDAP that allows clients to request that an RDAP server refer them to the URL of a related resource.¶
To request a referral to a related resource, the client sends an HTTP GET
request to the RDAP server with a path of the form:¶
<base path>referrals0_ref/<relation><lookup path>¶
The client replaces <base path> with the path component of the RDAP server's
base URL (which, as per [RFC9224], has a trailing / character),
<lookup path> with the lookup path of the object being sought, and
<relation> with the desired relationship type.¶
For example, the path of a referral query for the domain example.com sent to
an RDAP server whose base path is / would be:¶
/referrals0_ref/related/domain/example.com¶
The referral query for the parent network of 192.0.2.42 would have the
following full path:¶
/referrals0_ref/rdap-up/ip/192.0.2.42¶
Lookup paths for domain names, IP networks, autonomous system numbers, nameservers, and entities are described in [RFC9082]. Lookups defined by RDAP extensions may also use this extension.¶
Referral requests for searches, where more than one object is returned, and help queries, as described by [RFC9083], are not supported. Servers MUST return an HTTP 400 for these requests.¶
If the object specified in the request exists, a single appropriate link exists, and the client is authorised to perform the request, the server response MUST:¶
have an HTTP status code of 301 (Moved Permanently), 302 (Found), 303 (See Other), or 307 (Temporary Redirect); and¶
include an HTTP Location header field, whose value contains the URL of the
linked resource.¶
If the server cannot find an appropriate link, the response MUST have an HTTP status of 404.¶
If an RDAP server holds in its datastore more than one relationship type for an object, a scenario that is possible but not common, only one of the URLs, as determined by server policy, can be returned.¶
The following examples use the HTTP/1.1 message exchange syntax as seen in [RFC9110].¶
An example of a referral request from a domain registry to a domain registrar:¶
Client Request: GET /referrals0_ref/related/domain/example.com HTTP/1.1 Accept: application/rdap+json Server Response: HTTP/1.1 307 Temporary Redirect Location: https://registrar.example/domain/example.com¶
An example of a referral request for a parent IPv4 network:¶
Client Request: GET /referrals0_ref/rdap-up/ip/192.0.2.42 HTTP/1.1 Accept: application/rdap+json Server Response: HTTP/1.1 307 Temporary Redirect Location: https://rir.example/ip/192.0.2.0/24¶
An example of a referral request for a parent IPv6 network:¶
Client Request: GET /referrals0_ref/rdap-up/ip/2001%3adb8%3a%3a1 HTTP/1.1 Accept: application/rdap+json" Server Response: HTTP/1.1 307 Temporary Redirect Location: https://rir.example/ip/2001%3adb8%3a%3a/32¶
When the server receives a referral request, it must select which of an object's links it should use to construct the response.¶
The rel property of the selected link MUST match <relation> path
segment of the request. The type and hreflang properties of the link, if
present, MUST match the Accept and (if specified) Accept-Language header
fields of the request.¶
To facilitate caching of RDAP resources by intermediary proxies, servers which
provide a referral based on the value of the Accept header field in the
request MUST include a Vary header field (See Section 12.5.5 of
[RFC9110]) in the response. This field MUST include accept, and MAY
include other header field names.¶
Example:¶
Vary: accept, accept-language¶
Note that as per Section 10.2.2 of [!@RFC9110], the URI-reference in location
header fields MAY be relative. For relative references, RDAP clients
MUST compute the full URI using the request URI.¶
Servers which implement this specification MUST include the string
"referrals0" in the "rdapConformance" array in all RDAP responses.¶
IANA is requested to register the following value in the RDAP Extensions Registry:¶
Extension identifier: referrals0¶
Registry operator: any.¶
Published specification: this document.¶
Contact: the authors of this document.¶
Intended usage: this extension allows clients to request to be referred to a related resource for an RDAP resource.¶
A malicious HTTP redirect has the potential to create an infinite loop, which can exhaust resources on both client and server side.¶
To prevent such loops, RDAP servers which receive referral requests for the
self relation MUST respond with a 400 HTTP status.¶
As described in Section 15.4 of [!@RFC9110], when processing server responses, RDAP clients SHOULD detect and intervene in cyclical redirections.¶
This section is to be removed before publishing as an RFC.¶
Add reference to [gtld-rdap-profile] which describes how gTLD RDAP servers link to registrar RDAP resoures.¶
Include <base path> in the path specification, and remove the / between
<relation> and <lookup path> so that naive URL construction works.¶
Reuse the language from RFC 7480 on HTTP status codes used for redirection.¶
Fix HTTP status code in the examples.¶
Described the risk of redirection loops and things clients and servers have to do.¶
registrar_link_header to referrals0.¶