Domain Name Basics

WHOISa short introduction for newcomers

What is WHOIS?

2 | Tobias Sattler, CIO www.united-domains.de

WHOIS is a protocol to query databases, such as domain names, IP addresses or

autonomous system (AS) and is documented in Request for Comment (RFC) 3912.

WHOIS has its roots in 1982, when Internet Engineering Task Force (IETF) published

a protocol for a directory service for ARPANET users.

The Internet Assigned Numbers Authority (IANA) runs a WHOIS service as a starting

point and references to Regional Internet Registries (RIR) and Domain Name

Registries.

All gTLD and most of ccTLD Registries are running a WHOIS service for their Top-

Level-Domains (TLD).

Two WHOIS Models

3 | Tobias Sattler, CIO www.united-domains.de

The two common models to run a WHOIS are often characterized as ‘thin’ or/and

‘thick’.

A thin registry only includes technical data sufficient to identify the sponsoring

registrar, status of the registration, and creation and expiration dates for each

registration (e.g. .com, .net).

Thick registries maintain the registrant’s contact information and designated

administrative and technical contact information, in addition to the sponsoring

registrar and registration status information (e.g. .club, .org).

ICANN accredited Registrars are maintaining a WHOIS service for their sponsoring

gTLD domains, if the operating Registry is ‘thin’.

Almost all gTLDs have a thick WHOIS.

How is WHOIS working?

4 | Tobias Sattler, CIO www.united-domains.de

Source: https://whois.icann.org/en/dns-and-whois-how-it-works - Effective 03/2016

Law and Policy WHOIS has always been in the spotlight, because it can create privacy issues which

are tied to free speech and anonymity. According to law enforcement it is an

important tool to investigate spam and phishing and to track down the domain

name holder.

Many ccTLD Registries are restricting the access to their WHOIS database and/or

protecting the data by disclosing only the bare minimum of information.

gTLD Registries and Registrars are bound by ICANN contracts and policies to provide

complete and validated contact information of the domain name registrant,

administrative and technical contact.

Therefore many Registrants are willing to use WHOIS Privacy and Proxy Services to

hide there data from the public.

5 | Tobias Sattler, CIO www.united-domains.de

Accuracy of Information Besides the fact that a law enforcement is relying on an accurate WHOIS

information, it is very important to do it to keep a domain name.

ICANN is enforcing Registrars to provide complete, validated and verified WHOIS

data for gTLD domains. This includes the presence of data for all fields in a proper

format and to verify either the email address or the telephone number of the

domain name holder.

Many ccTLDs Registries are also imposing Registrars to do the same that they are

doing for gTLDs, however some ccTLDs are preforming their own checks, such as

local address databases.

If WHOIS information found to be inaccurate, registrant are compelled to update

their data. If this fails because the registrant is not reachable then this could lead to

a suspension. 6 | Tobias Sattler, CIO

www.united-domains.de

Future of WHOIS There were and there are a lot of Internet Corporation for Assigned Names and

Numbers (ICANN) Working Groups ongoing regarding WHOIS.

The Expert Working Group (EWG) of ICANN recommended 2013 that WHOIS

should be scrapped and proposed a system that keeps information secret from

most Internet users, and only discloses information for ‘permissible purposes’.

In 2015 the Internet Engineering Task Force (IETF) standardized the Registration

Data Access Protocol (RDAP) and it should become a successor to WHOIS.

It is yet to be determined if RDAP will succeed to fully replace WHOIS, because

there are still open security and privacy questions, a lot of services are built on

WHOIS and it will probably take a long time to adapt.

7 | Tobias Sattler, CIO www.united-domains.de

Thank you!

Please get in touch if you have any further questions:

https://tobiassattler.com

tobiassattler

8 | Tobias Sattler, CIO www.united-domains.de