DomainRecord¶
The DomainRecord asset type in the OWASP Open Asset Model (OAM) captures authoritative registration data for a domain name, as supplied by WHOIS, RDAP, or similar registry services. Domain registration facts are distinct from DNS‑resolution facts; they reveal who controls a domain, when it was created, and under what status it currently operates—all of which are vital to attribution, supply‑chain mapping, and domain‑lifecycle monitoring.
-
Definition: A
DomainRecordrepresents a single domain’s registration record (raw and parsed), including key lifecycle dates, status flags, registrar details, internationalisation fields, and a DNSSEC indicator. -
Purpose: Modeling registration data as a first‑class asset allows security teams to (1) link domains to legal entities and contacts, (2) detect newly registered or expiring domains, (3) follow ownership changes over time, and (4) correlate punycode / IDN variants that could be abused for impersonation.
-
Design Choice: Keeping both normalised fields (e.g.,
created_date) and the originalrawtext preserves machine‑readable consistency while ensuring full auditability. Optional fields make the structure tolerant of incomplete WHOIS responses, and thestatusarray supports the many ICANN/ccTLD state strings without schema changes.
DomainRecords provide authoritative visibility into how domain names are registered, updated, and governed, making them critical for attribution, expiration monitoring, and organizational mapping within the external asset graph.
DomainRecord Attributes¶
| Attributes | Type | Required | Description |
|---|---|---|---|
domain |
string | Fully‑qualified domain (e.g., example.com) |
|
punycode |
string | ASCII form of an IDN (e.g., xn--exmple‑cua.com) |
|
name |
string | Second‑level label (example in example.com) |
|
extension |
string | TLD (com, org, io, …) |
|
whois_server |
string | Hostname or URL of the authoritative WHOIS server | |
created_date |
string (date) | First registration date | |
updated_date |
string (date) | Last modification date | |
expiration_date |
string (date) | Scheduled expiration date | |
status |
array \<string> | Registry status codes (clientTransferProhibited, …) |
|
dnssec |
boolean | true if a DS record is present |
|
raw |
string | Unparsed WHOIS / RDAP text for auditing | |
id |
string | Optional registry‑specific object ID |
DomainRecord Properties¶
| Property Type | Property Name | Description |
|---|---|---|
SimpleProperty |
last_monitored |
Timestamp of the most recent WHOIS/RDAP pull |
SourceProperty |
Source Plugin Name | Identifies which discovery module produced the record |
DomainRecord Outgoing Relations¶
graph TD
domrec["DomainRecord"]
fqdn["FQDN"]
names@{ shape: braces, label: "name_server
whois_server" }
domrec --o names
names --> fqdn
contact["ContactRecord"]
contactrel@{ shape: braces, label: "registrar_contact
registrant_contact
admin_contact
technical_contact
billing_contact" }
domrec --o contactrel
contactrel --> contact| Relation Type | Relation Label | Target Assets | Description |
|---|---|---|---|
SimpleRelation |
name_server |
FQDN |
Links the domain registration information with the correct DNS nameserver |
SimpleRelation |
whois_server |
FQDN |
Links the domain registration information with the correct WHOIS server |
SimpleRelation |
registrar_contact |
ContactRecord |
Links the domain registration information with registrar contact information |
SimpleRelation |
registrant_contact |
ContactRecord |
Links the domain registration information with registrant contact information |
SimpleRelation |
admin_contact |
ContactRecord |
Links the domain registration information with admin contact information |
SimpleRelation |
technical_contact |
ContactRecord |
Links the domain registration information with contact information of technical personnel |
SimpleRelation |
billing_contact |
ContactRecord |
Links the domain registration information with contact information of billing personnel |
© 2025 Jeff Foley — Licensed under Apache 2.0.