Home / Blogs

Port 43 Failures Continue to Haunt

On February 16, 2012 ICANN took the new step of suspending the Registrar Alantron’s ability to register new names or accept inbound domain transfers. This new compliance tool was used following Alantron’s apparently inadequate response to a breach notice issued November 7, 2011.

The issue in part concerns Alantron’s perpetual problems with Port 43 WHOIS access which is required by the Registrar Accreditation Agreement.

According to the notice, contact on the issue began on September 1, 2011, but may have had an even earlier origin. The 2011 breach notice could have been a cut-and-paste from a 2010 breach notice to Alantron concerning Port 43.

According to our tests Alantron’s Port 43 failed several times in February and has more failures in March. However, Alantron is hardly alone in this boat. Samjung Data Service Co and Open System Ltd received breach notices (since cured) for Port 43 and Best Bulk Register was terminated for it.

ICANN conducted a Port 43 Audit between September 2010 and February 2011 and found 11 Registrars with Port 43 issues, all fixed except the above cited. Unfortunately, periodic audits do not capture the scope of the problem. Port 43 outages can simply be temporary or intermittent but the effects during these periods are truly problematic. Even a brief 24-hour outage can result in thousands of failed queries from legitimate users. Periodic audits must be enhanced with daily testing and regular reporting. Daily testing of all Port 43 has shown some Registrars have outages for days, even weeks in a given month, not necessarily for a prolonged time which catches ICANN’s attention. On a monthly basis we find a dozen or more Registrars with regular outages or inconsistent service.

Before we all step into the great beyond of expanded gTLDs, a persistent contract requirement calls for persistent monitoring. The outcome of Alantron’s case, set for a March 28th deadline, should tell us something of what to expect.

By Garth Bruen, Internet Fraud Analyst and Policy Developer

Filed Under


How hard is it to keep a Phil Howard  –  Mar 7, 2012 8:13 AM

How hard is it to keep a WHOIS server running?  It would seem to me that it would be easier than keeping even a DNS server running.  And that’s not too terribly hard to do.  Have these companies even given excuses?  Not even an attempt at “Sorry, but our WHOIS server administrator has been captured by a bunch of tribal natives during his month long vacation to interior New Guinea”?

Different sources... Garth Bruen  –  Mar 7, 2012 2:13 PM

For some it is a learning curve, they're new to the industry and make a mistake. For others, like Alantron, it's more complex. Many wonder if it is intentional, a long term gaming of the system.

Easy solution: Thick Whois Volker Greimann  –  Mar 9, 2012 10:17 AM

All of this could also be solved by moving the last thin registry to a thick whois model. Once there are no longer any thin whois registries, the need for registrars to provide a secondary whois service beside that of the registry disappears.

Agreed Garth Bruen  –  Mar 9, 2012 2:32 PM

...that's all

>moving the last thin registry to a Charles Christopher  –  Mar 19, 2012 5:26 PM

>moving the last thin registry to a thick whois model Agreed! The article fails to acknowledge a critical problem with running whois servers and in fact argues to INCREASE the problem. Try pounding PIR with whois queries and see what happens. You will get BANNED for some period of time. The same is true for many registrars. And for some it take very few queries to be BANNDED. Most whois queries are bogus, people tend to forget about these "error conditions" and that systems are subjected to queries they were not intented to handle. Queries are made for non-existing domains, domains of other registrars, even domains that are not possible (not currently zoned). For example, there are far too many individuals and organizations that want their own copies of whois records to build whois histories. Thus they OVERLOAD whois servers with requests that are NOT the intent of whois servers. Lets be very clear here, were talking MANY organizations wanting copies of 100 million whois records with as fine temporal resolution as possible. This DESPITE the fact that most whois server make clear such harvesting is forbidden. This is why thick whois servers are metered (IP Blocking). This it why many registrars implement metered whois (IP Blocking). While I've not yet implemented metering on our whois servers, I have INTENTIONALY implemented a VERY LONG delay in the whois response time. This makes downloading our whois records difficult and intentionally "buggy". It's not a perfect or ideal solution, however I feel metering is unacceptable. It's my trade off choice. I feel "WhoWas" is a very important addition to the naming system and have publicly said this for years. I can show you countless examples of COM/NET whois data being out of sync with registry values, which is critical to understand: ONLY the registry can provide true "authoritative" whois values, not a registrar or other third party. Registries should be incentivized to implement the thick whois model. One way to do this is to encourage them to offer paid "WhoWas" service. Perhaps charging $5 to provide complete registration history of a domain name and it's dns values, etc. The value of such data can't be questioned, one need only go to current third party suppliers of such data to see the prices it commands in the market place. Such a service is also IDEAL to track down internet fraudsters, at least compared to having no AUTHORITATIVE whowas data for all time. I also feel privacy whois must be disallowed. And to be clear we to use Privacy Whois, and I'm clearly saying we should NOT be allowed to do so. Once you have privacy whois the whois itself becomes meaningless, may as well just get rid of whois entirely. Make no mistake here, I'm very well aware of the nefarious goings on with whois. And this to is much harder for thick registry whois, and a truely authoritative registry WhoWas. Charles Christopher CIO various ICANN Accredited Registrars

Privacy functions serve a useful and beneficial purpose Volker Greimann  –  Mar 20, 2012 2:27 PM

I disagree with your arguments on whois privacy. Privacy functions serve a useful and beneficial purpose for registrants with a variety of legitimate interest of not having their private and personal information publicly available to any nutjob. Just as any private individual is entitled to a secret telephone number, they should be able to request a hidden whois for their registrations. Private whois is in fact consumer protection. In fact, more and more registries are moving to or have already implemented a model that allows the registrant data to be partially or completely hidden, including many European ccTLDs and gTLDs. As long as the privacy services are regulated and hold to certain rules of service, privacy does not function as a cover for illegal purposes as the data is still available for legitimate requests.

>Private whois is in fact consumer protection. Charles Christopher  –  Mar 20, 2012 5:01 PM

>Private whois is in fact consumer protection. Many I've spoken to have said the same thing. I'll not impose my views on others. However, if privacy it the most important issue, and I agree that most registrars are moving to privacy whois, then such articles as this become meaningless and whois provides little useful info. So a "broken" whois server really means nothing. In fact I tend to pull "whois" info from Internic as it's backend is off the registries database itself. It provides dates and DNS, less names etc. As for my justification of privacy whois, I think through FaceBook, Twitter, etc, many people have totally rejected the very notion of privacy. And that is a huge mistake. In the case of domain names, use of a POB or Lawyer's office easily satisfies "valid" whois with privacy and yet insure the registrant can be contacted. Of course, as a registrar, I see a lot of evil things going on that most are not aware of simply because they don't spend their day's looking at this stuff like I do. And thus we all become the colateral damage of those acts, for example SOPA. Yes it's all a tradeoff. But from where I'm standing I see an ALL TOO STRONG connection between privacy / fake whois, and legistlative actions that are destroying a free internet. Removal of privacy whois is the best answer I've been able to come up with. And cynic that I am regarding these matters, I can see why there would be support for privacy whois ... It's just creates more and more "need" of special interests, and their fees, to come in and help us out with more rules and policies. The snake eating it's tail .... >nutjobs Bring'm on! Good people have many ways of dealing with nut jobs .... Especially when good people FEARLESSLY work together .... FEAR IS NOT AN OPTION! There are many effective ways to deal with nut jobs .....

Fear is not an option? Volker Greimann  –  Mar 20, 2012 5:13 PM

Not sure if I follow you here. You are saying a stalking victim can either no longer own a domain name, or should be prepared to meet their stalker fearlessly? You are saying a dissident should fearlessly face the shooting squad of the dictators police force? You are saying anyone interested in publishing controversial content should fearlessly be prepared to continue any tread in real life when those of opposing views come a-knocking? I much rather give them the opportunity to hide their identity or personal details. I can always remove the privacy function if my customer abuses it...

Please read what I said, and I've Charles Christopher  –  Mar 20, 2012 5:57 PM

Please read what I said, and I've had this discussion over many years: "use of a POB or Lawyer's office easily satisfies "valid" whois with privacy and yet insure the registrant can be contacted." Other than that my answer is: Yes I am saying that. >You are saying a dissident should fearlessly face >the shooting squad of the dictators police force? And if privacy whois solves this problem, it's only because the dictator wasn't much of a dictator not making use of a packet sniffer on their ISP to see where the content is coming from, and who are consuming that content. The dictator needs to hire more competent people ... And in the case of a ccTLD, DNS server logs provide pretty good localization (ISP identification at a minimum) of traffic to sites which can then be zeroed in on via ISP logs ... Assuming you don't just start with the ISP logs to begin with and look at who it generating the DNS queries for the domain(s) being targeted. In fact this is another of my pet peeves of these debates, people ASSuME that there is security (their packets are "private") within the network (ISP and peers). Which is a very foolish assumption. The idea that privacy whois denies governments observability is ridiculous. This is in fact a foundation that makes SOPA possible, the network IS highly observable and lacks privacy. >I can always remove the privacy function if my customer abuses it… Right, you decide. Got it, thank you for making my point. :) I would also point out, since you suggest you to are a registrar, that the $1 to $2 of revenue generated by each registration and renewal event tends to result in the underlying whois being provided when said registrar faces legal costs regarding a given domain name. This is why (if memory serves) GoDaddy's TOS, for example, allows them to charge the registrant $30 when legal issues arise over their registration. Translation: The "Privacy" in Privacy Whois is too often an illusion. What is it that Chris rock said? "A man is only as loyal as his options." Well, I suggest registrars are only as loyal as an individual registrants profitability .... And the case history for this is extensive. So "fearlessly" also includes the idea that the registrant really knows how the system works, when they need it to work as they expect. And that is not the case .... At least if privacy whois is not an option, the illusions are far less because people then KNOW privacy is PURELY their responsibity and not that of a third party ... Whois decides one minute to the next how "abuse" will be defined ....

Actually let me make this even more Charles Christopher  –  Mar 20, 2012 6:01 PM

Actually let me make this even more simple: You are responsible for you. Problems begin the moment people ignore this rule and expect others to be responsible for them, say in the case of whois "privacy". That is what creates the fear, as I we all KNOW others will NEVER be responsible for us.

Sounds like there needs to be a Frank Bulk  –  Mar 10, 2012 7:42 PM

Sounds like there needs to be a great financial incentive to keep it working.  Rather than have ICANN issue fines, discounts could be applied to whatever fees ICANN charges and, with the greatest discount levels to those registrars with not just the greatest “uptime”, but the greatest valid responses.  If the discounts are six digits or more per year, that’s all the incentive needed by registrars to get it right.

Not bad but... Garth Bruen  –  Mar 10, 2012 7:57 PM

I think it requires a level of technical monitoring which ICANN has shown it can't handle. They're not even monitoring at the basic level.

Update Garth Bruen  –  Mar 11, 2012 8:02 PM

ICANN Compliance indicates that 29 Registrars failed Port 43 tests

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet




Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign


Sponsored byVerisign

New TLDs

Sponsored byRadix