26 Whois

Prototypical answer:

26 Whois

All core registry services for .overheidnl will be provided by .overheidnl’s back end provider SIDN. SIDN is the foundation that operates since 1996 the registry for the .nl TLD, the 7th largest TLD in the world with currently approximately 5 million registered domains and the 3th largest ccTLD.

SIDN acknowledges that Whois services are a good and proven way of disseminating information about domain name registrations and are therefore an integral part of the registry services.

SIDN has relevant experience in offering Whois services. The zone file for .NL is not publically accessible in full, a side effect of which is the emergence of a significant strain on the Whois services for .NL. Whois services for .overheidnl will be offered through the same technical infrastructure and based upon similar processes and functionalities as Whois for .NL.

.overheidnl’s Whois will be offered publicly through a website and as a command-line protocol over port 43. Additionally, an ‘IS’ service will be provided for retrieving domain registration statuses. Accredited Registrars also have access to an XML-based Whois (and can retrieve registration information through the EPP interface of the SRS).

.overheidnl will further provide Zone File Access to the public and Bulk Registration Data Access to ICANN entirely in line with the requirements as specified in Specification 4 to the Base Agreement.

26.1 Whois for .overheidnl
The offered Whois service is RFC3912 compliant.

Web-based
The HTML version of the public Whois is accessible through http:⁄⁄whois.nic.overheidnl and is protected by a Captcha mechanism.

Port 43
The output of the Whois service on port 43 is text based (ASCII). Every line is terminated with CRLF as is specified by RFC3912. Besides the standard port-43 Whois, we also support a HTML-based Whois and an XML-based Whois. The Whois data is updated in real-time.

IS function
As many other registries, SIDN offers a service within the Whois, called the ‘IS’ function. This is a domain availability service, which only shows the status of a domain name. This function could be provided by IRIS⁄CRISP⁄DCHK, but those standards are not commonly used or known.

SIDN will comply with new standards if and when they are introduced, for example standards based on the results achieved by the IETF WEIRDS group. Developments in the area of RESTful Whois services are studied and our technical advisors work closely with the IETF (IETF WEIRDS WG) community to get this to a standard. When a standard for RESTful Whois arises, it will be implemented on IPv4 and IPv6.

XML-based
SIDN offers a proprietary XML-based Whois, which is partly based on the IRIS specifications (RFC3982 DREG). This Whois is only available to accredited registrars and shows full registration information. A free client code is offered through Perl CPAN (Net::Whois::SIDN). The data returned is in UTF-8 format, to support international characters.

26.2 Data and Output
The data presented by the public Whois of .overheidnl will be compliant with Specification 4 of the Base Agreement. EPP standards RFC5730-5734 are followed regarding data format rules, ensuring a uniform response over different interfaces.

26.3 Conditions of use
Use of Whois is subject to the ‘Whois Terms and Conditions of Use’, stating the following conditions:

Information is made available through the Whois service for the following purposes:
- To enable technical problems associated with the working of the Internet to be resolved.
- To facilitate the process of applying to register new domain names.
- To help to protect intellectual property rights.
- To help to prevent and combat illegal and harmful Internet content.

A. Information obtained using the Whois service may be used only for the legitimate purposes described above and in accordance with Dutch privacy legislation. Under no circumstances may such information be used or allowed to be used:
1. to facilitate the dissemination of solicited or unsolicited commercial or advertising material, by post, e-mail, telephone or otherwise; or
2. in the context of bulk automated processes that make use of or query any SIDN computer system.

B. Without SIDN’s explicit written permission, information obtained from the Whois service may not be compiled, recorded, duplicated (which here includes stored in an automated retrieval system) and⁄or published by printing, photocopying or any other means.
C. SIDN reserves the right to restrict use of and access to the Whois service in the interest of operational stability.
D. SIDN reserves the right to restrict or block use of and access to the Whois service for any party that contravenes these conditions.
E. SIDN may revise these conditions at any time.

SIDN does not guarantee the accuracy of the information made available via the Whois service. All intellectual property rights and database rights to the Whois database and the register from which that database is derived are held by SIDN.

26.4 Performance specifications
Currently, SIDN operates Whois services for .NL that are well in range of the SLA’s described in Specification 10 of the Base Agreement. Measurements based upon the definitions in this Specification show the following performance for current Whois services:

RDDS availability
- SL SIDN: 99,4% uptime
- SLR Specification 10: 〈= 864 min of downtime (˜ 98%)
RDDS query RTT
- SL SIDN: 〈= 50 ms, for at least 95% of the queries
- SLR Specification 10: 〈= 2000 ms, for at least 95% of the queries
RDDS update time
- SL SIDN: = 5 min for at least 95% of the probes
- SLR Specification 10: 〈= 60 min, for at least 95% of the probes

Performance for Whois services for .overheidnl will be in line with current performances for .NL.
The following measures are taken to prevent abusive use of the Whois service:
- A rate limitation of 20 requests per second per client, with a maximum of 100 requests per second overall is set on the port-43, and XML-based Whois;
- A rate limitation of 20 requests per second per client, with a maximum of 500 requests per second overall is set for the IS function;
- The web-based Whois is protected with a Captcha mechanism.

26.5 Network, infrastructure and management
Whois services are accessible through redundant interfaces. There are multiple instances of the Whois services, located in protected VLAN’s in two geographically dispersed data centres in the Netherlands. These two data centres are mirrored production sites. If one location fails or is unreachable, the other location automatically takes over. Access to the Whois service is separated from the Internet through firewalls and load balancers.

The Whois service will consist of two Java based Application Servers. Two F5 Local-Traffic Managers (LTM’s) will balance the traffic to these two Whois servers. When demand rises to the Whois service, more servers can be added to the service. The LTM will provide a virtual service, to which servers are added or deleted when necessary. A minimum of downtime is ensured for upgrading the Whois service (e.g. due to changing or adding functionality). Traffic shaping is also done by the LTM’s. Two firewalls will deliver a security layer (as a first line of defence) on the Whois service.

See attachment ‘Q26-Whois_Architecture’ for a depiction of the Whois infrastructure.

The F5 LTM’s and the firewalls are shared with services for .NL. This also applies to the IT infrastructure, which provides the interoperability between the two data centres for production and SIDN’s office location as the overall command and control location. The infrastructure provides a transparent Layer 2 over 10Gbps paths over dark fibre between all locations. The highest throughput possible at this moment is 30Gbps.

The infrastructure has two independent uplinks to the Internet. One connection is directly connected to the AMS-IX (SIDN is member of AMS-IX since 1998). The other connection is connected through the BIT network, which is connected to AMS-IX, DE-CIX, LINX and local parties like NL-IX, GN-IX and NDIX.

At the back-end, the Whois servers are connected to the Shared Registry Systems’ database. The Whois servers have a read-only access to the data needed for Whois services in the database. Direct access to the database ensures real-time information provided in answers to Whois requests. More details are provided in the answers to Evaluation Question #32 ‘System and Network Architecture’.

All Whois requests are logged and kept for one week. After this period, statistical data will be extract from the logging, and the logging will be removed from the systems.

Patch management is actively applied to all systems that support registry services. Common practices (like the Security Configuration Guides from NSA) are followed. SIDN is ISO27001 certified, which reflects a high security awareness of the employees. More details are provided in the answers to Evaluation Question #30, Security Policy.

26.6 Zone File Access
As described already above, also zone file access will be provided via the back end services of SIDN.

.overheidnl will offer via the Centralized Zone Data Access Provider its standardized Zone File Access Agreement to grant any interested internet user who provides identification and contact details free access to the Zone Files using a sub format as described in Specification 4 under 2.1.4 of the Standard Master format defined in RFC 1035, Section 5 including all the records present in the actual zone used in the public DNS.
The zone file will be made available via the ICANN specified and managed URL .overheidnl.zda.icann.org. This will be done in conformance with the details under 2.1.3.
The agreement will contain the limitations to the right to use the zone file as specified in 2.1.5 and the right and grounds for the CZDA Provider and Registry Operator to reject access or revoke access as further detailed under 2.1.1. .overheidnl will provide access for a period of 3 months with the possibility of renewal.

.overheidnl will further co-operate and provide reasonable assistance to ICANN and the CZDA Provider to facilitate and maintain the efficient access of zone file data by permitted users and provide bulk access to the zone files to ICANN, or its designee and to Emergency Operators designated by ICANN on a continuous basis in the manner that ICANN may reasonably specify from time to time.


26.7 Bulk Registration Data Access to ICANN
.overheidnl will provide ICANN on a weekly basis (the day to be designated by ICANN) with up-to-date Thin Registration Data as specified in Specification 4 under 3.1.1 and in the format specified under 3.1.2 and make it available as specified under 3.1.3. Data will include data committed as of 00:00:00 UTC on the day previous to the one designated for retrieval by ICANN.

.overheidnl will further in case of a registrar failure, de-accreditation, court order, etc. that prompts the temporary or definitive transfer of the domain names to another registrar, at the request of ICANN, provide ICANN with up-to-date data for the domain names of the losing registrar. The data will be provided in the format specified in Specification 2 for Data Escrow. The file will only contain data related to the domain names of the losing registrar. Registry Operator will provide the data within 2 business days. Unless otherwise agreed by Registry Operator and ICANN, the file will be made available for download by ICANN in the same manner as the data specified in Section 3.1. of Specification 4 to the Base Agreement.

26.8 Resources
SIDN is based in Arnhem, the Netherlands and has a total staff of 73 people employed, most of them entirely dedicated to .nl services. As back end registry operator of .overheidnl SIDN will provide all technical registry services on the basis of the .nl-infrastructure. This infrastructure is maintained by SIDN’s Technical Division that consist of a total staff of 26 under a dedicated manager who is a member of SIDN’s Management Team. The Technical Division is divided into 4 groups: ICT Operations, Software Development, Application Development and a Test Team.

For the services to .overheidnl the main resources will be drawn from the team ICT Operations. This team currently consists of 10 staff responsible for the 24x7 uptime of the .nl registration system including the network infrastructure and the DNS servers. From this team, every week, two persons are on 24x7 duty. Also, two persons are on 10x5 duty to handle regular service requests and the daily maintenance of systems and applications. This team will be extended with at least two new people before the end of this year. ICT Operations manages further an external company that is responsible for the daily maintenance (including monitoring, incident, problem and change management) of the databases.

SIDN therefore has all necessary resources on hand to provide all services described in this answer.

Similar gTLD applications: (2)