26 Whois

Prototypical answer:

gTLDFull Legal NameE-mail suffixDetail
.BBCBritish Broadcasting Corporationbbc.co.ukView

Question 26 - Whois

High-level System Description

Nominet, the registry service provider, will provide a real time Whois for domain names, nameserver data and for registrar data. The Whois may be accessed by any Internet user either through a web-based portal or via the port 43 service. A searchable Whois will also be provided.

The Whois services interface with the rest of the registry via a shared database. This ensures that data is correct and up-to-date, and a correct response can be generated at the instant that a query is received. The searchable Whois maintains its own cache for efficiency, which is refreshed hourly, directly from the shared registry database.

The services are implemented in a virtualised architecture (see Q32) and share a common infrastructure.

Standards compliance

The dot BBC Whois service will be compliant with specification 4 of the registry agreement. It will be available on whois.nic.bbc. The Whois services (port 43 and web based) respond as described in Specification 4 of the Registry Agreement; an outline for this is presented in the paragraphs ʺData Objectsʺ below.

The web-based Whois will also be available at whois.nic.bbc as required by specification 4. The user may enter the domain name, nameserver or registrar into a web form and will receive a response. If the request cannot be parsed as any of these three categories then an appropriate error message will be returned.

The Whois service will be compliant with Request for Comments (RFC) 3912. As specified by the RFC, the Whois service will listen on Transmission Control Protocol (TCP) port 43 for requests from clients. If a valid request, terminated as specified in RFC 3912 by an ascii carriage return and line feed, is received then a response will be returned.

Performance and availability of the Whois service exceed the requirements given in Specification 10 of the registry agreement.

Data objects

The Whois services (port 43 and searchable) respond as described in Specification 4 of the Registry Agreement; an outline for this is presented in the paragraphs below.

Data objects: Domain names

If a request for a valid and registered dot BBC domain name is received by either Whois interface then a response will be returned displaying information about that domain name in the key-value pair format described in Specification 4 of the Registry Agreement. The following information will be returned:

- Domain Name
- Whois server
- Dates - creation, last update, expiry
- Registrar details
- Any status values
- All contact details - Registrant, admin, tech and billing
- Nameserver information including Domain Name System Security Extensions (DNSSEC) status information.
- Time of last update of Whois database, which is the time at which the lookup was made.

If a valid request is received and parsed as a domain name, but the domain name is either not registered or out-of-registry then an appropriate error message will be returned.

Data objects: Hosts

If a request for a nameserver held within the registry is received then a response will be returned displaying information about that nameserver. Nameserver information will be displayed in the key value pair format described in Specification 4 of the Registry Agreement. The following information will be returned:

- Nameserver name
- Internet Protocol (IP) addresses, both Internet Protocol Version 4 (IPv4) and Internet Protocol Version 6 (IPv6)
- Registrar information
- Time of update of the Whois database, which is the time at which the lookup was made.

If a request is parsed as a nameserver but is not in the registry then an appropriate error message will be returned.

Data objects: Registrars

If a request for a dot BBC registrar is received then a response will be returned displaying information about that registrar in the key-value pair format described in Specification 4 of the Registry Agreement. The following information will be returned:

- Name
- Address
- Contact name, phone numbers, fax numbers and email addresses.
- Website information

If a valid registrar Whois request is received and the requested registrar is not in the registry then an appropriate error message will be returned.

Bulk access

Nominet will provide ICANN with bulk access to Whois data as described in specification 4 of the Registry Agreement:

- Nominet will provide a weekly data file, using the Data Escrow format described in Specification 2, containing the thin Whois data described in Specification 4. The file will be made available to ICANN for download by SFTP. Other download methods will be provided to ICANN if requested in the future.

- In the case of registrar failure or other event that prompts the transfer of a registrars domain names to another registrar, Nominet will provide ICANN with up-to-date data for the domain names affected. Nominet will provide the data to ICANN in the Data Escrow Format described in Specification 2 within two business days. The file will be made available for download by SFTP or by any other method agreed with ICANN.

Data Protection

Nominet will ensure that data supplied by registrants is protected in accordance with all applicable laws (specifically the UK Data Protection Act 1998 and the European Union (EU) Data Protection Directive which informed it), including through an appropriately designed Whois implementation.

It should be noted that EU data protection laws place significant restrictions on the circumstances under which personal data can be distributed to the public. The Information Commissioner’s Office (the UK data protection authority to which the registry would be subject) has indicated to Nominet that the indiscriminate publishing of the personal data of individual registrants via the Whois would not be compatible with EU data protection laws. They regard an opt-out model of the kind used by dot UK and dot TEL to be the best compromise between ensuring the integrity of the Whois and protecting the data protection rights of individuals.

It is not intended to allow third parties to register domain names in dot BBC as it is a closed registry and so there is no risk of publishing personal data.


Potential forms of abuse to a Whois service include:

- Harvesting data - querying all domain names to provide a catalogue of contact details.
- Denial of service - making many connections to the Whois server, or flooding connections with data.
- Structured Query Language (SQL) Injection - crafting queries to the service to attempt to modify the underlying database.

The Whois server has a number of measures built into it to prevent such abuse:

- If a clientʹs request is not terminated within a reasonable number of characters then the connection with the client is closed automatically.
- Whois lookups are checked and sanitised to prevent SQL injection attacks.
- Bind variables are always used in all our database queries to prevent SQL injection attacks.
- The Whois server is implemented in a way that allows a limit to be placed on lookups from any single location.

Statistical analysis on lookups to detect distributed abuse is also performed.

Stability, availability and performance

Nominet is experienced in providing a stable Whois system and has done so for dot UK for many years. The Whois server is provided on a primary data-centre and fully duplicated on a secondary data-centre. Failover procedures are well practiced.

Percentage availability figures for the dot UK Whois are shown in table 26.1 of attachment Q26_Whois_Tables.pdf

Performance and availability will exceed the requirements given in Specification 10 of the new gTLD Agreement.

Searchable Whois

Nominet will provide a searchable Whois service to Internet Users on a subscription basis. Nominet has provided this service for the dot UK domain name registry since 2006 (known as the Public Register Search Service (PRSS)).

The Searchable Whois technology enables wildcard searches to be made on any fields, including:

- domain name
- registrant name
- postal address
- contact names
- registrar ids
- nameservers
- IP addresses

Searches on multiple fields may be combined using boolean logic.

Results can be exported as a comma separated values (CSV) file. Nominet also has the facility to allow users to set up to 20 search terms to be monitored automatically. Notifications are sent by daily email if domain names are registered matching the search terms.

The searchable Whois uses a separate database to the main Whois. This database uses the search and indexing technology provided by Apache Solr (http:⁄⁄lucene.apache.org⁄solr) to provide optimum search facility and speeds. The search database will be synchronised with the main registry database on an hourly basis.

The Searchable Whois has measures to detect and deal with abuse, similar to those for the port 43 Whois (see above).

Whois Architecture

The Whois server obtains its information directly from the main registry database so its responses are real time. The Whois server is developed in Java using the Spring Framework. Connection management is implemented using Netty (www.jboss.org⁄netty).

The Port 43 Whois infrastructure is shown in figure 26.1 of attachment Q26_Whois_Figures.pdf

The Port 43 Whois server specifications shown in table 26.2 of attachment Q26_Whois_Tables.pdf

The Searchable Whois Architecture is as shown in figure 26.2 of attachment Q26_Whois_Figures.pdf

The Searchable Whois server specifications are shown in table 26.3 of attachment Q26_Whois_Tables.pdf

The Searchable Whois is implemented as part of Nominetʹs interactive online services using the Spring Framework. The front end handles the interface with the user, including authentication, taking details of the search required and presenting the results. The middleware handles the mechanics of the search.

The front end and middleware servers are each provisioned as a load balanced pair, using the same load balancer topology and technology as the main Whois architecture above, namely a pair of F5 Networks big-IP servers.

The Whois service for dot BBC will be deployed on dedicated virtual servers in Nominetʹs datacentres. The servers making up the dot BBC Whois service will have their own dedicated resources as shown in Figure 26.1 of the attachment Q26_Whois_Figures.pdf.

Connectivity is shared with the other registry systems deployed at the datacentre for dot BBC, dot UK and up to five other gTLDs. The total available bandwith is 10 gigabits per second and traffic through each server will be throttled to an appropriate level to both provide sufficient connectivity for the Whois traffic levels and to mitigate against the impact of any traffic surges.

It is estimated, from the Whois traffic experienced for the bbc.co.uk domain name that there will be up to 20,000 lookups per day. The dot BBC Whois service is provisioned to handle more than 1,000,000 lookups per day.

IT and infrastructure resources

Nominetʹs two datacentres will be connected by two 10GB dual path and geographically diverse links. Each link has a latency of less than one millisecond. Replication between the two datacentres will be asynchronous but the replicated data will be only a few milliseconds behind that of the live data. Should connectivity to one datacentre fail, the other will automatically assume the role of being the primary datacentre.

The two datacentres will be connected to Nominetʹs main office by 1GB links. This allows mechanisms to be put in place to avoid possible ʺsplit brainʺ scenarios where connectivity between the datacentres is lost and both believe the other is lost and assume the primary datacentre role. Each datacentre will have a multi-homed 100MB transit link to the outside world. This connectivity will be handled by six Tier-1 providers in order to ensure availability and redundancy. Nominet will also maintain 100MB links to peering points with Internet Exchanges such as the London Internet Exchange (LINX https:⁄⁄www.linx.net⁄) and the London Access Point (LoNAP http:⁄⁄www.lonap.net⁄) from each datacentre.

The Whois infrastructure is described in the preceding paragraph ʺWhois Architectureʺ.

Service continuity

Nominet will provide the Whois network architectures shown in figures 26.1 and 26.2 of attachment Q26_Whois_Figures.pdf in a primary datacentre and replicated in full in a secondary datacentre. The registry database is replicated from the primary datacentre to the secondary using Dataguardʹs Maximum Performance Replication. The SOLR index is generated on both datacentres for the searchable Whois. This architecture allows Nominet to have standard operating procedures to enable transition within minutes if necessary and this procedure will be practiced on a monthly basis. The Whois servers maintain high availability via SAN and virtualisation replication technologies. Should connectivity to the primary datacentre be lost the service will instantly be available in the secondary datacentre.

In the very unlikely scenario that connectivity was lost to both datacentres (such that none of the six Tier-1 providers could connect to either datacentre), Nominet will maintain a third datacentre in Geneva, Switzerland that will be able to provide essential registry services in such a catastrophe.

Nominet has a full set of business continuity plans and these have been accredited to the BS25999 business continuity standard.

Customisation of Whois service

Nominet will customise the dot BBC Whois service as required to handle any change in Whois output that may be deemed necessary by ICANN.

Resource plan

The dot BBC main Whois service has been implemented, with pre production testing and customisation to be completed in 2012. Nominet has large development, infrastructure and customer support teams experienced in running all its dot UK services. Nominet will dedicate the following resources and time from these existing teams, as well as additional resources where appropriate, to the pre-launch and post launch maintenance tasks:


- Test bed deployment: 5 days by a Systems administrator
- Pre-launch load testing: 5 days split between a systems administrator and a java developer
- Packaging for production: 2 days by a java developer
- Deployment to production: 5 days by a systems administrator

Total pre launch resource time 17 days.

Post launch

- Customer support: 8 hours per week
- Technical support: 4 hours per week
- Monitoring of and involvement in Whois standards development: 2 hours per week by a research team member and member of development team

Total post launch resource 14 hours per week.

Similar gTLD applications: (6)

gTLDFull Legal NameE-mail suffixzDetail
.BENTLEYBentley Motors Limiteddemys.com-4.07Compare
.XFINITYComcast IP Holdings I, LLCfairwindspartners.com-4.07Compare
.COMCASTComcast IP Holdings I, LLCfairwindspartners.com-4.07Compare
.TELECITYTelecityGroup International Limitedhoganlovells.com-3.85Compare
.cymruNominet UKnominet.org.uk-3.41Compare
.walesNominet UKnominet.org.uk-3.41Compare