User:AppleJoyNeop/WHOIS

此文章翻译中。

  此页面介紹的是a method for checking information about ownership of a domain name。关于an IRC command called WHOIS，请见「List of Internet Relay Chat commands § WHOIS」。

WHOIS (发音是who is) 是一种查询和回应的协议，用于查询储存注册互联网资源的用户或代理的数据库，例如域名、IP地址段，或一个自治系统，但同样用于更多信息的用途。这个协议存储并传输数据库内容以一种人类可读的格式。^[1]WHOIS协议定义在RFC 3912。

历史

当Internet从ARPANET中脱离出来时，只有一个组织DARPA管理所有的域名注册。注册流程建立在RFC 920里。WHOIS在1980年代早期标准化，以用于查询域名、人和其他与域名、数字地址注册有关系的信息。因为那时所有的注册都被一个组织管理，一个中心伺服器被用于WHOIS信息查询。这使得查询这些信息非常简单。

早期的^[何时？]WHOIS服务器开放度很高并允许通配符搜索。一个关于一个人的姓氏的WHOIS查询请求会给出所有用那个姓氏的个人。一个带着关键字的查询请求返回所有包括该关键字的已注册域名。一个查询请求

Early^[何时？] WHOIS servers were highly permissive and would allow wild-card searches. A WHOIS query of a person's last name would yield all individuals with that name. A query with a given keyword returned all registered domains containing that keyword. A query for a given administrative contact returned all domains the administrator was associated with. Since the advent of the commercialized Internet, multiple registrars and unethical spammers, such permissive searching is no longer available.

Responsibility of domain registration remained with DARPA as the ARPANET became the Internet during the 1980s. UUNet began offering domain registration service; however they simply handled the paperwork which they forwarded to the DARPA Network Information Center (NIC). Then the National Science Foundation directed that management of Internet domain registration would be handled by commercial, third-party entities. InterNIC was formed in 1993 under contract with the NSF, consisting of Network Solutions, Inc., General Atomics and AT&T. The General Atomics contract was canceled after several years due to performance issues.

On December 1, 1999, management of the top-level domains (TLDs) com, net, and org was assigned to ICANN. At the time, these TLDs were converted to a thin WHOIS model^{[來源請求]}. Existing WHOIS clients stopped working at that time. A month later, it had self-detecting Common Gateway Interface support so that the same program could operate a web-based WHOIS lookup, and an external TLD table to support multiple WHOIS servers based on the TLD of the request. This eventually became the model of the modern WHOIS client.

By 2005, there were many more generic top-level domains than there had been in the early 1980s. There are also many more country-code top-level domains. This has led to a complex network of domain name registrars and registrar associations, especially as the management of Internet infrastructure has become more internationalized. As such, performing a WHOIS query on a domain requires knowing the correct, authoritative WHOIS server to use. Tools to do WHOIS proxy searches have become common.

In 2004, an IETF committee was formed to create a new standard for looking up information on domain names and network numbers. The current working name for this proposed new standard is Cross Registry Information Service Protocol (CRISP).

The WHOIS protocol

The WHOIS protocol had its origin in the ARPANET NICNAME protocol and was based on the NAME/FINGER Protocol, described in RFC 742 (1977). The NICNAME/WHOIS protocol was first described in RFC 812 in 1982 by Ken Harrenstien and Vic White of the Network Information Center at SRI International.

WHOIS was originally implemented on the Network Control Program (NCP) but found its major use when the TCP/IP suite was standardized across the ARPANET and later the Internet.

The protocol specification is the following (original quote):^[2]

Connect to the service host
   TCP: service port 43 decimal
   NCP: ICP to socket 43 decimal, establishing two 8-bit connections

Send a single "command line", ending with <CRLF>.

Receive information in response to the command line.  The
server closes its connections as soon as the output is
finished.

The command line server query is normally a single name specification. i.e. the name of a resource. However, servers accept a query, consisting of only the question mark (?) to return a description of acceptable command line formats. Substitution or wild-card formats also exist, e.g., appending a full-stop (period) to the query name returns all entries beginning with the query name.

On the modern Internet, WHOIS services are typically communicated using the Transmission Control Protocol (TCP). Servers listen to requests on the well-known port number 43. Clients are simple applications that establish a communications channel to the server, transmit a text record with the name of the resource to be queried and await the response in form of a sequence of text records found in the database. This simplicity of the protocol also permits an application, and a command line interface user, to query a WHOIS server using the Telnet protocol.

Implementation

WHOIS lookups were traditionally performed with a command line interface application, but now many alternative web-based tools exist. WHOIS has a sister protocol called Referral Whois (RWhois).

A WHOIS database consists of a set of text records for each resource. These text records consists of various items of information about the resource itself, and any associated information of assignees, registrants, administrative information, such as creation and expiration dates.

Two data models exist for storing resource information in a WHOIS database, the thick and the thin model.

Thin and thick lookups

WHOIS information can be stored and looked up according to either a thick or a thin data model:

Thick

one WHOIS server stores the complete WHOIS information from all the registrars for the particular set of data (so that one WHOIS server can respond with WHOIS information on all .org domains, for example).

Thin

one WHOIS server stores only the name of the WHOIS server of the registrar of a domain, which in turn has the full details on the data being looked up (such as the .com WHOIS servers, which refer the WHOIS query to the registrar where the domain was registered).

The thick model usually ensures consistent data and slightly faster queries, since only one WHOIS server needs to be contacted. If a registrar goes out of business, a thick registry contains all important information (if the registrant entered correct data, and privacy features were not used to obscure the data) and registration information can be retained. But with a thin registry, the contact information might not be available, and it could be difficult for the rightful registrant to retain control of the domain.^[3]

If a WHOIS client did not understand how to deal with this situation, it would display the full information from the registrar. Unfortunately, the WHOIS protocol has no standard for determining how to distinguish the thin model from the thick model.

Specific details of which records are stored vary among domain name registries. Some top-level domains, including com and net, operate a thin WHOIS, requiring domain registrars to maintain their own customers' data. The other global top-level registries, including org, operate a thick model.^[4] Each country-code top-level registry has its own national rules.

Software

The first applications written for the WHOIS information system were command line interface tools for Unix and Unix-like operating systems.Template:Examples WHOIS client and server software is distributed as free open-source software and binary distributions are included with all Unix-like systems. Various commercial Unix implementations may use a proprietary implementations (for example, Sun Solaris 7).

A WHOIS command line client passes a phrase given as an argument directly to the WHOIS server. However, most modern WHOIS tools implement command line flags or options, such as the -h option to access a specific server host, but default servers are preconfigured. Additional options may allow control of the port number to connect on, displaying additional debugging data, or changing recursion/referral behavior.

Like most TCP/IP client-server applications, a WHOIS client takes the user input and then opens an Internet socket to its destination server. The WHOIS protocol manages the transmission of the query and reception of results.

Web

With the advent of the World Wide Web and especially the loosening up of the Network Solutions monopoly, looking up WHOIS information via the web has become quite common. At present, popular web-based WHOIS-queries may be conducted from ARIN,^[5] RIPE^[6] and APNIC.^[7] Most early web-based WHOIS clients were merely front-ends to a command-line client, where the resulting output just gets displayed on a web page with little, if any, clean-up or formatting.

Nowadays, web based WHOIS clients usually perform the WHOIS queries directly and then format the results for display. Many such clients are proprietary, authored by domain name registrars.

The need for web-based clients came from the fact that command-line WHOIS clients largely existed only in the Unix and large computing worlds. Microsoft Windows and Macintosh computers had no WHOIS clients, so registrars had to find a way to provide access to WHOIS data for potential customers. Many end-users still rely on such clients, even though command line and graphical clients exist now for most home PC platforms.

There are also many sites not owned by registrars or Internet-related companies. These support most of main TLD and remains free. But most of web-based whois sites are incomplete and do not support all TLD nor IP search.^[8]

Some work from a built-in WHOIS server list and some other try to retrieve the one which fits the TLD you ask for from a live Domain Information Groper query (command line clients do this query in background first).

CPAN has several Perl modules available that work with WHOIS servers. Many of them are not current and do not fully function with the current (2005) WHOIS server infrastructure. However, there is still much useful functionality to derive including looking up AS numbers and registrant contacts.^{[來源請求]}

WHOIS servers

Regional Internet registries

WHOIS servers operated by Regional Internet Registries (RIR) can be queried directly to determine the Internet Service Provider responsible for a particular resource.

The records of each of these registries are cross-referenced, so that a query to ARIN for a record which belongs to RIPE will return a place-holder pointing to the RIPE WHOIS server. This lets the WHOIS user making the query know that the detailed information resides on the RIPE server. In addition to the RIRs servers, commercial services exist, such as the Routing Assets Database used by some large networks (e.g., large Internet providers that acquired other ISPs in several RIR areas).

Server discovery

There is currently no standard for determining the responsible WHOIS server for a DNS domain, though a number of methods are in common use for top-level domains (TLDs).

WHOIS lookup at whois.iana.org

The IANA whois server at whois.iana.org provides information on each TLD including the whois server.

C:\Users\User>whois com. whois.iana.org

Whois v1.11 - Domain information lookup utility
Sysinternals - www.sysinternals.com
Copyright (C) 2005-2012 Mark Russinovich

Connecting to whois.iana.org...

domain:       COM

organisation: VeriSign Global Registry Services
address:      12061 Bluemont Way
address:      Reston Virginia 20190
address:      United States

contact:      administrative
name:         Registry Customer Service
organisation: VeriSign Global Registry Services
address:      12061 Bluemont Way
address:      Reston Virginia 20190
address:      United States
phone:        +1 703 925-6999
fax-no:       +1 703 948 3978
e-mail:       [email protected]

contact:      technical
name:         Registry Customer Service
organisation: VeriSign Global Registry Services
address:      12061 Bluemont Way
address:      Reston Virginia 20190
address:      United States
phone:        +1 703 925-6999
fax-no:       +1 703 948 3978
e-mail:       [email protected]

nserver:      A.GTLD-SERVERS.NET 192.5.6.30 2001:503:a83e:0:0:0:2:30
nserver:      B.GTLD-SERVERS.NET 192.33.14.30 2001:503:231d:0:0:0:2:30
nserver:      C.GTLD-SERVERS.NET 192.26.92.30
nserver:      D.GTLD-SERVERS.NET 192.31.80.30
nserver:      E.GTLD-SERVERS.NET 192.12.94.30
nserver:      F.GTLD-SERVERS.NET 192.35.51.30
nserver:      G.GTLD-SERVERS.NET 192.42.93.30
nserver:      H.GTLD-SERVERS.NET 192.54.112.30
nserver:      I.GTLD-SERVERS.NET 192.43.172.30
nserver:      J.GTLD-SERVERS.NET 192.48.79.30
nserver:      K.GTLD-SERVERS.NET 192.52.178.30
nserver:      L.GTLD-SERVERS.NET 192.41.162.30
nserver:      M.GTLD-SERVERS.NET 192.55.83.30
ds-rdata:     30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF
C41A5766

whois:        whois.verisign-grs.com

status:       ACTIVE
remarks:      Registration information: http://www.verisign-grs.com

created:      1985-01-01
changed:      2012-02-15
source:       IANA

Query example

Normally the contact information of the resources assignee is returned. However, some registrars offer private registration, in which case the contact information of the registrar is shown instead.

Some registry operators are wholesalers, meaning that they typically provide domain name services to a large number of retail registrars, who in turn offer them to consumers. For private registration, only the identity of the wholesale registrar may be returned. In this case, the identity of the individual as well as the retail registrar may be hidden.

Below is an example of WHOIS data returned for an individual resource holder. This is the result of a WHOIS query of example.com:

whois example.com

[Querying whois.verisign-grs.com]
[Redirected to whois.iana.org]
[Querying whois.iana.org]
[whois.iana.org]
% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
% This query returned 1 object

domain:       EXAMPLE.COM

organisation: Internet Assigned Numbers Authority

created:      1992-01-01
source:       IANA

Referral Whois

Referral Whois (RWhois) is an extension of the original Whois protocol and service. RWhois extends the concepts of Whois in a scalable, hierarchical fashion, potentially creating a system with a tree-like architecture. Queries are deterministically routed to servers based on hierarchical labels, reducing a query to the primary repository of information.^[9]

Lookups of IP address allocations are often limited to the larger Classless Inter-Domain Routing (CIDR) blocks (e.g., /24, /22, /16), because usually only the regional Internet registries (RIRs) and domain registrars run RWhois or Whois servers, although RWhois is intended to be run by even smaller local Internet registries, to provided more granular information about IP address assignment.

RWhois is intended to replace Whois, providing an organized hierarchy of referral services where one could connect to any RWhois server, request a look-up and be automatically re-directed to the correct server(s). However, while the technical functionality is in place, adoption of the RWhois standard has been weak.

RWhois services are typically communicated using the Transmission Control Protocol (TCP). Servers listen to requests on the well-known port number 4321.

Rwhois was first specified in RFC 1714 in 1994 by Network Solutions,^[9] but the specification was superseded in 1997 by RFC 2167.^[10]

The referral features of RWhois are different than the feature of a Whois server to refer responses to another server, which RWhois also implements.

Criticism

One large criticism of WHOIS is the lack of domain privacy. Currently the Internet Corporation for Assigned Names and Numbers (ICANN) broadly requires that the mailing address, phone number and e-mail address of those owning or administrating a domain name to be made publicly available through the "WHOIS" directories. The registrant's (domain owner's) contact details, such as address and telephone number, are easily accessible to anyone who queries a WHOIS server. However, that policy enables spammers, direct marketers, identity thieves, or other attackers to loot the directory for personal information about these people. Although ICANN has been exploring changing WHOIS to enable greater privacy, there is a lack of consensus among major stakeholders as to what type of change should be made.^[11] Some domain registrars offer private registrations (also known as domain privacy), by which the contact information of the registrar is shown instead of the customer's. with the offer of private registration from many registrars, some of the risk has been mitigated.

Studies have shown that spammers can and do harvest plain-text email addresses from WHOIS servers.^[12] For this reason, some WHOIS servers and websites offering WHOIS queries have implemented rate-limiting systems, such as web-based CAPTCHA.

The WHOIS protocol was not written with an international audience in mind. A WHOIS server and/or client cannot determine the text encoding in effect for the query or the database content. Many servers were originally using US-ASCII and Internationalization concerns weren't taken into consideration until much later.^[13] This might impact the usability or usefulness of the WHOIS protocol in countries outside the USA.^[1] In the case of internationalized domain names it is the responsibility of the client application to perform the translation of the domain name between its native language script and the DNS name in punycode.

Accuracy of information

In cases where the registrant's (Domain Owner) identity is public, anyone can easily confirm the status of a domain via WHOIS.

In the case of private registrations, ascertaining registration information may be more difficult. If a registrant has acquired a domain name and wants to verify that the registrar has indeed completed the registration process, three steps may be required: 1) perform a WHOIS and confirm that the resource is at least registered with ICANN, 2) determine the name of the wholesale registrar, and 3) contact the wholesaler and obtain the name of the retail registrar. This provides some confidence that the retailer actually registered the name. But if the registrar goes out of business, such as the failure of RegisterFly in 2007, the rightful domain holder with privacy-protected registrations may have difficulty retaining domain administration.^[3] The end user of "private registration" can attempt to protect themselves by using a registrar that places customer data in escrow with a third party.

ICANN requires that each domain name registrant be given the opportunity to correct any inaccurate contact data associated with a domain. For this reason, the registrar is required to periodically send the holder the contact information on record for verification.

Even if WHOIS data publicly available, network/registrar companies do not provide any guarantee to the accuracy of information because data which is publicly available is not correct and information need to be verified/authorized by domain registrar(By which domain registration service is provided to registrant) with the same 3 steps mentioned above.

Law and policy

WHOIS has generated policy issues in the United States federal government. As noted above, WHOIS creates a privacy issue which is also tied to free speech and Template:Clarify-span. However, WHOIS is an important tool for law enforcement officers investigating violations like spam and phishing to track down the holders of domain names. Law enforcement officers become frustrated when WHOIS records are invalid. As a result, law enforcement agencies have sought to make WHOIS records both open and verified:^[14]

• The Federal Trade Commission has testified about how inaccurate WHOIS records thwart their investigations.^[15]
• Congressional hearings have been conducted about the importance of WHOIS in 2006, 2002, and 2001.^[16]
• The Fraudulent Online Identity Sanctions Act^[17] "make it a violation of trademark and copyright law if a person knowingly provided, or caused to be provided, materially false contact information in making, maintaining, or renewing the registration of a domain name used in connection with the violation,"^[18] where the latter "violation" refers to a prior violation of trademark or copyright law. The act does not make the submission of false WHOIS data illegal in itself, only if used to shield oneself from prosecution for crimes committed using that domain name.

Standards documents

• RFC 812 – NICNAME/WHOIS (1982, obsolete)
• RFC 954 – NICNAME/WHOIS (1985, obsolete)
• RFC 3912 – WHOIS protocol specification (2004, current)

See also

• Domain name registry
• Regional Internet registry
• Routing Assets Database
• Routing Policy Specification Language
• Shared Whois Project

References

External links

• The Internet Corporation for Assigned Names and Numbers
• The Internet Assigned Numbers Authority
• 开放式目录计划中和AppleJoyNeop/WHOIS相关的内容
• whois – 参考，单一UNIX®规范第7期，由國際開放標準組織发布