Back

26 Whois

gTLDFull Legal NameE-mail suffixDetail
.公司Computer Network Information Center of Chinese Academy of Sciences (China Internet Network Information Center)cnnic.cnView
26. Whois

China Internet Network Information Center (CNNIC), based on Request for Comments (RFC) 3912, provides data objects, bulk access, lookups and web-based searchable Whois service which are defined in Specification 4 and which meet the Service Level Requirements (SLR) of Specification 10. Appropriate precaution measures have been taken to prevent abuse of registered data information. CNNIC has made available the human resources, funds and equipment needed for implementing and maintaining Whois service.
  
26.1 Realization of Whois System

The Whois system is used to check the detailed information of registered domain names and whether a particular domain name has been registered. In addition, CNNIC supports searchable Whois service which has a web search function with domain names, registrant names, postal addresses, contact names, registrar IDs and Internet Protocol addresses as key words and which also has the Boolean search function.
  
26.1.1 System Architecture

Please refer to Figure 1 in the attachment of Q26_Attachment_Figure for the details of the architecture of the Whois system.
  
Data in the Whois database is created by advanced replication of the Shared Registration System (SRS) registration database. The Whois system consists of the WhoisD system which is accessible by command lines via Port 43, and the web-based Whois Web system. Whois Web requests are converted into WhoisD requests and the WhoisD system is connected to the Whois database to return query results to the user. The searchable Whois system provides searchable services by accessing Whois database index files. By advanced replication of the SRS registration database, a bulk access Whois database is generated which provides bulk access function for authorized registrars or third-party users.
  
26.1.2 System Functions
  
26.1.2.1 Queries about Domain Names

Registrars and registrants may send requests to the Whois system ʺwhois 实例.公司ʺ to query about a particular domain name. The Whois system will return the following information in accordance with Specification 4 of the Registry Agreement:
  
(1) Information about the domain name, including domain name (U-label, A-label and variant domain name), domain ID, updated date, creation date, registry expiry date and domain status.

(2) Whois server and referral URL.

(3) Information about the sponsoring registrar, including the sponsoring registrar and the sponsoring registrar Internet Assigned Numbers Authority (IANA) ID.

(4) Information about registrants in accordance with Specification 4.

(5) Information about administers in accordance with Specification 4.

(6) Information about the technician in accordance with Specification 4.

(7) Name Server and DNSSEC.

26.1.2.2 Queries about Registrars

Registrars and registrants may send requests to the Whois system whois ʺregistrar Example Registrar, Inc.ʺ to query about a particular registrar. The Whois system will return the following information in accordance with Specification 4 of the Registry Agreement:
  
(1) Information about the registrar in accordance with Specification 4.

(2) Whois server and referral URL.

(3) Information about the admin contact including phone number, fax number and Email.

(4) Information about the technical contact, including phone number, fax number and Email.

26.1.2.3 Queries on Name Servers

Registrars and registrants may send requests to the Whois system whois ʺNS1.EXAMPLE.TLDʺ or whois ʺnameserver (IP Address)ʺ to query about a particular name server. The Whois system will return the following information in accordance with Specification 4 of the Registry Agreement:

(1) Information of the server, including server name and its IP address.

(2) Registrar.

(3) Whois server and referral URL.

26.1.2.4 Internationalized Domain Name (IDN) Support

The Whois system supports two ways of domain name query, i.e., U-label and A-label, and adopts UTF-8 encoding format to enable the Whois system to display information in both English and Chinese. Furthermore, the Whois system also supports displays both of U-label and A-label of the queried domain.
  
26.1.2.5 IP Black List

After connection with a user has been established, if the userʹs IP is found to be in the black list, then the Whois system will immediately terminate the connection.
  
26.1.2.6 Connection Timeout

After a connection is established, if a user does not perform any query operation within a specified time limit (configurable), the system will automatically terminate the connection.
  
26.1.2.7 Restrictions on the Interval of Query Time

For a user whose IP is not in the white list, their interval of query time (configurable) should be restricted to prevent highly frequent queries from hampering the response to other usersʹ queries.
  
26.1.2.8 Searchable Whois Service and Prevention of Information Abuse

Searchable Whois service has the following functions:

(1) For domain names, contacts, registrantʹs name, contact and registrantʹs postal address, including all the sub-fields described in Extensible Provisioning Protocol (EPP) (e.g., street, city, state or province, etc.), partial match capabilities are available.

(2) For registrar ID, name server name and name server IP address, exact match capabilities are available.

(3) Boolean search capabilities are available which meet the search criteria of AND⁄OR⁄NOT for multiple fields.

(4) All query results contain domain name-related information, including domain name, domain ID, updated date, creation date, registry expiry date and domain name status, etc.

CNNIC adopts the following measures to prevent information abuse:

(1) A registrar or registrant may only login the searchable Whois system using their own ID and password, and may only search information related to their own domain names.

(2) If a registrar, registrant or a third-party user wants to search othersʹ information, they need to explain the reasonable purposes, commit to protect privacy and security, and sign an agreement with CNNIC at first.

26.1.2.9 Bulk Access

Whois service provides bulk access capabilities for authorized registrars and third-party users. To reduce the impact of bulk access on the load of core Whois database, the data related to the capabilities are provided by a separate Whois database for bulk access.
  
To guarantee the quality of bulk access service, the Whois system, by identifying the userʹs IP address, provides its service only for authorized registrars and third-party users.
  
26.1.3 System Deployment

Please see Figure 2 in the attachment of Q26_Attachment_Figure.

(1) Internet Access

   CNNIC, via Border Gateway Protocol (BGP), broadcasts service addresses of WhoisD, Whois Web, Whois bulk access and searchable Whois etc.. Users can access Whois service through multiple Internet Service Providers (ISPs).
  
(2) Load Balancer

WhoisD, Whois Web, Whois bulk access and searchable Whois services are all configured in the layer 4 load balancers.
  
(3) Whois Web Servers

   The load balancers directly allocate a Whois Web request to the 4 Whois Web servers which will transfer the request back to the load balancer. The load balancer will then transfer the request to the 4 WhoisD servers. The WhoisD server, by accessing the Whois database, feeds the WhoisD query results back to the Whois Web server, which will then transfer the results to the user through the load balancers.
  
(4) WhoisD Servers

   The load balancers directly distribute WhoisD requests to the 4 WhoisD servers which will, by accessing the Whois database, transfer the query results to the user.
  
   4 high-performance blade servers providing WhoisD service are configured in different blade boxes and subnets.
  
(5) Searchable Whois Servers

   Searchable Whois service requests are distributed to 4 searchable Whois servers which are configured in different blade boxes and subnets.
  
(6) Bulk-access Whois Servers

   Whois servers provide bulk access capabilities for authorized third parties. Four bulk-access Whois servers respond to their query requests. These servers are configured in different blade boxes and subnets.
  
(7) Searchable Whois Index Servers

   Searchable Whois requests are distributed by searching searchable index files through searchable Whois servers. Two high-performance blade servers providing searchable Whois index files are configured in different blade boxes and subnets. Whois index file servers generate index files on a regular basis and the frequency of data update is once every 5 minutes.
  
(8) Whois Database

   The core Whois database maintains Whois data and responds to the requests of WhoisD server only.
  
   The Whois database is built by two high-performance database servers. Data are obtained by advanced replication of the SRS core registration database with a replication interval of 5 minutes.
  
(9) Bulk-access Whois Database

   To reduce the impact of bulk access on the load of core Whois database, CNNIC provides 2 special bulk-access databases. Data are obtained by advanced replication of the SRS core registration database with a replication interval of 5 minutes.
  
26.2 A Plan for Operating Robust and Reliable Whois

26.2.1 Redundant System Design

To improve reliability, a redundant design is adopted for designing the Whois system architecture including network devices, load balancers, Whois-related servers and databases, so as to ensure there is no single point. In addition, cold-standby servers are provided which are always ready for deployment and service.
  
Furthermore, both local and remote secondary operation centers adopt the identical Whois system deployment, to ensure that a swift switch can be made when the primary operation center fails.
  
26.2.2 Whois Data Synchronization

Whois data and bulk-access Whois data are obtained by advanced replication of the SRS core registration database with a replication interval of 5 minutes. Searchable Whois index data are obtained by generating searchable Whois index files through the Whois database, with an update interval of 5 minutes.
  
26.2.3 Failure Monitoring and Handling

CNNIC has a monitoring system and a special 7*24 team for system operation and maintenance that monitor the Whois system in a real-time manner. Once any abnormity is detected in the Whois system, the monitoring system will promptly notify the system administrator. Once a problem is detected, the 7*24 team will immediately notify the system administrator to handle it.
  
26.3 Compliance Analysis

26.3.1 Compliance with RFC 3912

Strictly conforming to the Whois protocol defined in the RFC 3912, the Whois system developed by CNNIC supports the function of communication between the client and Whois servers by using TCP connection on Port 43 and, in strict accordance with RFC 3912 Protocol Model, uses ASCII CR and ASCII LF to separate one message from another.
  
26.3.2 Compliance with Specification 4

(1) The format of Whois command response strictly complies with the format defined in Specification 4 of the Registry Agreement, followed by a blank line and a legal disclaimer.

(2) Each data object is represented as a set of key⁄value pairs, with lines beginning with keys, followed by a colon and a space as delimiters, followed by the value.
  
(3) For fields where more than one value exists, multiple key⁄value pairs have the same key.

(4) The format of response to queries about domain names, registrars and name servers meets Specification 4 of the Registry Agreement. It includes at least the display fields and formats as specified therein.

(5) The format of the following data fields: domain status, individual and organizational names, address, street, city, state⁄province, postal code, country, telephone and fax numbers, Email addresses, date and time conform to the mappings specified in EPP RFC 5730, RFC 5731, RFC 5732, RFC 5733 and RFC 5734.

(6) Searchable Whois service is provided in accordance with Specification 4 of the Registry Agreement, and measures are taken to prevent abuse of registered data.

26.3.3 Compliance with Specification 10

For Whois (Registration Data Directory Services, RDDS) service level, Specification 10 of the Registry Agreement sets forth the following requirements:
  
Please see Table 1 in the attachment of Q26_Attachment_Table.
  
(1) Availability

According to CNNICʹs estimation, if the registration volume of ʺ.公司ʺ is around 200,000, WhoisD daily queries will be approximately 210,000 with 7.3 transactions per second at most and the volume of Whois Web queries will be lower than that.
  
   CNNIC has tested its own Whois system and the test results are as follows:
  
   For a million-level aggregate registration volume (no index), 2136 transactions are successfully submitted per second. For a 10-million-level aggregate registration volume (index established), 2010 transactions are successfully submitted per second.
  
   Under normal conditions, one server is capable of undertaking WhoisD service. Considering system redundancy, 4 servers and 1 cold-standby server should be provided and another 4 servers are enough to undertake Whois web service.
  
   Whois bulk access is open only to authorized registrars and third-party users and 4 Whois bulk access servers are provided for this purpose.
  
   In case registration volume increases sharply due to attacks, more back-end servers could be added under load balancers for extension.
  
   So, the availability of service can be kept above 98%.
  
(2) Query Round-Trip Time (RTT)

   The average query RTT is 23.65ms. 95% of queries for WhoisD, Whois Web and Whois bulk access can be finished within 1000ms to meet Specification 10 of the Registry Agreement.
  
(3) Update Time

   The update time of Whois database and Whois bulk access database is 5 minutes to meet Specification 10 of the Registry Agreement.
  
26.3.4 Laws and Policies on Privacy Protection that Searchable Service must Abide by

26.3.4.1 Registration-related Privacy

As prescribed in Article 4 of Rules on Technical Protective Measures for Internet Security (Directive 82 of the Ministry of Public Security), ʺInternet service providers and Internet application organizations shall establish relevant management systems to ensure that no registration information will be disclosed or leaked without prior consent of the registrant unless otherwise specified by laws and regulations of the state. Internet service providers and users shall use technical protective measures for Internet security in accordance with the law. They shall not use such measures to infringe upon Internet end-usersʹ communication freedom and privacy. The public information network security supervision department of public security organs performs, in accordance with the law, the duty of supervising the implementation of technical protective measures for Internet security. All technical protective measures for Internet security shall meet relevant national standards. Where there is no applicable national standard, they shall meet relevant industrial technical standards on public security.ʺ
  
In accordance with the above legal provisions, CNNIC requires that each registrar send a notice to holders of newly-registered or renewed domain names, informing them of the following:
  
(1) The intended use of the applicantʹs personal information to be collected.

(2) The receiver or type of receiver of such information (including the registry and other parties that are to receive such information from the registry).

(3) What information shall be provided and what (if there is any) can be provided on a voluntary basis.

(4) In what way the registered domain name holder can access or modify (if necessary) the stored data concerning them.

Only after the user has confirmed and agreed to the above information can the registrar start to collect registration information from the user. Collection of registration information without the registrantʹs consent will be regarded as infringing upon his⁄her privacy. Information collected will be considered invalid and will not pass the registryʹs review.
  
26.3.4.2 Query-related Privacy

As prescribed in Section 2, Article 18 of the Implementation Rules for the Provisional Regulations on Management of International Networking of Computer Information Networks of the Peopleʹs Republic of China, Internet users shall be subject to the management of ISPs and abide by their regulations; users shall not access any computer system without permission or alter the information of others; they shall not viciously spread information of others or spread any information in the name of another person via the network; and they shall not infringe upon other peopleʹs privacy.
  
In compliance with the above provisions, CNNIC will adopt the following measures to control usersʹ behavior in using Whois:
  
(1) CNNIC will provide searchable services for fuzzy and accurate queries about limited fields that meet the requirements of ICANN. For non-existing domain names, a negative response will be given and no suggestions on related domain names will be provided in any form.

(2) For typical searchable services, users need to pass username and password authentications before accessing the searchable Whois system and they can only make queries about their own information.

(3) Searchable services for all other types of information may be opened to some of the users who have passed authentication. Such users shall inform CNNIC of the purpose of their queries and their contact information. If there is any violation of privacy, such as massively spreading other peopleʹs private information or sending large amounts of junk mail using Whois information, CNNIC will mete out punishment on the infringer in accordance with relevant laws and regulations on privacy protection and if the case is serious enough, it will be reported to relevant judicial organs.

26.4 Resource Allocation

26.4.1 Human Resources

The operation of Whois needs 4 software engineers who are responsible for software optimization and maintenance, and 10 system administrators who are responsible for 7*24 monitoring. Refer to the answer to Question 31.
  
26.4.2 Software and Hardware

Hardware in the 3 operation centers includes 60 high-performance blade servers and 12 high-performance database servers.
  
Software includes Whois software, database software, database cluster software and storage management software. WhoisD has 5100 lines of effective codes and 1200 lines of codes related to the stored procedure of the database while 8,670 for searchable Whois and 6,690 for Whois Web. The total work load is 17 man-months. So far development and testing of the software have been completed and the system is now in trial operation.
  
In addition, customization scope of Whois system software covers Whois system based on Port 43 and Whois Web system, Whois bulk access function and searchable Whois function; meanwhile it satisfies the SLR. Software customization development is carried out according to the initiation of R&D, program plan, outline design, specific design, construction stage, trial stage and issue and summarization procedures. Development procedure is compliant with regulations of Level 3 of Capability Maturity Model Integration (CMMI3).
  
Refer to the answer to Question 32 for more details about the software and hardware.
  
26.4.3 Funds

Funds for human resources, equipment procurement and maintenance have been put in place. Refer to the answer to Question 46 for the sources and uses of these funds.
gTLDFull Legal NameE-mail suffixDetail
.深圳Guangzhou YU Wei Information Technology Co., Ltd.zodiac-corp.comView
26. Registration data directory services (Whois)

Based on RFC 3912, the applicant provides the ʺ.STRINGʺ TLD with data objects, bulk access, lookups and searchable Registration data directory services (Whois) service which are defined in Specification 4 and which meet the Service Level Requirements (SLR) of Specification 10. Appropriate precaution measures have been taken to prevent abuse of Whois information.

26.1 Realization of Whois System

The Whois system is used to check the detailed information of registered domain names and whether a particular domain name has been registered. In addition, ʺ.STRINGʺ will support searchable Whois service which has a Web search function with domain names, registrant names, postal addresses, contact names, registrar IDs and Internet Protocol addresses as key words and which also supports the Boolean search function.
  
26.1.1 System Architecture

The architecture of the Whois system is illustrated as follows:
  
Please see Figure 1 in the attachment of Q26_Attachment_Figure.
  
Data in the Whois database is created by advanced replication of the Shared Registration System (SRS) registration database. The Whois system consists of the WhoisD system which is accessible by command lines via Port 43, and the Web-based Whois Web system. Whois Web requests are converted into WhoisD requests and the WhoisD system is connected to the Whois database to return query results to the user. The searchable Whois system provides searchable services by accessing Whois database index files. By advanced replication of the SRS registration database, a bulk access Whois database is generated which provides bulk access function for authorized registrars or third-party users.
  
26.1.2 System Functions

By default, the Whois system listens on TCP Port 43, receives and responds to query requests. The system provides WhoisD and Whois Web queries. In general, the Whois system receives 3 types of information queries, i.e., queries about domain names, registrars and name servers.
  
26.1.2.1 Queries about Domain Names

Registrars and registrants may send requests to the Whois system to query about a particular domain name. The Whois system will return the following information in accordance with Specification 4 of the Registry Agreement:
  
26.1.2.2 Queries about Registrars

Registrars and registrants may send requests to the Whois system whois ʺregistrar Example Registrar, Inc.ʺ to query about a particular registrar. The Whois system will return the following information in accordance with Specification 4 of the Registry Agreement:
  
(1) Information about the registrar, including name, street, city, state⁄province, postal cod, country, phone number, fax number and Email.

(2) Whois server and referral URL.

(3) Information about the admin contact, including phone number, fax number and Email.

(4) Information about the technical contact, including phone number, fax number and Email.

26.1.2.3 Queries on Name Servers

Registrars and registrants may send requests to the Whois system whois ʺNS1.EXAMPLE.TLDʺ or whois ʺnameserver (IP Address)ʺ to query about a particular name server. The Whois system will return the following information in accordance with Specification 4 of the Registry Agreement.

26.1.2.4 Internationalized Domain Name (IDN) Support

The Whois system supports two ways of domain name query, i.e., U-label and A-label, and adopts UTF-8 encoding format to enable the Whois system to display information in both English and Chinese. Furthermore, the Whois system also supports displays of U-label, A-label and variant domain names of the queried domain.
  
26.1.2.5 IP Black List

The Whois system supports the IP black list function. After connection with a user has been established, if the userʹs IP is found to be in the black list, then the Whois system will immediately terminate the connection.
  
26.1.2.6 Restriction on the Number of Online Users

Considering the load of the server and the response time of the Whois system, the number of online users is restricted. (The number is configurable.)
  
26.1.2.7 Connection Timeout

After a connection is established, if there is no immediate query, the resource of connection will be occupied and wasted. When there are a lot of such connections, the operation of other users will be hampered. Therefore, the Whois system has a timeout function. If a user does not perform any query operation within a specified time limit (configurable), the system will automatically terminate the connection.
  
26.1.2.8 Restrictions on the Interval of Query Time

For a user whose IP is not in the white list, their interval of query time (configurable) should be restricted to prevent highly frequent queries from hampering the response to other usersʹ queries. If the query time interval is shorter than the configured interval, the Whois system will return the message ʺQueried interval is too short.ʺ and terminate connection.
  
26.1.2.9 Searchable Whois Service and Prevention of Information Abuse

Searchable Whois service has the following functions:

(1) For domain names, contacts, registrantʹs name, contact and registrantʹs postal address, including all the sub-fields described in EPP (e.g., street, city, state or province, etc.), partial match capabilities are available.

(2) For registrar ID, name server name and name server IP address, exact match capabilities are available.

(3) Boolean search capabilities are available which meet the search criteria of AND ⁄OR⁄NOT for multiple fields.

(4) All query results contain domain name-related information, including domain name, domain ID, updated date, creation date, registry expiry date and domain name status, etc.

ʺ.STRINGʺ adopts the following measures to prevent information abuse:

(1) A registrar or registrant may only login the searchable Whois system using their own ID and password, and may only search information related to their own domain names.

(2) If a registrar, registrant or a third-party user wants to search othersʹ information, they need to explain the reasonable purposes, commit to protect privacy and security, and sign an agreement with the applicant at first.

26.1.2.10 Bulk Access

Whois service provides bulk access capabilities for authorized registrars and third-party users. To reduce the impact of bulk access on the load of core Whois database, the data related to the capabilities are provided by a separate Whois database for bulk access.
  
To guarantee the quality of bulk access service, the Whois system, by identifying the userʹs IP address, provides its service only for authorized registrars and third-party users.
  
26.1.3 System Deployment

Please see Figure 2 in the attachment of Q26_Attachment_Figure.

(1) Internet Access

(2) Load Balancer

(3) Whois Web Servers

(4) WhoisD Servers

(5) Searchable Whois Servers

(6) Bulk-access Whois Servers

(7) Searchable Whois Index Servers

(8) Whois Database

(9) Bulk-access Whois Database

The two database servers achieve dual-machine hot standby by adopting the VCS technology. Once a problem is detected on the working database, the standby database will immediately take over the service.
  
26.2 A Plan for Operating Robust and Reliable Whois

26.2.1 Redundant System Design

To improve reliability, redundant design is adopted for the Whois system including network devices, load balancers, Whois-related servers and databases, so as to ensure there is no single point of failure. In addition, cold-standby servers are provided which are always ready for deployment and service.
  
Furthermore, both local and remote secondary operation centers adopt the identical Whois system deployment, to ensure that a swift switch can be made when the primary operation center fails.
  
26.2.2 Whois Data Synchronization

Whois data are obtained by advanced replication of the SRS core registration database with a replication interval of 5 minutes. Bulk-access Whois data are obtained by advanced replication of the SRS core registration database with a replication interval of 5 minutes. Searchable Whois index data are obtained by generating searchable Whois index files through the Whois database, with an update interval of 5 minutes.
  
Whois-related databases of the local secondary operation center are created by replication of the SRS registration database thereof. Because the SRS core registration databases in the primary operation center and the local secondary operation center adopt synchronous replication, their Whois data are basically the same.
  
Whois-related databases of the remote secondary operation center are also created by replication of the SRS registration database thereof. Because the SRS core registration databases in the primary operation center and the remote secondary operation center adopt asynchronous replication, the Whois data of the latter slightly lag behind those of the former.
  
26.2.3 Failure Monitoring

ʺ.STRINGʺ adopts a monitoring system and a special 7*24 team for ʺ.STRINGʺsystem operation and maintenance that monitor the Whois system in a real-time manner. What are monitored include Whois-related CPU, hard disk, memory, service process and ports. Once any abnormity is detected in the Whois system, the monitoring system will promptly notify the system administrator.
  
26.2.4 Failure Handling

The above redundant system design and real-time monitoring effectively ensure the stable and reliable operation of the Whois system. Once a problem is detected, the 7*24 team will immediately notify the system administrator to handle it. If the problem is related to software, it will be removed by Whois system development and maintenance specialists. If it is related to hardware, standby load balancers, Whois-related servers or databases can be used to replace the failing equipment because of sufficient system redundancy. Furthermore, the Whois system of the local and remote secondary operation centers can also provide timely support.
  
26.3 Compliance Analysis

26.3.1 Compliance with RFC 3912

Strictly conforming to the Whois protocol defined in the RFC 3912, the applicant and the Back-End Service Provider have jointly agreed that the Whois system needs to achieve the function of communication between the client and Whois servers by using TCP connection on Port 43 and, in strict accordance with RFC 3912 Protocol Model, uses ASCII CR and ASCII LF to separate one message from another.
  
26.3.2 Compliance with Specification 4

(1) The format of Whois command response strictly complies with the format defined in Specification 4 of the Registry Agreement, followed by a blank line and a legal disclaimer.

(2) Each data object is represented as a set of key⁄value pairs, with lines beginning with keys, followed by a colon and a space as delimiters, followed by the value.
  
(3) Fields where more than one value exists are represented multiple key⁄value pairs with the same key.

(4) The format of response to queries about domain names, registrars and name servers meets Specification 4 of the Registry Agreement. It includes at least the display fields and formats as specified therein.

(5) The format of the following data fields: domain status, individual and organizational names, address, street, city, state⁄province, postal code, country, telephone and fax numbers, Email addresses, date and time conform to the mappings specified in EPP RFC 5730, RFC 5731, RFC 5732, RFC 5733 and RFC 5734.

(6) Searchable Whois service is provided in accordance with Specification 4 of the Registry Agreement, and measures are taken to prevent abuse of Whois information.

26.3.3 Compliance with Specification 10

For Whois (Registration Data Directory Services, RDDS) service level, Specification 10 of the Registry Agreement sets forth the following requirements:
  
Please see Table 1 in the attachment of Q26_Attachment_Table.
  
(1) Availability
The Back-End Service Provider, the applicantʹs entrusted party of technology and operation, has tested the Whois system used by ʺ.STRINGʺ, and the results are as follows:
  
   For a million-level aggregate registration volume (without index), 2136 transactions are successfully submitted per second. For a 10-million-level aggregate registration volume (with index), 2010 transactions are successfully submitted per second.

Under normal conditions, one server is capable of undertaking WhoisD service. Considering system redundancy, 4 servers and 1 cold-standby server should be provided and another 4 servers are enough to undertake Whois web service.  

   Whois bulk access is open only to authorized registrars and third-party users and 4 Whois bulk access servers are provided for this purpose.
  
   In case registration volume increases sharply due to attacks, more back-end servers could be added under load balancers for extension.
  
   So, the Whois system design adopted by ʺ.STRINGʺcan surely guarantee that the availability of Whois service can be kept above 98%.
  
(2) Query Round-Trip Time (RTT)

   The average query RTT is 23.65ms. 95% of queries for WhoisD, Whois Web and Whois bulk access can be finished within 1000ms to meet Specification 10 of the Registry Agreement.
  
(3) Update Time

   The update time of Whois database and Whois bulk access database is 5 minutes to meet Specification 10 of the Registry Agreement.
  
26.3.4 Laws and Policies on Privacy Protection that Searchable Services must Abide by

26.3.4.1 Registration-related Privacy

As prescribed in Article 4 of Rules on Technical Protective Measures for Internet Security of Peopleʹs Republic of China (Directive 82 of the Ministry of Public Security), ʺInternet service providers and Internet application organizations shall establish relevant management systems to ensure that no registration information will be disclosed or leaked without prior consent of the registrant unless otherwise specified by laws and regulations of the state. Internet service providers and users shall use technical protective measures for Internet security in accordance with the law. They shall not use such measures to infringe upon Internet end-usersʹ communication freedom and privacy. The public information network security supervision department of public security organs performs, in accordance with the law, the duty of supervising the implementation of technical protective measures for Internet security. All technical protective measures for Internet security shall meet relevant national standards. Where there is no applicable national standard, they shall meet relevant industrial technical standards on public security.ʺ

26.3.4.2 Query-related Privacy

As prescribed in Section 2, Article 18 of the Implementation Rules for the Provisional Regulations on Management of International Networking of Computer Information Networks of the Peopleʹs Republic of China, Internet users shall be subject to the management of Internet service providers (ISPs) and abide by their regulations; users shall not access any computer system without permission or alter the information of others; they shall not viciously spread information of others or spread any information in the name of another person via the network; and they shall not infringe upon other peopleʹs privacy.

As an entity established and registered in Peopleʹs Republic of China, the applicant must comply with Chinaʹs laws and regulations and policies. Therefore, the applicant will, in compliance with the above legal provisions, take the following measures to regulate usersʹ behavior in using Whois:
  
(1) The applicant provides searchable services for fuzzy and accurate queries about limited fields that meet the requirements of ICANN. For non-existing domain names, a negative response will be given and no suggestions on related domain names will be provided in any form.

(2) For typical searchable services, users need to pass username and password authentications before accessing the searchable Whois system and they can only make queries about their own information.

(3) Searchable services for all other types of information may be opened to some of the users who have passed authentication. Such users shall inform the applicant of the purpose of their queries and their contact information. If there is any violation of privacy, such as massively spreading other peopleʹs private information or sending large amounts of junk mail using Whois information, the applicant will mete out punishment on the infringer in accordance with relevant laws and regulations on privacy protection and if the case is serious enough, it will be reported to relevant judicial organs.

26.4 Resource Allocation

26.4.1 Human Resources

To fulfill the service commitments concerning Whois of ʺ.STRINGʺ, the human resources provided by ʺ.STRINGʺare as follows: ʺ.STRINGʺ TLD registry adopts the human resources that are for ʺBack-End Registry Service Platformʺ use, which equips with 4 software engineers who are responsible for software optimization and maintenance, 6 system administrators who are responsible for 7*24 monitoring of the Whois system; the applicant will designate 2 technical personnel to communicate and coordinate such technical issues with the Back-End Service Provider and supervise the work of the Back-End Service Provider. Refer to the answer to Question 31.
  
26.4.2 Software and Hardware

The Applicant adopts the software and hardware resources that are for ʺBack-End Registry Service Platformʺ use. Hardware and software resources deployed by the Back-End Service Provider are as following:

Hardware in the 3 operation centers includes 60 high-performance blade servers and 12 high-performance database servers.
  
Software includes Whois software, database software, database cluster software and storage management software. WhoisD has 5100 lines of effective codes and 1200 lines of codes related to the stored procedure of the database while 8,670 for searchable Whois and 6,690 for Whois Web. The total work load is 17 man-months. So far development and testing of the software have been completed and the system is now in trial operation.
  
In addition, customization scope of Whois system software covers Whois system based on Port 43 and Whois Web system, Whois bulk access function and searchable Whois function; meanwhile it satisfies the SLA requirements. Software customization development is carried out according to the initiation of R&D, program plan, outline design, specific design, construction stage, trial stage and issue and summarization procedures. Development procedure is compliant with regulations of Level 3 of Capability Maturity Model Integration (CMMI3).
  
Refer to the answer to Question 32 for more details about the software and hardware.
  
26.4.3 Funds

To fulfill the service commitments concerning Whois of ʺ.STRINGʺ, funds for human resources and outsourcing funds of and technical platform have been put in place.Refer to the answer to Question 46 for the sources and uses of these funds; Funds for human resources, equipment procurement and maintenance of the Back-End Service Provider, the applicantʹs entrusted party of technology and operation, have been put in place.