26 Whois

Prototypical answer:

gTLDFull Legal NameE-mail suffixDetail
.政府Net-Chinese Co., Ltd.net-chinese.com.twView

A WHOIS service able to handle a sustained and significant load will be set up. The available WHOIS servers will be co-located in the main data centers, on a high availability active⁄active load balanced failover system, and in external sites located with the external DNS servers. New servers can be easily added.

The software will be developed in-house, and will follow RFC and Specifications 4 in registry agreement. This software will be tailored to handle fast searches with the capability of give replies for partial match, exact-match and Boolean search of a domain name.

26-1 Compliance with RFC and Specifications 4 and 10

Table 26-1 (Q26_attachment) shows the TWNIC’s WHOIS service will comply with RFC 3912 and Specification 4 and 10 in Registry Agreement.

TWNIC already provided port 43 and web based WHOIS service s for .TW, .台灣, .台湾 and .KN. Based on the past experience, the availability is 100% since we have provided the port 43 and web based WHOIS services. The average round-trip time 〈 120ms and the update of WHOIS database is in real-time, details performance data please reference Question 34.

26-2 High-Level WHOIS System Description

The WHOIS service supports IDN queries both in U-label and A-label form, the output data in UTF-8 encoding.

We also provide web based WHOIS queries with same output as WHOIS service (port 43). Figure 26-1 (Q26_attachment) showed the output of web based WHOIS.

26-3 Relevant Network Diagram

The WHOIS service has two servers for load balance and to be protected by firewall. The service and database are separated. The second firewall between service and database, WHOIS database is synchronized from SRS database and provide WHOIS server. The network diagram shows in Figure 26-2 (Q26_attachment).

The WHOIS service uses ASUS servers, each with 2 X Quad Core CPU and 16GB of RAM. The existing WHOIS service has 2 servers, and to be designed for future scaled with additional servers when needed.

WHOIS database uses 2 HP servers, each with 48GB RAM and 12T RAID disk.
Cisco Switches and Firewalls are all redundant which can provide high availability.

26-4 IT and Infrastructure Resources

The WHOIS servers will run stripped down versions of Linux, offering whois query service and also to provide secure shell (ssh) remote login management. This approach will make it easy to monitor and maintain the systems, and minimize the damage in case of a security breach or other events caused by system downtime.

The services will use a wide extent of open source software. While statistics shown that open source software has more or less the same amount of security problems as proprietary software, security patches are usually available much faster, often within 24 hours. Security staffs will daily monitor security related web sites for relevant security problems, and apply patches as soon as they are available.

In cases where especially security problems are found and⁄or patches does not seem to become available within a reasonable time, the open source software model will allow the staff to be assigned to write⁄create a patch for assigning our own staff to writing a patch.

All of the systems will be running the ssh service, which utilizes heavily encrypted connections and strong authentication, to provide remote administration capabilities. The ssh service has been the standard secure remote login service for several years, and has no known security problems.

The Firewalls protect the WHOIS data which is sensitive, firewall configure only access from WHOIS servers to WHOIS databases and allow access to WHOIS servers’ TCP port 43 and port 80 from Internet.

The load balancer provides high availability and high performance which can guarantee no single failure point.

26-5 Interconnectivity with Other Registry System

When an update is made by a registrar that impacts WHOIS data, a stored procedure is triggered and sent an update to the WHOIS database.

26-6 Frequency of Synchronization between Servers

Updates from the SRS to WHOIS servers happen in real-time via an Oracle stored procedure.

26-7 Provision for Searchable WHOIS Capabilities

TWNIC will set up a new web-based WHOIS service in accordance with requirements as specified in Specification 4 Section 1.8. The following fields will assist users to search the WHOIS directory such as Domain name, Registrar ID, Contacts and registrant’s name, and Contact and registrant’s postal address, including all the sub-fields described in EPP (e.g., street, city, state or province, etc.). The system will also allow search using non-Latin character sets in UTF-8 encoding or punycode which are compliant with IDNA specification.

26-8 Abuse Prevention

Potential abuses may include mass search or data mining, unauthorized access or attack like Deny of Service.

For mass search, TWNIC has implemented a rule to delay or block the search from an IP address on the WHOIS servers if there are too many queries coming from the same IP address in a short time.

In addition, TWNIC will provide the bulk inquiry service in order to avoid a large number of WHOIS inquiries.

For attack from Internet, TWNIC has setup firewall for WHOIS servers and WHOIS database servers. Possible types of attack and solutions are shown in Table 26-2 (Q26_attachment).

26-9 Resourcing Plans

TWNIC supports all the necessary resources indicated in gTLD Applicant Guidebook and Registry Agreement. The following resources will be provided by TWNIC to support the
.政府 TLD operation (Table 26-3 Resourcing Plans, Q26_attachment).

Similar gTLD applications: (0)

gTLDFull Legal NameE-mail suffixzDetail