WHOIS Running the Internet: Protocol, Policy, and Privacy, First Edition

WHOIS Running the Internet

Protocol, Policy, and Privacy

Published by John Wiley & Sons, Inc., Hoboken, New Jersey Published simultaneously in Canada

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per‐copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750‐8400, fax (978) 750‐4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748‐6011, fax (201) 748‐6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762‐2974, outside the United States at (317) 572‐3993 or fax (317) 572‐4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Perl = The Perl Foundation.

Library of Congress Cataloging-in-Publication Data Bruen, Garth O. WHOIS running the Internet : protocol, policy, and privacy / Garth O. Bruen. pages cm Includes bibliographical references and index. ISBN 978-1-118-67955-5 (hardback) 1. WHOIS (Computer network protocol) 2. Internet domain names–Government policy. 3. Privacy, Right of. I. Title. TK5105.5864.B78 2015 004.67′8–dc23 2015020393 Cover image courtesy of 137867102/Jorg Greuel/Getty 455164793/rozkmina/Getty

Set in 10/12pt Times by SPi Global, Pondicherry, India

Printed in the United States of America

10 9 8 7 6 5 4 3 2 1

1 2016 This book is dedicated to my father, Robert, who taught me all I know and never stopped teaching.

Contents

Introduction: What Is WHOIS? 1 I.1 Conventions Used in this Text 4 I.2 Flow of this Text 5 I.3 WHOIS from versus WHOIS about 5 I.4 Origin of the Term WHOIS 6 I.5 Why WHOIS Is Important (or Should Be) to Everyone 7 I.6 What Kind of Use and Contact Is Permitted for WHOIS 7 I.7 Where Is the WHOIS Data? 8 I.8 Identifying Remote Communication Sources 8 I.9 Getting Documentation 11

1 the History of Whois 13 1.1 In the Beginning 13 1.2 The Sands of Time 14 1.2.1 Seals 15 1.2.2 From Signal Fires on the Great Wall to Telegraphy 15 1.2.3 The Eye of Horus 17 1.3 1950s: On the Wires and in the Air 18 1.3.1 Sputnik Changes Everything 18 1.3.2 Telegraphs, Radio, Teletype, and Telephones 19 1.3.3 WRU: The First WHOIS 20 1.4 1960s: Sparking the Internet to Life 26 1.4.1 SRI, SAIL, and ITS 26 1.4.2 Doug Engelbart: The Father of Office Automation 27 viii Contents

1.5 1970s: Ok, Now That We Have an Internet, How Do We Keep Track of Everyone? 27 1.5.1 Elizabeth “Jake” Feinler 27 1.5.2 The ARPANET Directory as Proto‐WHOIS 27 1.5.3 The Site Status List 28 1.5.4 Distribution of the HOSTS Table 30 1.5.5 Finger 30 1.5.6 Sockets 31 1.5.7 Into the VOID with NLS IDENTFILE 32 1.5.8 nAME/FINGER RFC 742 (1977) 33 1.5.9 Other Early Models 35 1.6 1980s: WHOIS Gets Its Own RFC 36 1.6.1 The DNS 37 1.6.2 WHOIS Updated for Domains (1985) 38 1.6.3 Oops! The Internet Goes Public 39 1.7 1990s: The Internet as We Know It Emerges 40 1.7.1 Referral WHOIS or RWhois RFC 1714 (1994) 41 1.7.2 WHOIS++ RFCs 1834 and 1835 (1995) 41 1.7.3 ICANN Takes over WHOIS (1998) 42 1.8 2000s: WHOIS Standards 42 1.8.1 ICANN’s Registrar Accreditation Agreement and WHOIS (2001) 43 1.8.2 WHOIS Protocol Specification 2004 RFC 3912 (2004) 43 1.8.3 Creaking of Politics 44 References 45 2 Using Whois 47 2.1 Domain WHOIS Data 48 2.1.1 Record Terminology 48 2.2 Domain WHOIS Fields 52 2.2.1 Status 54 2.2.2 Registrar 54 2.2.3 Nameservers 55 2.2.4 Registrant, Administrative, Technical, and Billing 56 2.2.5 names and Organizations 56 2.2.6 Emails 57 2.2.7 Addresses 58 2.2.8 Phone Numbers 58 2.2.9 Record Dates 59 2.2.10 DNSSEC 59 2.2.11 Other Information 60 2.3 Getting Records about Various Resources 60 2.3.1 Starting at the Top: The Empty Domain 60 2.3.2 Query WHOIS for a TLD as a Domain 61 2.3.3 WHOIS for A Registrar or Registry 62 2.3.4 Nameservers 63 2.3.5 Registrar and Registry 64 2.3.6 Special Cases 65 2.3.7 Dealing with Weird Results 73 Contents ix

2.4 IP WHOIS 74 2.4.1 Five Regional NICs 75 2.4.2 CIDR and ASN 80 2.4.3 IPv4 and IPv6 81 2.5 ccTLDs and IDNs 82 2.5.1 ccTLDs 82 2.5.2 IDNs 84 2.5.3 Language versus Script 85 2.5.4 ASCII 85 2.5.5 Unicode 86 2.5.6 Getting WHOIS Records for IDNs 87 2.6 WHOIS Services 87 2.6.1 Port 43 Command Line or Terminal 88 2.6.2 Clients 89 2.6.3 Representational State Transfer (RESTFul) WHOIS 97 2.6.4 Web‐Based WHOIS 97 2.6.5 Telnet to WHOIS Server 99 2.6.6 More Services, Software, and Packages 100 2.6.7 WHOIS Functions, Switches, and Tricks 102 2.6.8 Obscure, Archaic, and Obsolete WHOIS Services 104 References 105

3 Research and Investigations 107 3.1 Completely Disassembling a WHOIS Record 108 3.1.1 A Normal, Safe Domain: cnn.com 108 3.1.2 Deconstructing the WHOIS for a Spammed Domain 116 3.1.3 Illicit Domain WHOIS 120 3.1.4 Virus Domain WHOIS 121 3.1.5 Tracking Cybersquatters and Serial Trademark Violators 123 3.1.6 network Security Administrator Issues 124 3.1.7 Protecting Your Domain with Accurate WHOIS 125 3.2 More Tools 126 3.2.1 Ping 126 3.2.2 Traceroute 126 3.2.3 Secondary Sources, Historical Data, and Additional Tools 126 References 129

4 Whois in the Domain Name System (Dns) 131 4.1 The Big Mistake 131 4.2 Basics of the DNS 133 4.2.1 TCP/IP, Layers, and Resolvers 133 4.2.2 How a Domain Becomes a Website 134 4.2.3 WHOIS Pervades the DNS 134 4.2.4 ICANN, IANA, Registries, and Registrars 135 4.2.5 .ARPA: Special Architectural TLD 138 4.2.6 Setting the Example with Reserved Domains 139 4.2.7 DNS RFCs 882, 883, 1033, and 1034 140 x Contents

4.3 DNS RR 141 4.3.1 Berkeley Internet Name Domain 141 4.3.2 Shared WHOIS Project 141 4.3.3 Using the DiG 142 4.3.4 Graphic DNS Software and Websites 145 4.3.5 Finding Hidden Registrars and Tracking Roots 146 4.3.6 Traceroute 150 4.4 Outside the DNS: An Internet without WHOIS 153 4.4.1 The Onion Routing 153 4.4.2 .ONION and Other TLDs 155 Reference 157

5 WHOIS Code 159 5.1 Automating WHOIS with Batching and Scripting 159 5.1.1 DiG Example 159 5.1.2 DOS Batch File Example 160 5.1.3 VBScript Example 160 5.2 WHOIS Client Code 161 5.2.1 What a WHOIS Client Should Do 161 5.2.2 Early Versions 163 5.2.3 C/C++ 164 5.2.4 Perl 168 5.2.5 Java 169 5.2.6 Recursive Python WHOIS by Peter Simmons 169 5.2.7 Lisp WHOIS by Evrim Ulu 169 5.3 Web WHOIS Forms 170 5.3.1 Creating a WHOIS Web Interface with PHP 170 5.4 Parsing WHOIS Records 171 5.4.1 Ruby WHOIS by Simone Carletti 171 5.4.2 Regular Expressions 173

6 WHOIS Servers 175 6.1 Historical Servers 176 6.2 Server Standards and ICANN Requirements 177 6.3 Finding the Right Server 178 6.4 Installing and Configuring WHOIS Servers 180 6.4.1 JWhoisServer by Klaus Zerwes 180 6.4.2 WHOIS Daemon 186 6.5 WHOIS Database 186

7 WHOIS Policy Issues 189 7.1 The WHOIS Policy Debate 189 7.1.1 Basic Policy 191 7.1.2 ICANN Registrar Accreditation Agreement WHOIS Standards 191 7.1.3 Lack of Language Support in WHOIS 193 7.1.4 Abuses 193 Contents xi

7.1.5 Privacy 195 7.1.6 Source of Concerns 197 7.1.7 Creating Balance 197 7.1.8 European Privacy Laws and WHOIS 200 7.1.9 Drawing the Line 201 7.1.10 Uniform Domain‐Name Dispute‐Resolution Policy 203 7.1.11 WHOIS Inaccuracy, Falsification, Obfuscation, and Access Denial 209 7.2 Studies, Reports, and Activities on WHOIS 209 7.2.1 SSAC (2002) 210 7.2.2 Benjamin Edelman Congressional Testimony on WHOIS (2003) 210 7.2.3 US Government Accountability Office Report on Prevalence of False Contact Information in WHOIS (2005) 211 7.2.4 WHOIS Study Hypotheses Group Report to the GNSO Council (2008) 211 7.2.5 national Opinion Research Center at the University of Chicago (2009) 212 7.2.6 WHOIS Policy Review Team Final Report (2012) 212 7.3 WHOIS Enforcement and Nonenforcement at ICANN 213 7.3.1 Tracking ICANN’s Response to WHOIS Inaccuracy 215 7.3.2 ICANN Compliance Designed for Failure 218 7.3.3 ICANN’s Contract with Registrars Not Enforceable on WHOIS Accuracy 219 References 223

8 the Future of Whois 225 8.1 new gTLDs 226 8.2 WHOIS‐Based Extensible Internet Registration Data Service (WEIRDS) 227 8.3 Aggregated Registry Data Services (ARDS) 230 8.4 Truly Solving the Problem 231 8.5 Conclusion: The Domain Money Wall—or Why ICANN Will Never Fix WHOIS 232

Appendix A: WHOIS Code 237

Appendix B: WHOIS Servers 293

Index 331

INTRODUCTION: WHAT IS WHOIS?

WHOIS is a complex topic, as this book explains, but the simplest explanation is that it is a record system for network resources, mostly, but not exclusively on the Internet. WHOIS is one of the most critical and controversial services on the Internet, yet there has been little or no comprehensive documentation. A WHOIS service can be queried to return a WHOIS record, which details who owns or manages an Internet resource. While this service may seem ordinary, WHOIS is one of the most debated issues in Internet policy. In theory, WHOIS is supposed to simply retrieve contact information; in practice, WHOIS varies widely in composition, access, and use. This text covers the universe of topics and issues including the 40‐year evolution of the service, policy changes, comprehensive use instruc- tions, service deployment, and advanced coding for programmers. The text is wide in its breadth and attempts to be somewhat deep in each of the major areas, but there are limita- tions to coverage in a single text. Unlike computer programming, networking, or hardware development, WHOIS is a disconnected and esoteric discipline. It has many self‐taught adepts as well as almost cultish followers. WHOIS is a deep and wide subject without dedicated texts or classroom instruction, a truly strange and hidden world. Welcome, you are about to become a WHOIS sorcerer. From RFC11771 FYI on Questions and Answers to Commonly asked “New Internet User” Questions (1990)

WHOIS: An Internet program which allows users to query a database of people and other Internet entities, such as domains, networks, and hosts, kept at the NIC. The information for people shows a person’s company name, address, phone number and email address.

1 http://tools.ietf.org/pdf/rfc1177.pdf