26 Whois

Prototypical answer:

THE RESPONSE FOR THIS QUESTION USES ANGLE BRACKETS (THE “〈” and “〉” CHARACTERS), WHICH ICANN INFORMS US (CASE ID 11027) CANNOT BE PROPERLY RENDERED IN TAS DUE TO SECURITY CONCERNS. HENCE, THE FULL ANSWER TO THIS QUESTION IS ATTACHED AS A PDF FILE dotDurban-q26.pdf , ACCORDING TO SPECIFIC GUIDANCE FROM ICANN UNDER CASE ID 11027.

1 System Description

The ZA Central Registry whois system supports both RFC 3912 port 43
whois and a web based system. The system is designed for high performance
and high availability by ensuring that the system is scalable, redundant and
geographically dispersed. Diagram DNS-DetailedWhoisVM.pdf provides an
overview of the dotDurban TLD initial whois service implementation




1.1 Master Site Implementation

The hardware in use at the master site at startup phase will consist the
following servers:

Port 43 whois servers

HTTP based query servers

Rate limiting servers

Query cache servers

Database servers

The master whois server cluster is replicated onto a co-hosted hot standby
server cluster with incoming queries across the primary server and the
standby server shared.
The system fully complies with the requirements of Specification 4 of the
Registry Agreement.


1.2 Redundant Site Implementation

At the startup phase there will be a single redundant site with an identical
server configuration to the primary site. Queries between the redundant site
and the primary site are shared by means of an anycast address setup.
Additional geographically dispersed redundant sites will be added as whois
query volume demand grows.

2 Synchronisation

Both the port 43 and the Web based whois services are considered critical
infrastructure.
The whois system is replicated synchronously to the onsite standby system
and is up to date to the point of the last transaction.
The whois system is replicated asynchronously to a remote standby site.
Changes are replicated continuously and are well within the limits allowed
by specification 10 of the registry agreement.
Geographical fail-over between the sites is achieved using any-cast IP ad-
dresses such that if one site becomes unreachable whois queries will continue
un-effected.


3 Data Object Specifications

Objects returned by the whois system comply with specification 4 of the
registry agreement. All data returned is in plain text format in key-value
pairs. Additional formats may be provided at a later date as requested by
the community or specified by ICANN.
Sample data returned by the port 43 service for the domain example.durban

Domain Name: example.durban
Domain ID: DOM_1S2XW-DURBAN
WHOIS Server: whois.DURBAN
Referral URL: http:⁄⁄www.durban⁄
Updated Date: 2012-01-22T19:36:00Z
Creation Date: 2012-01-22T19:36:00Z
Registry Expiry Date: 2013-01-22T19:36:00Z
Sponsoring Registrar: EXAMPLE DURBAN REGISTRAR
Sponsoring Registrar IANA ID: 0000
Domain Status: clientTransferProhibited
Registrant ID: coza1buye1494cc2
Registrant Name: EXAMPLE REGISTRANT
Registrant Organization: EXAMPLE ORGANIZATION
Registrant Street: 123 EXAMPLE STREET
Registrant City: ANYTOWN
Registrant State⁄Province: AP
Registrant Postal Code: A1A1A1
Registrant Country: EX
Registrant Phone: +1.5555551212

Registrant Phone Ext: 1234
Registrant Fax: +1.5555551213
Registrant Fax Ext: 4321
Registrant Email: EMAIL@EXAMPLE.TLD
Admin ID: 5372809-ERL
Admin Name: EXAMPLE REGISTRANT ADMINISTRATIVE
Admin Organization: EXAMPLE REGISTRANT ORGANIZATION
Admin Street: 123 EXAMPLE STREET
Admin City: ANYTOWN
Admin State⁄Province: AP
Admin Postal Code: A1A1A1
Admin Country: EX
Admin Phone: +1.5555551212
Admin Phone Ext: 1234
Admin Fax: +1.5555551213
Admin Fax Ext:
Admin Email: EMAIL@EXAMPLE.TLD
Tech ID: 5372811-ERL
Tech Name: EXAMPLE REGISTRAR TECHNICAL
Tech Organization: EXAMPLE REGISTRAR LLC
Tech Street: 123 EXAMPLE STREET
Tech City: ANYTOWN
Tech State⁄Province: AP
Tech Postal Code: A1A1A1
Tech Country: EX
Tech Phone: +1.1235551234
Tech Phone Ext: 1234
Tech Fax: +1.5555551213
Tech Fax Ext: 93
Tech Email: EMAIL@EXAMPLE.TLD
Billing ID: EXAMPLE12345
Billing Name: ACCOUNTS
Billing Organization: EXAMPLE ACCOUNTS
Billing Address: 22 EXAMPLE STREET
Billing City: SOME CITY
Billing State⁄Province:CA
Billing Country⁄Economy:US
Billing Postal Code: 1234
Billing Phone: +1.234567890
Billing FAX: +1.234567890
Billing FAX Ext.:
Billing E-mail: billing@example.com

Name Server: NS01.DURBANRAR.DURBAN

Name Server: NS01.DURBANRAR.DURBAN
=-=-=-=
This WHOIS information is provided for free by the ZA central registry
for .za domain names. This information and the .za WHOIS are:

Copyright ZA Central Registry 2012.

This port 43 whois facility is made available ʺas is,ʺ and we do not
guarantee its accuracy or uninterrupted availability. By submitting a
port 43 whois query, you agree that you will not use this facility to
enable high volume, automated, electronic processes that unduly stress or
load the whois database system. The commercial compilation, repackaging,
dissemination or other use of the data you obtain from this facility
is expressly prohibited without prior written consent from us.

We reserve the right to modify these terms at any time. By submitting
this query, you agree to abide by these terms.


4 Lookups

4.1 Search Capabilities

The RFC 3912 system only allows domain name lookups. The web based
whois tool is a full feature system. Two types of users are catered for:

Unauthenticated users. I.e the average anonymous Internet user.

RFC 5731:- Authenticated Registrars or nominated authenticated users.


4.1.1 Unauthenticated Users

The user may search for domain names only. Information returned is iden-
tical to as returned by the port 43 whois system other than being formatted
for web browsers. Information is returned when the query exactly matches
the domain.
The user may use wild card queries. Eg: examp*.durban. In this case a
list of the matching domains are returned. The user may then click on the
domain to view its details. To prevent data-mining abuse only a subset of
the matches are returned.

4.1.2 Authenticated Users

Authenticated users have access to a full featured system offering partial
match capabilities on at least the following fields:

1. Domain name

2. Registrantʹs name

3. All sub-fields described in EPP (e.g., street, city, state or province,
contact numbers etc.)

4. Registrant and or billing, registrar or other contact ids,

Exact match search will be offered on the following:

1. Registrar id

2. EPP host objects (server names).

3. Glue records (IP addresses)

The system will allow for Boolean combinations of fields using the standard
AND, OR and NOT operators.
Returned results will always include the domain names as per the specifica-
tion. Objects owned by the authenticated user (e.g a registrar querying a
list of their owned domains) will be fully displayed while objects owned by
other registrars will honour any 〈contact:disclose〉 settings.
The level of information displayed for non owned objects will be adjusted
from time to time as per industry and ICANN recommended best practice
as determined by the dotDurban Policy Oversight Committee


4.2 Abuse Prevention

Unauthenticated users are controlled by a rate limiting system to prevent
wholesale mining of the whois database.
Authenticated users will also be limited but to a much lesser degree. All
matching objects owned by the requester will be returned in a search. A
limited subset of matching objects will be returned when the objects are
NOT owned by the requester.
Two aspects of abuse prevention are covered by the rate limiting system.

IP Address:- - Abuse originating from a single IP address or range of IP
addresses will be limited by a Token Bucket algorithm separate to
other mechanisms but having the highest priority.

Domain Name:- - Abuse on a single domain name will have an isolated
limitation based on the algorithm above to prevent multiple sources
querying the same name. This prevents denial of service issues when
a domain name is due for deletion and multiple source continuously
query the domain to check for availability.

If a user exceeds the limits imposed by the token bucket system on the web
based whois system the user is then required to enter a CAPTCHA test to
continue using the system.
dotDurban undertakes to add additional measures if it becomes apparent
that large amounts of information are being retrieved by any single entity.


5 RFC 3912 Compliance

The implementation conforms with the requirements of RFC 3912 (WHOIS
Protocol Specification)
A whois query to the system connects to TCP port 43 on the public WHOIS
server. A single domain name is sent with the line terminated by a carriage
return and a new line. The server responds with the result of the whois
query in plain ASCII.
Since RFC 3912 does not specify any details for internationalisation, the
whois service of the dotDurban TLD will provide ASCII character set data.
This implies that where EPP contact addresses exist of both local and in-
ternational types, the International version will be returned.
RFC 5733 disclosure settings are honoured when returning information.
For example

〈contact:disclose flag=ʺ0ʺ〉
〈contact:email⁄〉
〈contact:voice⁄〉
〈⁄contact:disclose〉

will prevent the registrantʹs email or contact number from being displayed
in the whois query.

6 Resourcing Requirements

The dotDurban TLD development, deployment and operational responsibil-
ities for the above will be staffed by members of the ZA Central Registry.

Technical Manager:- - 1 staff member responsible for all technical related
issues including keeping up to date with international standards and
best practises.

System Administration:- - 2 staff members responsible for the day to
day system administration, network administration and system mon-
itoring.


7 Bulk Access

Bulk access here is defined as a full copy of the whois database.
Bulk access of objects in the Whois service will only be provided to ICANN
or their appointed agents in accordance with the specifications 4 and 10 of
the ICANN Registry Agreement.

Similar gTLD applications: (3)