infrastructure/mox
1
0
Fork 0
mirror of https://github.com/mjl-/mox.git synced 2025-06-28 22:58:15 +03:00
Code Issues Packages Projects Releases Wiki Activity
mox/rdap/rdap.go
Mechiel Lukkien 2f0997682b
quickstart: check if domain was registered recently, and warn about potential deliverability issues 
we use 6 weeks as the cutoff, but this is fuzzy, and will vary by mail
server/service provider.

we check the domain age using RDAP, the replacement for whois. it is a
relatively simple protocol, with HTTP/JSON requests. we fetch the
"registration"-related events to look for a date of registration.
RDAP is not available for all country-level TLDs, but is for most (all?) ICANN
global top level domains. some random cctlds i noticed without rdap: .sh, .au,
.io.

the rdap implementation is very basic, only parsing the fields we need. we
don't yet cache the dns registry bootstrap file from iana. we should once we
use this functionality from the web interface, with more calls.
2025-02-07 11:22:39 +01:00

209 lines
7.0 KiB
Go
Raw Blame History

// Package rdap is a basic client for checking the age of domains through RDAP.
package rdap
import (
"context"
"encoding/json"
"errors"
"fmt"
"io"
"net/http"
"sort"
"strings"
"time"
"github.com/mjl-/mox/dns"
)
var ErrNoRegistration = errors.New("registration date not found")
var ErrNoRDAP = errors.New("rdap not available for top-level domain")
var ErrNoDomain = errors.New("domain not found in registry")
var ErrSyntax = errors.New("bad rdap response syntax")
// https://www.iana.org/assignments/rdap-dns/rdap-dns.xhtml
// ../rfc/9224:115
const rdapBoostrapDNSURL = "https://data.iana.org/rdap/dns.json"
// Example data: ../rfc/9224:192
// Bootstrap data, parsed from JSON at the IANA DNS bootstrap URL.
type Bootstrap struct {
Version string `json:"version"` // Should be "1.0".
Description string `json:"description"`
Publication time.Time `json:"publication"` // RFC3339
// Each entry has two elements: First a list of TLDs, then a list of RDAP service
// base URLs ending with a slash.
Services [][2][]string `json:"services"`
}
// todo: when using this more regularly in the admin web interface, store the iana bootstrap response in a database file, including cache-controle results (max-age it seems) and the etag, and do conditional requests when asking for a new version. same for lookups of domains at registries.
// LookupLastDomainRegistration looks up the most recent (re)registration of a
// domain through RDAP.
//
// Not all TLDs have RDAP services yet at the time of writing.
func LookupLastDomainRegistration(ctx context.Context, dom dns.Domain) (time.Time, error) {
// ../rfc/9224:434 Against advice, we do not cache the bootstrap data. This is
// currently used by the quickstart, which is run once, or run from the cli without
// a place to keep state.
req, err := http.NewRequestWithContext(ctx, "GET", rdapBoostrapDNSURL, nil)
if err != nil {
return time.Time{}, fmt.Errorf("new request for iana dns bootstrap data: %v", err)
}
// ../rfc/9224:588
req.Header.Add("Accept", "application/json")
resp, err := http.DefaultClient.Do(req)
if err != nil {
return time.Time{}, fmt.Errorf("http get of iana dns bootstrap data: %v", err)
}
defer resp.Body.Close()
if resp.StatusCode/100 != 2 {
return time.Time{}, fmt.Errorf("http get resulted in status %q, expected 200 ok", resp.Status)
}
var bootstrap Bootstrap
if err := json.NewDecoder(resp.Body).Decode(&bootstrap); err != nil {
return time.Time{}, fmt.Errorf("%w: parsing iana dns bootstrap data: %v", ErrSyntax, err)
}
// Note: We don't verify version numbers. If the format change incompatibly,
// decoding above would have failed. We'll try to work with what we got.
// ../rfc/9224:184 The bootstrap JSON has A-labels we must match against.
// ../rfc/9224:188 Names are lower-case, like our dns.Domain.
var urls []string
var tldmatch string
for _, svc := range bootstrap.Services {
for _, s := range svc[0] {
// ../rfc/9224:225 We match the longest domain suffix. In practice, there are
// currently only single labels, top level domains, in the bootstrap database.
if len(s) > len(tldmatch) && (s == dom.ASCII || strings.HasSuffix(dom.ASCII, "."+s)) {
urls = svc[1]
tldmatch = s
}
}
}
// ../rfc/9224:428
if len(urls) == 0 {
return time.Time{}, ErrNoRDAP
}
// ../rfc/9224:172 We must try secure transports before insecure (https before http). In practice, there is just a single https URL.
sort.Slice(urls, func(i, j int) bool {
return strings.HasPrefix(urls[i], "https://")
})
var lastErr error
for _, u := range urls {
var reg time.Time
reg, lastErr = rdapDomainRequest(ctx, u, dom)
if lastErr == nil {
return reg, nil
}
}
return time.Time{}, lastErr
}
// ../rfc/9083:284 We must match json fields case-sensitively, so explicitly.
// Example domain object: ../rfc/9083:945
// Domain is the RDAP response for a domain request.
//
// More fields are available in RDAP responses, we only parse the one(s) a few.
type Domain struct {
// ../rfc/9083:1172
RDAPConformance []string `json:"rdapConformance"` // E.g. "rdap_level_0"
LDHName string `json:"ldhName"` // Domain.
Events []Event `json:"events"`
}
// Event is a historic or future change to the domain.
type Event struct {
// ../rfc/9083:573
EventAction string `json:"eventAction"` // Required. See https://www.iana.org/assignments/rdap-json-values/rdap-json-values.xhtml.
EventDate time.Time `json:"eventDate"` // Required. RFC3339. May be in the future, e.g. date of expiry.
}
// rdapDomainRequest looks up a the most recent registration time of a at an RDAP
// service base URL.
func rdapDomainRequest(ctx context.Context, rdapURL string, dom dns.Domain) (time.Time, error) {
// ../rfc/9082:316
// ../rfc/9224:177 base URLs have a trailing slash.
rdapURL += "domain/" + dom.ASCII
req, err := http.NewRequestWithContext(ctx, "GET", rdapURL, nil)
if err != nil {
return time.Time{}, fmt.Errorf("making http request for rdap service: %v", err)
}
// ../rfc/9083:2372 ../rfc/7480:273
req.Header.Add("Accept", "application/rdap+json")
// ../rfc/7480:319 Redirects are handled by net/http.
resp, err := http.DefaultClient.Do(req)
if err != nil {
return time.Time{}, fmt.Errorf("http domain rdap get request: %v", err)
}
defer resp.Body.Close()
switch {
case resp.StatusCode == http.StatusNotFound:
// ../rfc/7480:189 ../rfc/7480:359
return time.Time{}, ErrNoDomain
case resp.StatusCode/100 != 2:
// We try to read an error message, perhaps a bit too hard, but we may still
// truncate utf-8 in the middle of a rune...
var msg string
var response struct {
// For errors, optional fields.
Title string `json:"title"`
Description []string `json:"description"`
// ../rfc/9083:2123
}
buf, err := io.ReadAll(io.LimitReader(resp.Body, 100*1024))
if err != nil {
msg = fmt.Sprintf("(error reading response: %v)", err)
} else if err := json.Unmarshal(buf, &response); err == nil && (response.Title != "" || len(response.Description) > 0) {
s := response.Title
if s != "" && len(response.Description) > 0 {
s += "; "
}
s += strings.Join(response.Description, " ")
if len(s) > 200 {
s = s[:150] + "..."
}
msg = fmt.Sprintf("message from remote: %q", s)
} else {
var s string
if len(buf) > 200 {
s = string(buf[:150]) + "..."
} else {
s = string(buf)
}
msg = fmt.Sprintf("raw response: %q", s)
}
return time.Time{}, fmt.Errorf("status %q, expected 200 ok: %s", resp.Status, msg)
}
var domain Domain
if err := json.NewDecoder(resp.Body).Decode(&domain); err != nil {
return time.Time{}, fmt.Errorf("parse domain rdap response: %v", err)
}
sort.Slice(domain.Events, func(i, j int) bool {
return domain.Events[i].EventDate.Before(domain.Events[j].EventDate)
})
now := time.Now()
for i := len(domain.Events) - 1; i >= 0; i-- {
ev := domain.Events[i]
if ev.EventDate.After(now) {
continue
}
switch ev.EventAction {
// ../rfc/9083:2690
case "registration", "reregistration", "reinstantiation":
return ev.EventDate, nil
}
}
return time.Time{}, ErrNoRegistration
}
Reference in New Issue View Git Blame Copy Permalink