Skip to content

Latest commit

 

History

History
608 lines (551 loc) · 27.7 KB

RDAP.rst

File metadata and controls

608 lines (551 loc) · 27.7 KB

RDAP (HTTP) Lookups

IPWhois.lookup_rdap() is now the recommended lookup method. RDAP provides a far better data structure than legacy whois and REST lookups (previous implementation). RDAP queries allow for parsing of contact information and details for users, organizations, and groups. RDAP also provides more detailed network information.

Input

Arguments supported by IPWhois.lookup_rdap().

Key Type Description
inc_raw bool Whether to include the raw whois results in the returned dictionary. Defaults to False.
retry_count int The number of times to retry in case socket errors, timeouts, connection resets, etc. are encountered. Defaults to 3.
depth int How many levels deep to run queries when additional referenced objects are found. Defaults to 0.
excluded_entities list Entity handles to not perform lookups. Defaults to None.
bootstrap bool If True, performs lookups via ARIN bootstrap rather than lookups based on ASN data. ASN lookups are not performed and no output for any of the asn* fields is provided. Defaults to False.
rate_limit_timeout int The number of seconds to wait before retrying when a rate limit notice is returned via rdap+json. Defaults to 120.
extra_org_map dict Dictionary mapping org handles to RIRs. This is for limited cases where ARIN REST (ASN fallback HTTP lookup) does not show an RIR as the org handle e.g., DNIC (which is now built in ORG_MAP) e.g., {'DNIC': 'arin'}. Valid RIR values are (note the case-sensitive - this is meant to match the REST result): 'ARIN', 'RIPE', 'apnic', 'lacnic', 'afrinic' Defaults to None.
inc_nir bool Whether to retrieve NIR (National Internet Registry) information, if registry is JPNIC (Japan) or KRNIC (Korea). If True, extra network requests will be required. If False, the information returned for JP or KR IPs is severely restricted. Defaults to True.
nir_field_list list If provided and inc_nir, a list of fields to parse: ['name', 'handle', 'country', 'address', 'postal_code', 'nameservers', 'created', 'updated', 'contacts'] If None, defaults to all.
asn_methods list ASN lookup types to attempt, in order. If None, defaults to all ['dns', 'whois', 'http']
get_asn_description bool Whether to run an additional query when pulling ASN information via dns, in order to get the ASN description. Defaults to True.
root_ent_check bool If True, will perform additional RDAP HTTP queries for missing entity data at the root level. Defaults to True.

Output

Results Dictionary

The output dictionary from IPWhois.lookup_rdap(). Contains many nested lists and dictionaries, detailed below this section.

Key Type Description
query str The IP address
asn str Globally unique identifier used for routing information exchange with Autonomous Systems.
asn_cidr str Network routing block assigned to an ASN.
asn_country_code str ASN assigned country code in ISO 3166-1 format.
asn_date str ASN allocation date in ISO 8601 format.
asn_registry str ASN assigned regional internet registry.
asn_description str The ASN description
network dict The assigned network for an IP address. May be a parent or child network. See :ref:`rdap-network-dictionary`.
entities list list of object names referenced by an RIR network. Map these to the objects dict keys.
objects dict The objects (entities) referenced by an RIR network or by other entities (depending on depth parameter). Keys are the object names with values as :ref:`rdap-objects-dictionary`.
raw dict The raw results dictionary (JSON) if inc_raw is True.
nir dict The National Internet Registry results if inc_nir is True. See NIR result

Network Dictionary

The dictionary mapped to the network key in the objects list within :ref:`rdap-results-dictionary`.

Key Type Description
cidr str Network routing block an IP address belongs to.
country str Country code registered with the RIR in ISO 3166-1 format.
end_address str The last IP address in a network block.
events list List of event dictionaries. See :ref:`rdap-events-dictionary`.
handle str Unique identifier for a registered object.
ip_version str IP protocol version (v4 or v6) of an IP address.
links list HTTP/HTTPS links provided for an RIR object.
name str The identifier assigned to the network registration for an IP address.
notices list List of notice dictionaries. See :ref:`rdap-notices-dictionary`.
parent_handle str Unique identifier for the parent network of a registered network.
remarks list List of remark (notice) dictionaries. See :ref:`rdap-notices-dictionary`.
start_address str The first IP address in a network block.
status list List indicating the state of a registered object.
type str The RIR classification of a registered network.

Objects Dictionary

The dictionary mapped to the object (entity) key in the objects list within :ref:`rdap-results-dictionary`.

Key Type Description
contact dict Contact information registered with an RIR object. See :ref:`rdap-objects-contact-dictionary`.
entities list List of object names referenced by an RIR object. Map these to other objects dictionary keys.
events list List of event dictionaries. See :ref:`rdap-events-dictionary`.
events_actor list List of event (no actor) dictionaries. See :ref:`rdap-events-dictionary`.
handle str Unique identifier for a registered object.
links list List of HTTP/HTTPS links provided for an RIR object.
notices list List of notice dictionaries. See :ref:`rdap-notices-dictionary`.
remarks list List of remark (notice) dictionaries. See :ref:`rdap-notices-dictionary`.
roles list List of roles assigned to a registered object.
status list List indicating the state of a registered object.

Objects Contact Dictionary

The contact information dictionary registered to an RIR object. This is the contact key contained in :ref:`rdap-objects-dictionary`.

Key Type Description
address list List of contact postal address dictionaries. Contains key type and value.
email list List of contact email address dictionaries. Contains key type and value.
kind str The contact information kind (individual, group, org).
name str The contact name.
phone list List of contact phone number dictionaries. Contains key type and value.
role str The contact's role.
title str The contact's position or job title.

Events Dictionary

Common to lists in :ref:`rdap-network-dictionary` and :ref:`rdap-objects-dictionary`. Contained in events and events_actor (no actor).

Key Type Description
action str The reason for an event.
timestamp str The date an event occured in ISO 8601 format.
actor str The identifier for an event initiator (if any).

Notices Dictionary

Common to lists in :ref:`rdap-network-dictionary` and :ref:`rdap-objects-dictionary`. Contained in notices and remarks.

Key Type Description
title str The title/header for a notice.
description str The description/body of a notice.
links list list of HTTP/HTTPS links provided for a notice.

Usage Examples

Basic usage

>>>> from ipwhois import IPWhois
>>>> from pprint import pprint

>>>> obj = IPWhois('74.125.225.229')
>>>> results = obj.lookup_rdap(depth=1)
>>>> pprint(results)

{
"asn": "15169",
"asn_cidr": "74.125.225.0/24",
"asn_country_code": "US",
"asn_date": "2007-03-13",
"asn_description": "GOOGLE - Google Inc., US",
"asn_registry": "arin",
"entities": [
    "GOGL"
],
"network": {
    "cidr": "74.125.0.0/16",
    "country": None,
    "end_address": "74.125.255.255",
    "events": [
        {
            "action": "last changed",
            "actor": None,
            "timestamp": "2012-02-24T09:44:34-05:00"
        },
        {
            "action": "registration",
            "actor": None,
            "timestamp": "2007-03-13T12:09:54-04:00"
        }
    ],
    "handle": "NET-74-125-0-0-1",
    "ip_version": "v4",
    "links": [
        "https://rdap.arin.net/registry/ip/074.125.000.000",
        "https://whois.arin.net/rest/net/NET-74-125-0-0-1"
    ],
    "name": "GOOGLE",
    "notices": [
        {
            "description": "By using the ARIN RDAP/Whois service, you are agreeing to the RDAP/Whois Terms of Use",
            "links": [
                "https://www.arin.net/whois_tou.html"
            ],
            "title": "Terms of Service"
        }
    ],
    "parent_handle": "NET-74-0-0-0-0",
    "raw": None,
    "remarks": None,
    "start_address": "74.125.0.0",
    "status": None,
    "type": None
},
"nir": None,
"objects": {
    "ABUSE5250-ARIN": {
        "contact": {
            "address": [
                {
                    "type": None,
                    "value": "1600 Amphitheatre Parkway\nMountain View\nCA\n94043\nUNITED STATES"
                }
            ],
            "email": [
                {
                    "type": None,
                    "value": "[email protected]"
                }
            ],
            "kind": "group",
            "name": "Abuse",
            "phone": [
                {
                    "type": [
                        "work",
                        "voice"
                    ],
                    "value": "+1-650-253-0000"
                }
            ],
            "role": None,
            "title": None
        },
        "entities": None,
        "events": [
            {
                "action": "last changed",
                "actor": None,
                "timestamp": "2016-11-08T14:12:52-05:00"
            },
            {
                "action": "registration",
                "actor": None,
                "timestamp": "2015-11-06T15:36:35-05:00"
            }
        ],
        "events_actor": None,
        "handle": "ABUSE5250-ARIN",
        "links": [
            "https://rdap.arin.net/registry/entity/ABUSE5250-ARIN",
            "https://whois.arin.net/rest/poc/ABUSE5250-ARIN"
        ],
        "notices": [
            {
                "description": "By using the ARIN RDAP/Whois service, you are agreeing to the RDAP/Whois Terms of Use",
                "links": [
                    "https://www.arin.net/whois_tou.html"
                ],
                "title": "Terms of Service"
            }
        ],
        "raw": None,
        "remarks": [
            {
                "description": "Please note that the recommended way to file abuse complaints are located in the following links.\r\n\r\nTo report abuse and illegal activity: https://www.google.com/intl/en_US/goodtoknow/online-safety/reporting-abuse/ \r\n\r\nFor legal requests: http://support.google.com/legal \r\n\r\nRegards,\r\nThe Google Team",
                "links": None,
                "title": "Registration Comments"
            }
        ],
        "roles": [
            "abuse"
        ],
        "status": [
            "validated"
        ]
    },
    "GOGL": {
        "contact": {
            "address": [
                {
                    "type": None,
                    "value": "1600 Amphitheatre Parkway\nMountain View\nCA\n94043\nUNITED STATES"
                }
            ],
            "email": None,
            "kind": "org",
            "name": "Google Inc.",
            "phone": None,
            "role": None,
            "title": None
        },
        "entities": [
            "ABUSE5250-ARIN",
            "ZG39-ARIN"
        ],
        "events": [
            {
                "action": "last changed",
                "actor": None,
                "timestamp": "2017-01-28T08:32:29-05:00"
            },
            {
                "action": "registration",
                "actor": None,
                "timestamp": "2000-03-30T00:00:00-05:00"
            }
        ],
        "events_actor": None,
        "handle": "GOGL",
        "links": [
            "https://rdap.arin.net/registry/entity/GOGL",
            "https://whois.arin.net/rest/org/GOGL"
        ],
        "notices": None,
        "raw": None,
        "remarks": None,
        "roles": [
            "registrant"
        ],
        "status": None
    },
    "ZG39-ARIN": {
        "contact": {
            "address": [
                {
                    "type": None,
                    "value": "1600 Amphitheatre Parkway\nMountain View\nCA\n94043\nUNITED STATES"
                }
            ],
            "email": [
                {
                    "type": None,
                    "value": "[email protected]"
                }
            ],
            "kind": "group",
            "name": "Google Inc",
            "phone": [
                {
                    "type": [
                        "work",
                        "voice"
                    ],
                    "value": "+1-650-253-0000"
                }
            ],
            "role": None,
            "title": None
        },
        "entities": None,
        "events": [
            {
                "action": "last changed",
                "actor": None,
                "timestamp": "2017-03-13T07:08:09-04:00"
            },
            {
                "action": "registration",
                "actor": None,
                "timestamp": "2000-11-30T13:54:08-05:00"
            }
        ],
        "events_actor": None,
        "handle": "ZG39-ARIN",
        "links": [
            "https://rdap.arin.net/registry/entity/ZG39-ARIN",
            "https://whois.arin.net/rest/poc/ZG39-ARIN"
        ],
        "notices": [
            {
                "description": "By using the ARIN RDAP/Whois service, you are agreeing to the RDAP/Whois Terms of Use",
                "links": [
                    "https://www.arin.net/whois_tou.html"
                ],
                "title": "Terms of Service"
            }
        ],
        "raw": None,
        "remarks": None,
        "roles": [
            "administrative",
            "technical"
        ],
        "status": [
            "validated"
        ]
    }
},
"query": "74.125.225.229",
"raw": None
}

Use a proxy

>>>> from urllib import request
>>>> from ipwhois import IPWhois
>>>> handler = request.ProxyHandler({
        'http': 'http://192.168.0.1:80/',
        'https': 'https://192.168.0.1:443/'
    })
>>>> opener = request.build_opener(handler)
>>>> obj = IPWhois('74.125.225.229', proxy_opener = opener)

Optimizing queries for your network

Multiple factors will slow your queries down. Several :ref:`rdap-input` arguments assist in optimizing query performance:

bootstrap

False: ASN lookups are performed to determine the correct RIR to query RDAP. This adds minor overhead for single queries.

True: Use ARIN bootstrap (redirection), significantly reducing overall time for bulk queries, but at the sacrifice of not having asn* field data in the results.

depth

This value equates to the number of entity levels deep to search for sub-entity information. Found entities each result in a query to the RIR. The larger this value, the longer a single IP query will take. More queries will cause RIR rate limiting to trigger more often for bulk IP queries (only seen with LACNIC).

retry_count

This is the number of times to retry a query in the case of failure. If a rate limit error (HTTPRateLimitError) is raised, the lookup will wait for rate_limit_timeout seconds before retrying. A combination of adjusting retry_count and rate_limit_timeout is needed to optimize bulk queries.

rate_limit_timeout

When a HTTPRateLimitError is raised, and retry_count > 0, this is the amount of seconds to sleep before retrying the query. Using the default value, or setting this too high, will have a large impact on bulk IP queries. I recommend setting this very low for bulk queries, or disable completely by setting retry_count=0.

Note that setting this result too low may cause a larger number of IP lookups to fail.

root_ent_check

When root level entities (depth=0) are missing vcard data, additional entity specific HTTP lookups are performed. In the past, you would expect depth=0 to mean a single lookup per IP. This was a bug and has been fixed as of v1.2.0. Set this to False to revert back to the old method, although you will be missing entity specific data.