Description
Use Case
I just started using the new whois plugin in Telegraf 1.35.0. I store the output from Telegraf in InfluxDB and display the domain expiration dates in a table using Grafana.
However, my domain loganmarchione.dev is showing 0 for the expiration_timestamp. Below is the raw data from InfluxDB.
> SELECT * FROM whois WHERE "domain" = 'loganmarchione.dev'
name: whois
time creation_timestamp dnssec_enabled domain expiration_timestamp expiry host name_servers registrant registrar status updated_timestamp
---- ------------------ -------------- ------ -------------------- ------ ---- ------------ ---------- --------- ------ -----------------
1750867201000000000 1416441600 false loganmarchione.dev 0 0 b91c005f274d ns-tld1.charlestonroadregistry.com,ns-tld2.charlestonroadregistry.com,ns-tld3.charlestonroadregistry.com,ns-tld4.charlestonroadregistry.com,ns-tld5.charlestonroadregistry.com not set ACTIVE 1744329600
My other domain, loganmarchione.com is displaying the expiration_timestamp.
> SELECT * FROM whois WHERE "domain" = 'loganmarchione.com'
name: whois
time creation_timestamp dnssec_enabled domain expiration_timestamp expiry host name_servers registrant registrar status updated_timestamp
---- ------------------ -------------- ------ -------------------- ------ ---- ------------ ---------- --------- ------ -----------------
1750867201000000000 1393788711 false loganmarchione.com 2024940711 274073510 b91c005f274d ns-1336.awsdns-39.org,ns-1795.awsdns-32.co.uk,ns-383.awsdns-47.com,ns-629.awsdns-14.net not set Tucows Domains Inc. clientTransferProhibited,clientUpdateProhibited 1738442467
Both domains are registered through Hover.com. In Hover's control panel, the correct expiration is showing for both domains. This led me to believe that the public whois data avaiilable for .dev and .com domains are different (since the whois plugin defaults to using this whois lookup). Using whois locally, I can see this seems to be the case.
~
logan@LoganDesktop
> whois -I loganmarchione.dev | grep -i exp
~
logan@LoganDesktop
> whois -I loganmarchione.com | grep -i exp
Registry Expiry Date: 2034-03-02T19:31:51Z
Google is the owner of the .dev TLD.
There is a newer protocol called Registration Data Access Protocol (RDAP) that is meant to eventually replace whois. Apparently this is what Google is using for their domains (whois still works, but returns less data than rdap).
- https://en.wikipedia.org/wiki/Registration_Data_Access_Protocol
- https://www.icann.org/en/contracted-parties/registry-operators/resources/registration-data-access-protocol
- https://www.arin.net/resources/registry/whois/rdap/
- https://about.rdap.org/
If you use a web tool, you can see the RDAP results.
- https://client.rdap.org/?type=domain&object=loganmarchione.dev
- https://www.openrdap.org/demo?cmd=rdap+loganmarchione.dev
Is it possible to incorporate RDAP into Telegraf's whois plugin? It looks like there is already an RDAP Go client.
Expected behavior
Be able to ingest RDAP data.
Actual behavior
Currently, trying to get whois info from a .dev domain (or I suspect any domain using RDAP), results in this code setting the value of expiration_timestamp to 0.
Additional info
No response