feat: implement RDAP bootstrap data fetching with caching for improved domain lookup efficiency

Author: jakejarvis

AGENTS.md

@@ -48,7 +48,6 @@
 - Global setup in `vitest.setup.ts`:
   - Mocks analytics clients/servers (`@/lib/analytics/server` and `@/lib/analytics/client`).
   - Mocks `server-only` module.
-  - `unstable_cache` mocked as a no-op; caching behavior is not under test.
 - Database in tests: Drizzle client is not globally mocked. Replace `@/server/db/client` with a PGlite-backed instance when needed (`@/lib/db/pglite`).
 - Redis in tests: do NOT use globals. Mock per-suite with the in-memory adapter:
   - In `beforeAll`: `const { makeInMemoryRedis } = await import("@/lib/redis-mock"); const impl = makeInMemoryRedis(); vi.doMock("@/lib/redis", () => impl);`

lib/cloudflare.test.ts

@@ -1,8 +1,8 @@
 /* @vitest-environment node */
 import { afterEach, describe, expect, it, vi } from "vitest";
-import { isCloudflareIpAsync } from "./cloudflare";
+import { isCloudflareIp } from "./cloudflare";
 
-describe("isCloudflareIpAsync", () => {
+describe("isCloudflareIp", () => {
   afterEach(() => {
     vi.restoreAllMocks();
   });
@@ -19,10 +19,10 @@ describe("isCloudflareIpAsync", () => {
       }),
     );
 
-    expect(await isCloudflareIpAsync("1.2.3.4")).toBe(true);
-    expect(await isCloudflareIpAsync("5.6.7.8")).toBe(false);
-    expect(await isCloudflareIpAsync("2001:db8::1")).toBe(true);
-    expect(await isCloudflareIpAsync("2001:dead::1")).toBe(false);
+    expect(await isCloudflareIp("1.2.3.4")).toBe(true);
+    expect(await isCloudflareIp("5.6.7.8")).toBe(false);
+    expect(await isCloudflareIp("2001:db8::1")).toBe(true);
+    expect(await isCloudflareIp("2001:dead::1")).toBe(false);
     fetchMock.mockRestore();
   });
 });

lib/cloudflare.ts

@@ -1,5 +1,5 @@
 import * as ipaddr from "ipaddr.js";
-import { unstable_cache } from "next/cache";
+import { CLOUDFLARE_IPS_URL, TTL_CLOUDFLARE_IPS } from "@/lib/constants";
 
 export interface CloudflareIpRanges {
   ipv4Cidrs: string[];
@@ -9,76 +9,80 @@ export interface CloudflareIpRanges {
 let lastLoadedIpv4Parsed: Array<[ipaddr.IPv4, number]> | undefined;
 let lastLoadedIpv6Parsed: Array<[ipaddr.IPv6, number]> | undefined;
 
-export const getCloudflareIpRanges = unstable_cache(
-  async (): Promise<CloudflareIpRanges> => {
-    const res = await fetch("https://api.cloudflare.com/client/v4/ips");
-    if (!res.ok) {
-      throw new Error(`Failed to fetch Cloudflare IPs: ${res.status}`);
-    }
-    const data = await res.json();
+async function getCloudflareIpRanges(): Promise<CloudflareIpRanges> {
+  const res = await fetch(CLOUDFLARE_IPS_URL, {
+    next: { revalidate: TTL_CLOUDFLARE_IPS },
+  });
 
-    const ranges: CloudflareIpRanges = {
-      ipv4Cidrs: data.result?.ipv4_cidrs || [],
-      ipv6Cidrs: data.result?.ipv6_cidrs || [],
-    };
+  if (!res.ok) {
+    throw new Error(`Failed to fetch Cloudflare IPs: ${res.status}`);
+  }
 
-    // Pre-parse IPv4 CIDRs for fast sync/async checks
-    try {
-      lastLoadedIpv4Parsed = ranges.ipv4Cidrs
-        .map((cidr) => {
-          try {
-            const [net, prefix] = ipaddr.parseCIDR(cidr);
-            if (net.kind() !== "ipv4") return undefined;
-            return [net as ipaddr.IPv4, prefix] as [ipaddr.IPv4, number];
-          } catch {
-            return undefined;
-          }
-        })
-        .filter(Boolean) as Array<[ipaddr.IPv4, number]>;
-    } catch {
-      lastLoadedIpv4Parsed = undefined;
-    }
+  const data = await res.json();
 
-    // Pre-parse IPv6 CIDRs for fast sync/async checks
-    try {
-      lastLoadedIpv6Parsed = ranges.ipv6Cidrs
-        .map((cidr) => {
-          try {
-            const [net, prefix] = ipaddr.parseCIDR(cidr);
-            if (net.kind() !== "ipv6") return undefined;
-            return [net as ipaddr.IPv6, prefix] as [ipaddr.IPv6, number];
-          } catch {
-            return undefined;
-          }
-        })
-        .filter(Boolean) as Array<[ipaddr.IPv6, number]>;
-    } catch {
-      lastLoadedIpv6Parsed = undefined;
-    }
-    return ranges;
-  },
-  ["cloudflare-ip-ranges"],
-  // Cache for a very long time (30 days)
-  { revalidate: 30 * 24 * 60 * 60 },
-);
+  const ranges: CloudflareIpRanges = {
+    ipv4Cidrs: data.result?.ipv4_cidrs || [],
+    ipv6Cidrs: data.result?.ipv6_cidrs || [],
+  };
 
-export function isCloudflareIp(ip: string): boolean {
-  if (ipaddr.IPv4.isValid(ip)) {
-    if (!lastLoadedIpv4Parsed) return false;
-    const v4 = ipaddr.IPv4.parse(ip);
-    return lastLoadedIpv4Parsed.some((range) => v4.match(range));
+  // Pre-parse IPv4 CIDRs for fast sync/async checks
+  try {
+    lastLoadedIpv4Parsed = ranges.ipv4Cidrs
+      .map((cidr) => {
+        try {
+          const [net, prefix] = ipaddr.parseCIDR(cidr);
+          if (net.kind() !== "ipv4") return undefined;
+          return [net as ipaddr.IPv4, prefix] as [ipaddr.IPv4, number];
+        } catch {
+          return undefined;
+        }
+      })
+      .filter(Boolean) as Array<[ipaddr.IPv4, number]>;
+  } catch {
+    lastLoadedIpv4Parsed = undefined;
   }
 
-  if (ipaddr.IPv6.isValid(ip)) {
-    if (!lastLoadedIpv6Parsed) return false;
-    const v6 = ipaddr.IPv6.parse(ip);
-    return lastLoadedIpv6Parsed.some((range) => v6.match(range));
+  // Pre-parse IPv6 CIDRs for fast sync/async checks
+  try {
+    lastLoadedIpv6Parsed = ranges.ipv6Cidrs
+      .map((cidr) => {
+        try {
+          const [net, prefix] = ipaddr.parseCIDR(cidr);
+          if (net.kind() !== "ipv6") return undefined;
+          return [net as ipaddr.IPv6, prefix] as [ipaddr.IPv6, number];
+        } catch {
+          return undefined;
+        }
+      })
+      .filter(Boolean) as Array<[ipaddr.IPv6, number]>;
+  } catch {
+    lastLoadedIpv6Parsed = undefined;
   }
 
-  return false;
+  return ranges;
 }
 
-export async function isCloudflareIpAsync(ip: string): Promise<boolean> {
+function ipV4InCidr(addr: ipaddr.IPv4, cidr: string): boolean {
+  try {
+    const [net, prefix] = ipaddr.parseCIDR(cidr);
+    if (net.kind() !== "ipv4") return false;
+    return addr.match([net as ipaddr.IPv4, prefix]);
+  } catch {
+    return false;
+  }
+}
+
+function ipV6InCidr(addr: ipaddr.IPv6, cidr: string): boolean {
+  try {
+    const [net, prefix] = ipaddr.parseCIDR(cidr);
+    if (net.kind() !== "ipv6") return false;
+    return addr.match([net as ipaddr.IPv6, prefix]);
+  } catch {
+    return false;
+  }
+}
+
+export async function isCloudflareIp(ip: string): Promise<boolean> {
   const ranges = await getCloudflareIpRanges();
 
   if (ipaddr.IPv4.isValid(ip)) {
@@ -101,23 +105,3 @@ export async function isCloudflareIpAsync(ip: string): Promise<boolean> {
 
   return false;
 }
-
-function ipV4InCidr(addr: ipaddr.IPv4, cidr: string): boolean {
-  try {
-    const [net, prefix] = ipaddr.parseCIDR(cidr);
-    if (net.kind() !== "ipv4") return false;
-    return addr.match([net as ipaddr.IPv4, prefix]);
-  } catch {
-    return false;
-  }
-}
-
-function ipV6InCidr(addr: ipaddr.IPv6, cidr: string): boolean {
-  try {
-    const [net, prefix] = ipaddr.parseCIDR(cidr);
-    if (net.kind() !== "ipv6") return false;
-    return addr.match([net as ipaddr.IPv6, prefix]);
-  } catch {
-    return false;
-  }
-}

lib/constants.ts

@@ -8,44 +8,67 @@ export const USER_AGENT =
 
 export const REPOSITORY_SLUG = "jakejarvis/domainstack.io";
 
-// Time constants
-const SECONDS_PER_HOUR = 60 * 60;
-const SECONDS_PER_DAY = 24 * SECONDS_PER_HOUR;
+/**
+ * RDAP Bootstrap Registry URL from IANA.
+ * This JSON file maps TLDs to their authoritative RDAP servers.
+ * @see https://datatracker.ietf.org/doc/html/rfc7484
+ */
+export const RDAP_BOOTSTRAP_URL = "https://data.iana.org/rdap/dns.json";
+
+/**
+ * Cloudflare IP Ranges URL.
+ * This JSON file contains the IP ranges for Cloudflare's network.
+ * @see https://developers.cloudflare.com/api/resources/ips/methods/list/
+ */
+export const CLOUDFLARE_IPS_URL = "https://api.cloudflare.com/client/v4/ips";
+
+// Time constants (in seconds)
+const ONE_HOUR = 60 * 60;
+const ONE_DAY = 24 * ONE_HOUR;
+const ONE_WEEK = 7 * ONE_DAY;
+
+// RDAP bootstrap data (dns.json from IANA)
+// Changes infrequently (new TLDs, server updates); safe to cache aggressively
+export const TTL_RDAP_BOOTSTRAP = ONE_DAY; // 24 hours
+
+// Cloudflare IP ranges
+// Changes infrequently (new IP ranges); safe to cache aggressively
+export const TTL_CLOUDFLARE_IPS = ONE_DAY; // 24 hours
 
 // ===== Blob Storage Cache TTLs =====
 // How long to cache uploaded assets (favicons, screenshots, social images)
-export const TTL_FAVICON = 7 * SECONDS_PER_DAY; // 1 week
-export const TTL_SCREENSHOT = 14 * SECONDS_PER_DAY; // 2 weeks
-export const TTL_SOCIAL_PREVIEW = 7 * SECONDS_PER_DAY; // 1 week
+export const TTL_FAVICON = ONE_WEEK; // 1 week
+export const TTL_SCREENSHOT = 2 * ONE_WEEK; // 2 weeks
+export const TTL_SOCIAL_PREVIEW = ONE_WEEK; // 1 week
 
 // ===== Database Cache Expiry TTLs =====
 // When cached data in Postgres becomes stale and needs refresh.
 // Used by lib/db/ttl.ts functions to calculate expiresAt timestamps.
 
 // Registration data
-export const TTL_REGISTRATION_REGISTERED = SECONDS_PER_DAY; // 24 hours
-export const TTL_REGISTRATION_NEAR_EXPIRY = SECONDS_PER_HOUR; // 1 hour (aggressive near expiry)
-export const TTL_REGISTRATION_EXPIRY_THRESHOLD = 7 * SECONDS_PER_DAY; // 7 days (when to switch to aggressive)
+export const TTL_REGISTRATION_REGISTERED = ONE_DAY; // 24 hours
+export const TTL_REGISTRATION_NEAR_EXPIRY = ONE_HOUR; // 1 hour (aggressive near expiry)
+export const TTL_REGISTRATION_EXPIRY_THRESHOLD = ONE_WEEK; // 7 days (when to switch to aggressive)
 
 // DNS records
-export const TTL_DNS_DEFAULT = SECONDS_PER_HOUR; // 1 hour (fallback when no TTL provided)
-export const TTL_DNS_MAX = SECONDS_PER_DAY; // 24 hours (cap for received TTLs)
+export const TTL_DNS_DEFAULT = ONE_HOUR; // 1 hour (fallback when no TTL provided)
+export const TTL_DNS_MAX = ONE_DAY; // 24 hours (cap for received TTLs)
 
 // TLS certificates
-export const TTL_CERTIFICATES_WINDOW = SECONDS_PER_DAY; // 24 hours (normal refresh window)
-export const TTL_CERTIFICATES_MIN = SECONDS_PER_HOUR; // 1 hour (minimum check interval)
-export const TTL_CERTIFICATES_EXPIRY_BUFFER = 48 * SECONDS_PER_HOUR; // 48 hours (start aggressive checking before expiry)
+export const TTL_CERTIFICATES_WINDOW = ONE_DAY; // 24 hours (normal refresh window)
+export const TTL_CERTIFICATES_MIN = ONE_HOUR; // 1 hour (minimum check interval)
+export const TTL_CERTIFICATES_EXPIRY_BUFFER = 2 * ONE_DAY; // 48 hours (start aggressive checking before expiry)
 
 // HTTP headers, hosting, SEO
-export const TTL_HEADERS = 12 * SECONDS_PER_HOUR; // 12 hours
-export const TTL_HOSTING = SECONDS_PER_DAY; // 24 hours
-export const TTL_SEO = SECONDS_PER_DAY; // 24 hours
+export const TTL_HEADERS = 12 * ONE_HOUR; // 12 hours
+export const TTL_HOSTING = ONE_DAY; // 24 hours
+export const TTL_SEO = ONE_DAY; // 24 hours
 
 // ===== Redis Cache TTLs =====
 // Lightweight registration status cache (stores only true/false, not full data).
 // Unregistered domains are ONLY cached here, never in Postgres.
-export const REDIS_TTL_REGISTERED = SECONDS_PER_DAY; // 24 hours
-export const REDIS_TTL_UNREGISTERED = SECONDS_PER_HOUR; // 1 hour
+export const REDIS_TTL_REGISTERED = ONE_DAY; // 24 hours
+export const REDIS_TTL_UNREGISTERED = ONE_HOUR; // 1 hour
 
 // ===== Background Job Revalidation =====
 // How often Inngest jobs attempt to refresh each section's data.

lib/rdap-bootstrap.ts

@@ -0,0 +1,29 @@
+import "server-only";
+import type { BootstrapData } from "rdapper";
+import { RDAP_BOOTSTRAP_URL, TTL_RDAP_BOOTSTRAP } from "@/lib/constants";
+
+/**
+ * Fetch RDAP bootstrap data with Next.js caching.
+ *
+ * The bootstrap registry changes infrequently (new TLDs, server updates),
+ * so we cache it for 24 hours using Next.js's built-in fetch cache.
+ *
+ * This eliminates redundant fetches to IANA on every domain lookup when
+ * passed to rdapper's lookup() via the customBootstrapData option.
+ *
+ * @returns RDAP bootstrap data containing TLD-to-server mappings
+ * @throws Error if fetch fails (caller should handle or let rdapper fetch directly)
+ */
+export async function getRdapBootstrapData(): Promise<BootstrapData> {
+  const res = await fetch(RDAP_BOOTSTRAP_URL, {
+    next: { revalidate: TTL_RDAP_BOOTSTRAP },
+  });
+
+  if (!res.ok) {
+    throw new Error(
+      `Failed to fetch RDAP bootstrap: ${res.status} ${res.statusText}`,
+    );
+  }
+
+  return res.json();
+}

package.json

@@ -74,7 +74,7 @@
     "posthog-node": "^5.10.4",
     "puppeteer-core": "24.26.1",
     "radix-ui": "^1.4.3",
-    "rdapper": "^0.10.4",
+    "rdapper": "^0.11.0",
     "react": "19.2.0",
     "react-dom": "19.2.0",
     "react-map-gl": "^8.1.0",

pnpm-lock.yaml

@@ -10,7 +10,7 @@ import {
 } from "vitest";
 
 vi.mock("@/lib/cloudflare", () => ({
-  isCloudflareIpAsync: vi.fn(async () => false),
+  isCloudflareIp: vi.fn(async () => false),
 }));
 
 beforeAll(async () => {

server/services/dns.test.ts

@@ -1,6 +1,6 @@
 import { eq } from "drizzle-orm";
 import { acquireLockOrWaitForResult } from "@/lib/cache";
-import { isCloudflareIpAsync } from "@/lib/cloudflare";
+import { isCloudflareIp } from "@/lib/cloudflare";
 import { USER_AGENT } from "@/lib/constants";
 import { db } from "@/lib/db/client";
 import { replaceDns } from "@/lib/db/repos/dns";
@@ -485,7 +485,7 @@ function normalizeAnswer(
     case "A":
     case "AAAA": {
       const value = trimDot(a.data);
-      const isCloudflarePromise = isCloudflareIpAsync(value);
+      const isCloudflarePromise = isCloudflareIp(value);
       return isCloudflarePromise.then((isCloudflare) => ({
         type,
         name,