26 Whois

Prototypical answer:

A high-level Whois system description;

There are two interfaces for public access to Whois service. One is from the web panel. Another one is via command line. Both interfaces are geographically located in two different sites for failover support. The web panel currently has 4 servers in each site with three tiers of web, application and database. The command line interface has one server in each site. Web panel can be accessed through SSL with 443 port and command line interface can be accessed through 43 port. They directly access the database through JDBC driver. The Whois system is developed by Java programming language running in J2ee server with JDK 1.6 version.

Relevant network diagram(s);

Please refer to Appendix Q26-A DNRS2 whois architecture v1.pdf

Whois: describe
- how the applicant will comply with Whois specifications for data objects, bulk access, and lookups as defined in Specifications 4 and 10 to the Registry Agreement
- how the Applicantʹs Whois service comply with RFC 3912;

The .MTR TLD will have the following Whois services through web panel and command line which is the same as what our registry operator is currently supporting to customers of .HK domain names.

To comply with specification 4, 10 and RFC3912 in registry agreement, our Whois service can currently support domain name enquiry for all domain name registered under the TLD. For the registrar contact data and name server data and searchable Whois, HKIRC will provide these features for the .MTR TLD by enhancing the current Whois function. Below is our current format of Whois result template and upcoming design for registrar contact and name server search and searchable Whois criteria.

Whois result template
1) Web (Please refer to attachment Q26-D WHOIS web result)
– Query registrar data result template (under design stage)

Registrar Name: Example Registrar, Inc.
Street: 1234 Admiralty Way
City: Marina del Rey
State⁄Province: CA
Postal Code: 90292
Country: US
Phone Number: +1.3105551212
Fax Number: +1.3105551213
NEW GTLD AGREEMENT SPECIFICATIONS
Email: registrar@example.tld
WHOIS Server: Whois.example-registrar.tld
Referral URL: http:⁄⁄www. example-registrar.tld
Admin Contact: Joe Registrar
Phone Number: +1.3105551213
Fax Number: +1.3105551213
Email: joeregistrar@example-registrar.tld
Admin Contact: Jane Registrar
Phone Number: +1.3105551214
Fax Number: +1.3105551213
Email: janeregistrar@example-registrar.tld
Technical Contact: John Geek
Phone Number: +1.3105551215
Fax Number: +1.3105551216
Email: johngeek@example-registrar.tld
〉〉〉 Last update of WHOIS database: 2009-05-29T20:15:00Z 〈〈〈



- Query Nameserver data (under design stage)

Server Name: NS1.EXAMPLE.TLD
IP Address: 192.0.2.123
IP Address: 2001:0DB8::1
Registrar: Example Registrar, Inc.
WHOIS Server: Whois.example-registrar.tld
Referral URL: http:⁄⁄www. example-registrar.tld
〉〉〉 Last update of WHOIS database: 2009-05-29T20:15:00Z 〈〈〈

- Searchable Web-based Whois (under design stage)
Criteria allowed
- Domain name
- Contacts
- Registrant’s name
- Registrant’s Contact
- Registrant’s postal address, including all the sub-fields described in EPP (e.g., street, city, state or province, etc.).



2) Command Line Whois for bulk access (Please refer to attachment Q26-E Command Line Whois for bulk access)


3) Whois protocol (Complied with RFC3912)

Our Whois server: Whois.hkirc.hk
Port:43
Format on request and reply: TEXT, Contain more than one line of Text
Terminated with ASCII CR and ASCII LF
TCP Connection close when output is finished and client can receive the request

client server at Whois.hkirc.hk
open TCP ----- (SYN) ------------------------------〉
〈---- (SYN+ACK) -------------------------
send query ---- ʺSmith〈CR〉〈LF〉ʺ --------------------〉
get answer 〈---- ʺInfo about Smith〈CR〉〈LF〉ʺ ---------
〈---- ʺMore info about Smith〈CR〉〈LF〉ʺ ----
close 〈---- (FIN) ------------------------------
----- (FIN) -----------------------------〉

The Whois user guide is provided as Attachment Q26-B for reference.

resourcing plans for the initial implementation of, and ongoing maintenance for, this aspect of the criteria (number and description of personnel roles allocated to this area).

HKIRC will provide resources for the initial implementation of the systems, as well as the long term operation of the systems. These resource are already available as part of the Technical Team who is operating the .hk and .香港 domain.

In order to support .MTR from the point of view of initial implementation and continuous technical operation, we propose the following teams:

Initial implementation:

IT Project Manager x 1, responsible for project planning and co-ordination.
System Engineer x 2, responsible for initial project setup, system implementation and carrying out System Acceptance Test
Database Administrator x 1, initial project setup and system implementation and carrying out System Acceptance Test
Analyst Programmer x 1, will be responsible for initial system development and implementation.

Technical Operation Team:

IT Manager x 1
IT Project Manager x 1
System Engineer x 1
Database Administrator x 1

The Technical Operation Team will carry out day to day operation of the .MTR domain with typical duty including:

One IT Manager
- Who will be responsible for the overall operation of the Technical Department
- Direct the team to implement the policy, security review, audit and management processes and cycles.
- Report the status of the IT operation to the senior management

IT Project Manager:

- Lead a team of IT Specialists to manage systems and networks services
- Provide lead in technical as well as management for System & Network Team
- Ensure the team is properly skilled for the work on hand and future, through training and other mean
- Ensure the System & Network Team are properly staff for the work on hand and future
- Establish policies, guidelines and procedures for system management, system administration and operations, as well as system security.
- Regular review and update of policies, guidelines and procedures for system management, system administration and operations, as well as system security
- Ensure all users and team member are award of the above policies, guidelines and procedures for system management, system administration and operations, as well as system security.
- Ensure all member of team perform all operation according to the above policies, guidelines and procedures
- Undertake IT process review and re-engineering, service and system quality assurance, information security evaluation and risk assessment within the organization in-house and with vendors.
- Manage system⁄security projects including vendor⁄product evaluation and implementation
- Perform system and security configuration checking and documentation on various systems.
- Perform system and application vulnerability scanning and compliance testing
- Foster information security awareness within the organization
- Perform day-to-day security operations

System Engineer⁄Database Administrator:

- Perform daily system monitoring and operation tasks, assist system administration, planning and technology evolution
- Service⁄Server Performance Monitoring
- Carry out regular maintenance on system to ensure proper and efficient operation. These may include;
SSL Certificate Renewal
Regular data backup
Patch review and up-keep for all database
Database Security implementation based on the companyʹs Security Guidelines & Policy
- Carry out daily system health checks including;
Network traffic monitoring
DNS health checks
System loading check
Email health check, Public Blacklist check
Anti-virus update checks
Database System loading check
Backup system health check
Service Alert check
- Roster duty for non-office hour technical support
- Undertake system and network infrastructure enhancements in-house and with outsourced vendors
- Conduct system implementation, system testing and user acceptance testing
- Set up and conduct proof-of-concept testing and evaluation on test-beds for assessing new technology, technical standards and products
- Maintain documentation and develop reports for system implementation and infrastructure changes

All our staff has also qualified with varies certifications. These included:

- ITIL v3 Foundation
- Certified Information Systems Security Professional (CISSP)
- Certify Ethical Hacker (CEH)
- VMware Certify Professional (VCP)
- Sun Certified System Administrator (SCSA)
- Sun Certified Network Administrator (SCNA)
- Oracle Certify Professional (OCP)
- Cisco Certify Network Associate (CCNA)
- Cisco Certify Network Professional (CCNP)
- Checkpoint Certified Security Expert (CCSE)

HKIRC will utilise existing staffing so to leverage the in house expertise in the field of Internet and Domain Name registration. The current IT Operation team consists of experience project manager (more 20 years in the IT field and more than 15 years in the UNIX and Networking) and engineers (with at least 5 to 7 years in IT field, of which at least 5 or more years in UNIX, networking and database field).

HKIRC is currently providing a 24x7, all year round support and monitoring service for the .hk and . 香港 domain SRS system, either through the own staff or through external party (NOC). The systems and services are monitoring through an industry standard Infrastructure Monitoring system (Nagios and Cacti for performance monitoring), as well as custom monitoring system for specify function, e.g. VIP DIG check, GENZONE and Zone transfer alert etc. All the staff are on roster duty to provide 24x7 technical support hotline service.

The WHOIS server program will be setup and maintained by the analyst programmer.
The server daily operation will be responsible by the system engineers.

Description of interconnectivity with other registry systems:

The Whois server is interconnected to the registry database in real time, so that the server can provide real time Whois information.

Frequency of synchronization between servers:

The Whois service can access to the registry database in real time, so that the server can provide real time Whois information. The Whois servers at both sites access to the primary site’s database, but in case there is any failure in primary site, both sites can have their database connection switched to secondary site.

The data is regularly synchronised from primary site to secondary site in approximate real time by proprietary synchronisation software.

Provision for Searchable Whois capabilities:

Currently, HKIRC has no searchable Whois function but they are now planning to provide that for .MTR by enhancing the current Whois function. The estimated time will be around 5 man-days by employing 1 developer.


A description of potential forms of abuse of this feature, how these risks will be mitigated, and the basis for these descriptions:

HKIRC have adopted two measurements by using both technical and operational procedure against the Whois service abuse. Technically, the system will detect if there is any single IP accessing Whois service for more than certain limit a day (e.g. 1000), HKIRC will temporarily block them from further access and auto release it on the next day. Usually, the service partners or registrars will not use more than this limit but they can request for more quota upon the approval from HKIRC. The advantage of this is to avoid the flooding request to cause service outage by attackers or WHOIS farming from malicious users.

Another operational procedure includes regular review of Whois server logs for abnormal enquiry pattern and alerting the staff to take necessary action. The IP will be blacklisted in case suspicious IP is found.

With the web-based WHOIS, “CAPTCHA” is also used to ensure that a human user rather than a “pharming program” is using it.

To comply with Hong Kong personal data (Privacy) ordinance for Whois data disclosure, we take the following precaution

• Only disclose the necessary information for public in relation to the dispute purpose to protect public from domain registered in bad faith
• The personal data displayed in Whois is confined to contact information such as address, phone, fax, email, and complied with “Inventory of WHOIS Service Requirements - Final Report” for the Whois data requirement.

WHOIS data refers to the registration data that registrants provide and registrars or registries disclose.
The Registrar Accreditation Agreement (RAA 3.3.1) specifies the following data elements that must be
provided by registrars in response to a query:

3.3.1.1 The Registered Name;
3.3.1.2 The names of the primary nameserver and secondary nameserver(s) for the Registered Name;
3.3.1.3 The identity of Registrar (which may be provided through Registrarʹs website);
3.3.1.4 The original creation date of the registration;
3.3.1.5 The expiration date of the registration;
3.3.1.6 The name and postal address of the Registered Name Holder;
3.3.1.7 The name, postal address, e-mail address, voice telephone number, and (where available) fax
number of the technical contact for the Registered Name; and 3.3.1.8 The name, postal address, e-mail address, voice telephone number, and (where available) fax
number of the administrative contact for the Registered Name.

For details, please check “Q26_Inventory of WHOIS Service Requirements - Final Report.pdf” in the Appendix


• Domain owner can choose not to disclose the contact by unregister the domain.

Attachments
Q26-A WHOIS server diagram

Q26-B User Guide v1.0.pdf

Q26-C Inventory of WHOIS Service Requirements - Final Report.pdf

Q26-D DNRS2 whois architecture v1.pdf

Q26-E Example of Command Line WHOIS

Similar gTLD applications: (0)