By Manny Fernandez

March 31, 2026

RFC 8805 – Self-Published Geo Location Feeds

RFC 8805, used to be known as Self-Correcting IP Geolocation Feeds, is a standard designed to improve the accuracy of how IP addresses are mapped to physical locations. For anyone running a network, especially in a world of remote work and dynamic cloud environments, it is a game-changer for reducing “latency” in geolocation database updates.  This can be used to bypass geo-fencing scenarios as well.

The Problem: Stale Geolocation Data

Traditionally, IP geolocation depends on third-party providers  to “guess” where an IP is located based on WHOIS data or network latency measurements. This process is often slow, leading to:

  • Users being served content in the wrong language.

  • Security tools flagging legitimate logins as “impossible travel.”

  • Inaccurate local weather or news feeds.

Third Party IP geolocation feed providers

MaxMind – A prominent, long-standing provider (est. 2002) known for its GeoIP databases, offering high-accuracy data for fraud detection, digital rights management, and content personalization.

IPinfo.io – Offers comprehensive IP geolocation, including ASN, ISP, and company data, recognized for accurate, fast API responses.

IP2Location – Provides databases and REST APIs focusing on accurate geolocation, including proxy and VPN detection, often used for content localization.

IPgeolocation.io – Trusted for reliable geolocation services for websites and applications to identify visitors.

DB-IP – Offers updated geolocation databases including country, region, city, and latitude/longitude.

IPData.co
ipstack
IP-API.com
Ipligence
Neustar (Localeze)
EurekAP

How we address with RFC 8805

RFC 8805 allows network operators to publish their own geolocation data in a simple, machine-readable format. Instead of waiting for a provider to crawl your network, you push the truth.

How it Works

  1. The Feed You host a simple CSV file on an HTTPS server.

  2. The Content Each line maps an IP prefix to a country, region, city, and postal code.

  3. The Discovery You add a link to this feed in your WHOIS/RDAP records using the remarks field.

Format Example

The CSV format is strictly defined to ensure compatibility: # IP_prefix, country, region, city, postal_code 192.0.2.0/24, US, NY, New York, 10001 203.0.113.0/24, CA, ON, Toronto,

What is WHOIS 

WHOIS is an older text‑based query/response protocol (defined in RFC 3912) that lets you look up registration data for Internet resources such as domain names, IP address blocks, and Autonomous System Numbers.
* It runs on its own TCP port (traditionally 43) and returns unstructured free‑text, which humans can read but is harder for software to parse reliably.
* Historically, RIRs (ARIN, RIPE, etc.) and many domain registries published IP and domain registration data via WHOIS, and tools like whois 203.0.113.0 are still common.

What is RDAP 

RDAP (Registration Data Access Protocol) is the modern, HTTP/HTTPS‑based replacement for WHOIS for accessing registration data for domain names, IP addresses, and ASNs.
* It returns structured JSON responses, with standardized fields, internationalization support, redirects, and extensibility, making it easier for automated tools to consume.
*  ICANN and RIRs have moved to RDAP as the primary protocol, and ICANN has formally sunsetted WHOIS for gTLD domain registration data in favor of RDAP.

Why It Matters for InfoSec & Ops

  • Precision – You define the location down to the city level for your VPN pools or branch offices.

  • Privacy –  The RFC specifically allows for “omitting” specific details (like postal codes) to protect user privacy while still providing regional accuracy.

  • Automation – Geolocation providers automatically scrape these feeds, meaning your changes propagate across the internet in days rather than weeks.

To run whois search on macOS , run the following command

whois infosecmonkey.com

To run rdap queries on macOS, you will need to install it (using homebrew)

brew install rdap

Once you install it, you can now run it….

rdap infosecmonkey.com

 

Recent posts

  • If you've spent any time configuring user authentication on... Full Story

  • DNS is one of those technologies that quietly underpins... Full Story

  • BGP issues on FortiGate firewalls usually trace back to... Full Story

  • Every time your laptop talks to your router, a... Full Story

  • If you've spent any time configuring NAT on a... Full Story

  • If you have spent any time configuring firewall policies... Full Story

  • High availability on FortiGate is one of those features... Full Story

  • If you've configured SD-WAN on a FortiGate, you've almost... Full Story

  • FortiLink is the management protocol that turns a FortiSwitch... Full Story

  • FortiSwitches are pretty rock solid from Mean Time Between... Full Story

  • This is a quicky tip.  Have you ever gone... Full Story

  • DNS is one of those quiet pieces of internet... Full Story

  • This article is an updated version of the previous... Full Story

  • You will add ns2 as a secondary (slave) BIND9... Full Story

  • In the process of deploying my lab, I needed... Full Story

  • RFC 8805, used to be known as Self-Correcting IP... Full Story

  • Years back, I wrote an article about certificate pinning. ... Full Story

  • FortiGates have the ability to send alerts to Microsoft... Full Story

  • In this post, I am going to walk through... Full Story

  • Troubleshooting VoIP on a FortiGate can feel like trying... Full Story

  • Prior to FortiOS 7.0, there were three commands to... Full Story

  • In this post, I am going to go over... Full Story

  • What we are going to do:  We are going... Full Story

  • Choosing between FGCP (FortiGate Clustering Protocol) and FGSP (FortiGate... Full Story

  • Creating a VLAN on macOS (The "Pro" Move) A... Full Story

  • This blog post explores the logic behind how macOS... Full Story

  • Pretty Fly for a Wi-Fi Tell My Wi-Fi Love... Full Story

  • Part of my daily gig is creating BoMs (Bill-of-Materials)... Full Story

  • ICMP introduces several security risks, but careful filtering, rate... Full Story

  • The command diag debug application dhcps -1 enables full... Full Story

  • In the world of FortiOS, execute tac report is... Full Story

  • LLDP; What is it The Link Layer Discovery Protocol... Full Story

  • What it actually does When you run diagnose fdsm... Full Story

  • Monkey Bites are bite-sized, high-impact security insights designed for... Full Story

  • I have run macOS in macOS with Parallels but... Full Story

  • Don't be confused with my other FortiNAC posts where... Full Story

  • This is the third session in a multi-part article... Full Story

  • Today I was configuring key-based authentication on a FortiGate... Full Story

  • Netcat, often called the "Swiss Army knife" of networking,... Full Story

  • At its core, IEEE 802.1X is a network layer... Full Story

  • In case you did not see the previous FortiNAC... Full Story

  • This is our 5th session where we are going... Full Story

  • Now that we have Wireshark installed and somewhat configured,... Full Story

  • The Philosophy of Packet Analysis Troubleshooting isn't about looking... Full Story

  • 1. High-Level Overview The FortiGate Wireless Intrusion Detection System... Full Story

  • What MIMO Actually Does Multiple Input, Multiple Output (MIMO)... Full Story

  • A practitioner's tour of the diagnose, test, and fnsysctl... Full Story