|gTLD||Full Legal Name||E-mail suffix||Detail|
|.公司||Computer Network Information Center of Chinese Academy of Sciences （China Internet Network Information Center）||cnnic.cn||View|
China Internet Network Information Center (CNNIC), based on Request for Comments (RFC) 3912, provides data objects, bulk access, lookups and web-based searchable Whois service which are defined in Specification 4 and which meet the Service Level Requirements (SLR) of Specification 10. Appropriate precaution measures have been taken to prevent abuse of registered data information. CNNIC has made available the human resources, funds and equipment needed for implementing and maintaining Whois service.
26.1 Realization of Whois System
The Whois system is used to check the detailed information of registered domain names and whether a particular domain name has been registered. In addition, CNNIC supports searchable Whois service which has a web search function with domain names, registrant names, postal addresses, contact names, registrar IDs and Internet Protocol addresses as key words and which also has the Boolean search function.
26.1.1 System Architecture
Please refer to Figure 1 in the attachment of Q26_Attachment_Figure for the details of the architecture of the Whois system.
Data in the Whois database is created by advanced replication of the Shared Registration System (SRS) registration database. The Whois system consists of the WhoisD system which is accessible by command lines via Port 43, and the web-based Whois Web system. Whois Web requests are converted into WhoisD requests and the WhoisD system is connected to the Whois database to return query results to the user. The searchable Whois system provides searchable services by accessing Whois database index files. By advanced replication of the SRS registration database, a bulk access Whois database is generated which provides bulk access function for authorized registrars or third-party users.
26.1.2 System Functions
18.104.22.168 Queries about Domain Names
Registrars and registrants may send requests to the Whois system ʺwhois 实例.公司ʺ to query about a particular domain name. The Whois system will return the following information in accordance with Specification 4 of the Registry Agreement:
(1) Information about the domain name, including domain name (U-label, A-label and variant domain name), domain ID, updated date, creation date, registry expiry date and domain status.
(2) Whois server and referral URL.
(3) Information about the sponsoring registrar, including the sponsoring registrar and the sponsoring registrar Internet Assigned Numbers Authority (IANA) ID.
(4) Information about registrants in accordance with Specification 4.
(5) Information about administers in accordance with Specification 4.
(6) Information about the technician in accordance with Specification 4.
(7) Name Server and DNSSEC.
22.214.171.124 Queries about Registrars
Registrars and registrants may send requests to the Whois system whois ʺregistrar Example Registrar, Inc.ʺ to query about a particular registrar. The Whois system will return the following information in accordance with Specification 4 of the Registry Agreement:
(1) Information about the registrar in accordance with Specification 4.
(2) Whois server and referral URL.
(3) Information about the admin contact including phone number, fax number and Email.
(4) Information about the technical contact, including phone number, fax number and Email.
126.96.36.199 Queries on Name Servers
Registrars and registrants may send requests to the Whois system whois ʺNS1.EXAMPLE.TLDʺ or whois ʺnameserver (IP Address)ʺ to query about a particular name server. The Whois system will return the following information in accordance with Specification 4 of the Registry Agreement:
(1) Information of the server, including server name and its IP address.
(3) Whois server and referral URL.
188.8.131.52 Internationalized Domain Name (IDN) Support
The Whois system supports two ways of domain name query, i.e., U-label and A-label, and adopts UTF-8 encoding format to enable the Whois system to display information in both English and Chinese. Furthermore, the Whois system also supports displays both of U-label and A-label of the queried domain.
184.108.40.206 IP Black List
After connection with a user has been established, if the userʹs IP is found to be in the black list, then the Whois system will immediately terminate the connection.
220.127.116.11 Connection Timeout
After a connection is established, if a user does not perform any query operation within a specified time limit (configurable), the system will automatically terminate the connection.
18.104.22.168 Restrictions on the Interval of Query Time
For a user whose IP is not in the white list, their interval of query time (configurable) should be restricted to prevent highly frequent queries from hampering the response to other usersʹ queries.
22.214.171.124 Searchable Whois Service and Prevention of Information Abuse
Searchable Whois service has the following functions:
(1) For domain names, contacts, registrantʹs name, contact and registrantʹs postal address, including all the sub-fields described in Extensible Provisioning Protocol (EPP) (e.g., street, city, state or province, etc.), partial match capabilities are available.
(2) For registrar ID, name server name and name server IP address, exact match capabilities are available.
(3) Boolean search capabilities are available which meet the search criteria of AND⁄OR⁄NOT for multiple fields.
(4) All query results contain domain name-related information, including domain name, domain ID, updated date, creation date, registry expiry date and domain name status, etc.
CNNIC adopts the following measures to prevent information abuse:
(1) A registrar or registrant may only login the searchable Whois system using their own ID and password, and may only search information related to their own domain names.
(2) If a registrar, registrant or a third-party user wants to search othersʹ information, they need to explain the reasonable purposes, commit to protect privacy and security, and sign an agreement with CNNIC at first.
126.96.36.199 Bulk Access
Whois service provides bulk access capabilities for authorized registrars and third-party users. To reduce the impact of bulk access on the load of core Whois database, the data related to the capabilities are provided by a separate Whois database for bulk access.
To guarantee the quality of bulk access service, the Whois system, by identifying the userʹs IP address, provides its service only for authorized registrars and third-party users.
26.1.3 System Deployment
Please see Figure 2 in the attachment of Q26_Attachment_Figure.
(1) Internet Access
CNNIC, via Border Gateway Protocol (BGP), broadcasts service addresses of WhoisD, Whois Web, Whois bulk access and searchable Whois etc.. Users can access Whois service through multiple Internet Service Providers (ISPs).
(2) Load Balancer
WhoisD, Whois Web, Whois bulk access and searchable Whois services are all configured in the layer 4 load balancers.
(3) Whois Web Servers
The load balancers directly allocate a Whois Web request to the 4 Whois Web servers which will transfer the request back to the load balancer. The load balancer will then transfer the request to the 4 WhoisD servers. The WhoisD server, by accessing the Whois database, feeds the WhoisD query results back to the Whois Web server, which will then transfer the results to the user through the load balancers.
(4) WhoisD Servers
The load balancers directly distribute WhoisD requests to the 4 WhoisD servers which will, by accessing the Whois database, transfer the query results to the user.
4 high-performance blade servers providing WhoisD service are configured in different blade boxes and subnets.
(5) Searchable Whois Servers
Searchable Whois service requests are distributed to 4 searchable Whois servers which are configured in different blade boxes and subnets.
(6) Bulk-access Whois Servers
Whois servers provide bulk access capabilities for authorized third parties. Four bulk-access Whois servers respond to their query requests. These servers are configured in different blade boxes and subnets.
(7) Searchable Whois Index Servers
Searchable Whois requests are distributed by searching searchable index files through searchable Whois servers. Two high-performance blade servers providing searchable Whois index files are configured in different blade boxes and subnets. Whois index file servers generate index files on a regular basis and the frequency of data update is once every 5 minutes.
(8) Whois Database
The core Whois database maintains Whois data and responds to the requests of WhoisD server only.
The Whois database is built by two high-performance database servers. Data are obtained by advanced replication of the SRS core registration database with a replication interval of 5 minutes.
(9) Bulk-access Whois Database
To reduce the impact of bulk access on the load of core Whois database, CNNIC provides 2 special bulk-access databases. Data are obtained by advanced replication of the SRS core registration database with a replication interval of 5 minutes.
26.2 A Plan for Operating Robust and Reliable Whois
26.2.1 Redundant System Design
To improve reliability, a redundant design is adopted for designing the Whois system architecture including network devices, load balancers, Whois-related servers and databases, so as to ensure there is no single point. In addition, cold-standby servers are provided which are always ready for deployment and service.
Furthermore, both local and remote secondary operation centers adopt the identical Whois system deployment, to ensure that a swift switch can be made when the primary operation center fails.
26.2.2 Whois Data Synchronization
Whois data and bulk-access Whois data are obtained by advanced replication of the SRS core registration database with a replication interval of 5 minutes. Searchable Whois index data are obtained by generating searchable Whois index files through the Whois database, with an update interval of 5 minutes.
26.2.3 Failure Monitoring and Handling
CNNIC has a monitoring system and a special 7*24 team for system operation and maintenance that monitor the Whois system in a real-time manner. Once any abnormity is detected in the Whois system, the monitoring system will promptly notify the system administrator. Once a problem is detected, the 7*24 team will immediately notify the system administrator to handle it.
26.3 Compliance Analysis
26.3.1 Compliance with RFC 3912
Strictly conforming to the Whois protocol defined in the RFC 3912, the Whois system developed by CNNIC supports the function of communication between the client and Whois servers by using TCP connection on Port 43 and, in strict accordance with RFC 3912 Protocol Model, uses ASCII CR and ASCII LF to separate one message from another.
26.3.2 Compliance with Specification 4
(1) The format of Whois command response strictly complies with the format defined in Specification 4 of the Registry Agreement, followed by a blank line and a legal disclaimer.
(2) Each data object is represented as a set of key⁄value pairs, with lines beginning with keys, followed by a colon and a space as delimiters, followed by the value.
(3) For fields where more than one value exists, multiple key⁄value pairs have the same key.
(4) The format of response to queries about domain names, registrars and name servers meets Specification 4 of the Registry Agreement. It includes at least the display fields and formats as specified therein.
(5) The format of the following data fields: domain status, individual and organizational names, address, street, city, state⁄province, postal code, country, telephone and fax numbers, Email addresses, date and time conform to the mappings specified in EPP RFC 5730, RFC 5731, RFC 5732, RFC 5733 and RFC 5734.
(6) Searchable Whois service is provided in accordance with Specification 4 of the Registry Agreement, and measures are taken to prevent abuse of registered data.
26.3.3 Compliance with Specification 10
For Whois (Registration Data Directory Services, RDDS) service level, Specification 10 of the Registry Agreement sets forth the following requirements:
Please see Table 1 in the attachment of Q26_Attachment_Table.
According to CNNICʹs estimation, if the registration volume of ʺ.公司ʺ is around 200,000, WhoisD daily queries will be approximately 210,000 with 7.3 transactions per second at most and the volume of Whois Web queries will be lower than that.
CNNIC has tested its own Whois system and the test results are as follows:
For a million-level aggregate registration volume (no index), 2136 transactions are successfully submitted per second. For a 10-million-level aggregate registration volume (index established), 2010 transactions are successfully submitted per second.
Under normal conditions, one server is capable of undertaking WhoisD service. Considering system redundancy, 4 servers and 1 cold-standby server should be provided and another 4 servers are enough to undertake Whois web service.
Whois bulk access is open only to authorized registrars and third-party users and 4 Whois bulk access servers are provided for this purpose.
In case registration volume increases sharply due to attacks, more back-end servers could be added under load balancers for extension.
So, the availability of service can be kept above 98%.
(2) Query Round-Trip Time (RTT)
The average query RTT is 23.65ms. 95% of queries for WhoisD, Whois Web and Whois bulk access can be finished within 1000ms to meet Specification 10 of the Registry Agreement.
(3) Update Time
The update time of Whois database and Whois bulk access database is 5 minutes to meet Specification 10 of the Registry Agreement.
26.3.4 Laws and Policies on Privacy Protection that Searchable Service must Abide by
188.8.131.52 Registration-related Privacy
As prescribed in Article 4 of Rules on Technical Protective Measures for Internet Security (Directive 82 of the Ministry of Public Security), ʺInternet service providers and Internet application organizations shall establish relevant management systems to ensure that no registration information will be disclosed or leaked without prior consent of the registrant unless otherwise specified by laws and regulations of the state. Internet service providers and users shall use technical protective measures for Internet security in accordance with the law. They shall not use such measures to infringe upon Internet end-usersʹ communication freedom and privacy. The public information network security supervision department of public security organs performs, in accordance with the law, the duty of supervising the implementation of technical protective measures for Internet security. All technical protective measures for Internet security shall meet relevant national standards. Where there is no applicable national standard, they shall meet relevant industrial technical standards on public security.ʺ
In accordance with the above legal provisions, CNNIC requires that each registrar send a notice to holders of newly-registered or renewed domain names, informing them of the following:
(1) The intended use of the applicantʹs personal information to be collected.
(2) The receiver or type of receiver of such information (including the registry and other parties that are to receive such information from the registry).
(3) What information shall be provided and what (if there is any) can be provided on a voluntary basis.
(4) In what way the registered domain name holder can access or modify (if necessary) the stored data concerning them.
Only after the user has confirmed and agreed to the above information can the registrar start to collect registration information from the user. Collection of registration information without the registrantʹs consent will be regarded as infringing upon his⁄her privacy. Information collected will be considered invalid and will not pass the registryʹs review.
184.108.40.206 Query-related Privacy
As prescribed in Section 2, Article 18 of the Implementation Rules for the Provisional Regulations on Management of International Networking of Computer Information Networks of the Peopleʹs Republic of China, Internet users shall be subject to the management of ISPs and abide by their regulations; users shall not access any computer system without permission or alter the information of others; they shall not viciously spread information of others or spread any information in the name of another person via the network; and they shall not infringe upon other peopleʹs privacy.
In compliance with the above provisions, CNNIC will adopt the following measures to control usersʹ behavior in using Whois:
(1) CNNIC will provide searchable services for fuzzy and accurate queries about limited fields that meet the requirements of ICANN. For non-existing domain names, a negative response will be given and no suggestions on related domain names will be provided in any form.
(2) For typical searchable services, users need to pass username and password authentications before accessing the searchable Whois system and they can only make queries about their own information.
(3) Searchable services for all other types of information may be opened to some of the users who have passed authentication. Such users shall inform CNNIC of the purpose of their queries and their contact information. If there is any violation of privacy, such as massively spreading other peopleʹs private information or sending large amounts of junk mail using Whois information, CNNIC will mete out punishment on the infringer in accordance with relevant laws and regulations on privacy protection and if the case is serious enough, it will be reported to relevant judicial organs.
26.4 Resource Allocation
26.4.1 Human Resources
The operation of Whois needs 4 software engineers who are responsible for software optimization and maintenance, and 10 system administrators who are responsible for 7*24 monitoring. Refer to the answer to Question 31.
26.4.2 Software and Hardware
Hardware in the 3 operation centers includes 60 high-performance blade servers and 12 high-performance database servers.
Software includes Whois software, database software, database cluster software and storage management software. WhoisD has 5100 lines of effective codes and 1200 lines of codes related to the stored procedure of the database while 8,670 for searchable Whois and 6,690 for Whois Web. The total work load is 17 man-months. So far development and testing of the software have been completed and the system is now in trial operation.
In addition, customization scope of Whois system software covers Whois system based on Port 43 and Whois Web system, Whois bulk access function and searchable Whois function; meanwhile it satisfies the SLR. Software customization development is carried out according to the initiation of R&D, program plan, outline design, specific design, construction stage, trial stage and issue and summarization procedures. Development procedure is compliant with regulations of Level 3 of Capability Maturity Model Integration (CMMI3).
Refer to the answer to Question 32 for more details about the software and hardware.
Funds for human resources, equipment procurement and maintenance have been put in place. Refer to the answer to Question 46 for the sources and uses of these funds.
Similar gTLD applications: (6)
|gTLD||Full Legal Name||E-mail suffix||z||Detail|
|.网络||Computer Network Information Center of Chinese Academy of Sciences （China Internet Network Information Center）||cnnic.cn||-4.18||Compare|
|.信息||Beijing Tele-info Network Technology Co., Ltd.||tele-info.cn||-3.53||Compare|
|.广州||Guangzhou YU Wei Information Technology Co., Ltd.||zodiac-corp.com||-3.28||Compare|
|.广东||Guangzhou YU Wei Information Technology Co., Ltd.||zodiac-corp.com||-3.28||Compare|
|.深圳||Guangzhou YU Wei Information Technology Co., Ltd.||zodiac-corp.com||-3.28||Compare|
|.佛山||Guangzhou YU Wei Information Technology Co., Ltd.||zodiac-corp.com||-3.28||Compare|