26 Whois

Prototypical answer:

gTLDFull Legal NameE-mail suffixDetail
.LATECOM-LAC Federaciòn de Latinoamèrica y el Caribe para Internet y el Comercio Electrònicocabase.org.arView

WHOIS

.LAT Registry will provide Registration Data Publication Services in the form of whois, in both port 43 and web, zone file access and also bulk access to thick registry data to ICANN in accordance with Specification 4 of the Registry agreement.

The Whois or Registration Data Directory Service (RDDS) is a tool designed to provide identifying information of a domain name. It should be the first reference to find information related to a domain name. Anything from finding contact information to buy a domain name to identifying suspects in a criminal investigation uses the information of the whois to find out who is responsible for the use of a domain name. Whois implementation

.LAT whois implementation will provide free public query-based access to the information in the registry’s database as required by ICANN in the format described in specification 4 to the registry agreement. Users will be able to query the following object types:

* Domain name: whois EXAMPLE.LAT
* Nameserver: whois ʺNS1.EXAMPLE.LATʺ or whois ʺnameserver (IP Address)ʺ
* Registrar: whois ʺregistrar Example Registrar, Inc.ʺ

The format of the data will conform to the mappings specified in EPP RFCs 5730-5734 so that the display of this information (or values return in WHOIS responses) can be uniformly processed and understood.

The format of responses will follow a semi-free text format as described in Specification 4, and will include a legal disclaimer specifying the rights of Registry Operator, and of the user querying the database.

NIC Mexico’s current whois implementation provides a reliable, stable, secure platform to support the .LAT whois. The whois database is updated in a near real-time fashion with the latest information from the registry database to avoid user confusion. The whois will be available via the TCP port 43 or web at the .LAT registry website. .LAT whois implementation will comply with RFC391 (see attached diagram).

The whois protocol, by definition has no provisions for strong security, thus WHOIS protocol lacks mechanisms for access control, integrity, and confidentiality. Nevertheless .LAT implementation of whois considers some measures to avoid abuses. The web-based version will have a little more control on how information is accessed and .LAT registry will put the necessary effort needed to comply with data privacy laws in place.

The whois (RDDS) solution is an in-house development that has evolved over more than 10 years to achieve the required attributes needed to support the operations of the .MX ccTLD with high security, stability and performance. This evolution followed the availability of new and better technology, improvement of the skills of the technical staff and new business requirements. NIC Mexico currently supports the operations of the .MX ccTLD with more than half a million domain names using its long time proved whois implementation with great sucess; NIC Mexico’s whois implementation supports up to 8X (4 million domain names) the actual load without any degradation in the performance. This capacity exceeds the requirements for a TLD of the planned size of the .LAT TLD, yet the system can still augment its capacity to handle more domain names if necessary.

SECURITY

By definition, whois is not secure; it doesn’t offer access control mechanisms nor integrity or confidentiality. Nevertheless there will be a number of mechanisms to protect registry information and avoid abuse of the service.

Both port 43 and web services will be behind a firewall that only send TCP connections that completed the three way handshake to the back end server. There will be a limit on the number of requests that can be made from a single IP address in a certain period of time. If the limit is exceeded, the IP address will be blocked until the end of the period. The web whois additionally will feature a captcha to prevent query automation.

In IPv6 the number of public address at disposition of an attacker is enormous and NIC Mexico will periodically evaluate its abuse prevention and mitigation strategies to consider the operation realities of IPv6.

TECHNICAL INFRASTRUCTURE

The technical infrastructure to provide the service follows the same architecture as described in Question 24.

The port 43 and web implementations will have 2 servers each.

Due to NIC Mexico’s infrastructure design it is possible to add more servers to the farm in case of more processing power is needed without disrupting the operation of the whois.

Database power is provided by Oracle 11g as the industry leader for relational databases.

SEARCHABLE WHOIS

.LAT registry will implement search capabilities on the whois to offer a way to find domain names registered within a TLD. This tool would prove useful when trying to locate domain name that could be in violation of intellectual property or that may be subject of criminal investigation. An offender could be related to multiple domain names, or domain names could be completely unrelated with a very similar domain name, involved in illegal activities. A searchable whois would prove to be very useful to resolve many issues like the ones described above. Search capabilities will be provided for the web version only.

Search fields

In accordance with Specification 4 of the Registry Agreement .LAT Registry will offer partial match capabilities for the following fields:

* domain name,
* contacts and registrant’s name
* contact and registrant’s postal address, including all the sub-fields

.LAT Registry will offer exact-match capabilities, on the following fields:

* registrar id,
* name server name,
* name server’s IP address

To prevent abuses on the searchable whois, NIC Mexico will implement an incremental delay in responses to queries from the same IP address per period of time. Another abuse prevention feature of the searchable whois is the blocking of IP address if the number of concurrent connections exceeds a certain threshold. The incremental delay per number of queries and concurrent connection thresholds will be defined when more experience is gathered. Additionally, the searchable whois web interface will feature a captcha to prevent query automation.

In IPv6 the number of public address at disposition of an attacker is enormous and NIC Mexico will periodically evaluate its abuse prevention and mitigation strategies to consider the operation realities of IPv6.

ZONE FILE ACCESS

.LAT registry will comply with the Zone File Access requirement from Specification 4, Section 2 of the Registry Agreement.

.LAT Registry will enter into an agreement with any Internet user to grant him access to an Internet host server or servers designated by .LAT Registry and download zone file data. As indicated in Specification 4 the agreement will be standardized, facilitated and administered by an ICANN designated Centralized Zone Data Access Provider (the “CZDA Provider”). .LAT registry will collaborate with the CZDA Provider to successfully offer this service to legitimate users.

The basic agreement will be for a period of three months and will be offered at no cost to the user.

.LAT Registry will provide access to zone files generated according to section 2.1.4 of Specification. Parties interested in accessing the files must provide the credentials required in section 2.1.2 to obtain the user account and password to access a secure FTP server where the zone files will be hosted, otherwise the access will be denied. Legitimate users will be able to access and to transfer a copy of the top-level domain zone files. The FTP server directory structure and file naming will follow the scheme described in section 2.1.3 of Specification 4.

.LAT Registry will only allow access to the secure FTP server from the IP specified by the user, and will allow the user to download the files containing the zone information and the cryptographic checksum files for verification no more than once every 24 hours.

According with Specification 4, .LAT Registry will request valid credentials from any user that will permit correctly identify and locate the user, including company name, email address and the host name and IP address from where they will connect to access the files. .LAT Registry may reject the request for access of any user that does not provide correct or legitimate credentials under Section 2.1. 2 or where reasonably believes the user will violate the terms of Section 2.1.5 of Specification 4. .LAT Registry may revoke access of any user if Registry Operator has evidence to support that the user has violated the terms of Section 2.1.5.

As stated in Specification 4, .LAT Registry will permit user to use the zone file for lawful purposes; provided that, user takes all reasonable steps to protect against unauthorized access to and use and disclosure of the data. Furthermore, under no circumstances will .LAT Registry allow a user to use the data to transmit unsolicited messages to entities other than user’s own existing customers, or enable automated processes that send queries or data to the systems of .LAT Registry or any ICANN-accredited registrar. .LAT Registry will have a point of contact to handle violations and abuse complaints .LAT Registry may revoke access to any user if it has evidence to support that the user has violated the terms of Section 2.1.5.

According to Specification 4, .LAT Registry and NIC Mexico will cooperate with ICANN and the CZDA Provider to facilitate and maintain efficient access to zone file data by legitimate users. NIC Mexico will also provide ICANN and the designated Emergency Operator (EBERO) unrestricted and continuous access to zone files.

BULK REGISTRATION DATA ACCESS FOR ICANN

.LAT registry will comply with the Bulk Registration Data Access for ICANN requirement from Specification 4, Section 3 of the Registry Agreement.

.LAT will prepare a weekly file containing the registry’s Thin Registration Data on the day defined by ICANN to verify and ensure the operational stability of Registry Services as well as to facilitate compliance checks on accredited registrars. The requested information of domain names and registrar objects will follow the content and format specifications defined by ICANN in section 3.1.1 and 3.1.2, as defined in reference to data escrow format.

The files will be made available to ICANN via a SFTP server, or in the form requested in the future by ICANN.

In exceptional cases that require the transfer of domain names from a sponsoring registrar to another; .LAT registry will provide access to Thick Registration Data of a particular registrar upon request made by ICANN. The data will be provided in the format specified in Specification 2 for Data Escrow, with the file containing information related to the specified registrar only. The file will be made available to ICANN in 2 business days via a SFTP server, or in the form requested in the future by ICANN.

PERSONAL DATA PROTECTION

Recently in Mexico, the Federal Law for Protection of Personal Data in Possession of Private Entities was enacted. This law is aimed to protect personal data in possession of Private Entities, seeking to regulate the legitimate use of such data, in a transparent and informed fashion, in order to guarantee the privacy and right to informative self-determiation of persons.

This law establishes that anyone responsible for the treatment of personal data must implement and maintain administrative, technical and physical security measures that enable the protection of personal data from harm, loss, alteration, destruction, or unauthorized use, access and treatment.

NIC Mexico has paid due attention to the contents of this law, and performed the necessary actions to ensure that the .MX TLD operations fulfill this law. It should be noted that this law is one of the most strict with respect to personal data protection in other countries, and thus complying with it has meant a significant effort. At the same time, the .MX customers have gained greater security related to their personal data.

We consider that this experience with personal data protection, will allow us to fulfill all the legal requirements concerning personal data protection applicable to the .LAT, while providing a whois service according to the applicant guidebooki and that additionally, eCOM-LAC and NIC Mexico will employ the best practices in order to safeguard this sensitive information regarding the .LAT domains customers.

.LAT Registry will take every effort needed to balance the need for privacy with the need to provide access to records that contain information on the registrant and contacts of domain names in order to maintain security and stability of the DNS. .LAT registry will operate the WHOIS service in a way that is compatible with applicable privacy laws. .LAT will request from registrants the minimal set of information needed to perform the whois functions as required by ICANN.

Similar gTLD applications: (0)

gTLDFull Legal NameE-mail suffixzDetail