Home / Blogs

DNS WHOIS: Barking Up the Wrong Tree

As the Internet has grown and matured, it has become obvious to everyone involved that the DNS Whois system, as it currently exists, is not a sustainable way to share contact information for resolving network problems. ICANN, in an attempt to save DNS Whois, has plunged head long into the process of developing new policies aimed at fixing it. While I respect all of the hard work that has gone into this process, the results thus far have only made it clearer that this system faces intractable problems. ICANN should see DNS Whois for what it is, a relic of a simpler time, and focus instead on the IP address Whois systems, where their efforts might reap meaningful results.

A quagmire of diametrically opposed interests

On the one hand, intellectual property interests make a compelling case for accountability on the Internet. When a crime is being committed, we all have an interest in ensuring that the proper authorities have the tools that they require to investigate and, if necessary, to prosecute. IP interests present that an open, accurate DNS Whois system is the right solution to that problem, and they defend this position with incredible zeal.

For example, in response to the suggestion by privacy advocates that people would be more disposed to provide accurate contact information if better privacy protections existed, the International Trademark Association “queries whether accuracy of Whois data would really improve if access is limited. People who are predisposed to give inaccurate Whois information may well be likely to continue to do so. It may be worth exploring alternative means to ensure accurate data, e.g. imposing penalties for providing false information or rewards for providing verifiably accurate information.”

On the other hand, political speakers on the Internet have a legitimate need to protect their identities. The Internet presently supports a vibrant ecology of political websites and weblogs of every flavor and prejudice. Together they constitute a meaningful discourse on nearly every issue of the day. A large portion of these sites employ WHOIS proxies or publish limited contact information. It is easy, even in the United States, to find examples of individuals who have been the target of violent retaliation because they have expressed their political views.

The Supreme Court of the United States eloquently defended anonymous speech in McIntyre V. Ohio Elections Commission (1995):

“Under our Constitution, anonymous pamphleteering is not a pernicious, fraudulent practice, but an honorable tradition of advocacy and of dissent. Anonymity is a shield from the tyranny of the majority. It thus exemplifies the purpose behind the Bill of Rights, and of the First Amendment in particular: to protect unpopular individuals from retaliation—and their ideas from suppression—at the hand of an intolerant society. The right to remain anonymous may be abused when it shields fraudulent conduct. But political speech by its nature will sometimes have unpalatable consequences, and, in general, our society accords greater weight to the value of free speech than to the dangers of its misuse.”

It is not important, in this context, which side of the debate you fall on. The objective question we must ask ourselves is whether ICANN is properly equipped to balance these interests at all. It’s hard to see a middle ground here. Either information is collected, or it is not. Either the information is made available, or it is not. How does ICANN plan to sort out who is and is not a legitimate consumer of collected contact information in a tiered access system?

These are fundamental questions about freedom of speech and accountability which the governments of all nations struggle with at the highest levels. With very few exceptions, national governments have deliberative processes which are far more mature than those of ICANN, and their sovereignty in such basic questions is far more legitimate. This debate seems a bit outside of ICANN’s jurisdiction.

A way out

Lost in this debate are the purely technical stability, reliability, and security issues that ICANN is responsible for and equipped to address. There is a legitimate need to contact network operators in the event of a technical problem. People have traditionally relied on the DNS Whois system for obtaining this contact information because people tend to think about networks in terms of domain names. However, technical issues are related to Internet traffic, and Internet traffic comes from IP addresses, not domain names. In fact, IP addresses frequently aren’t associated with domain names at all. As the Internet matures the IP address Whois systems are increasingly more valuable for contacting network operators then the DNS Whois system.

Problems you can actually solve

Of course, there are significant problems with the IP address Whois systems. IP address Whois usually doesn’t contain information about networks that have less then 8,192 IPv4 addresses (/19). Also, the data in these systems is often inaccurate or out of date. Unlike similar problems with DNS Whois, improving on this situation seems within the realm of possibility.

In order to address the timeliness and accuracy of DNS Whois data you’ve got to develop an enforcement mechanism that ensures compliance from millions of people, many of whom are private individuals and not businesses. The universe of ISPs is smaller by an order of magnitude or more, and in almost every case ISPs are organizations that can afford to implement compliance processes. This problem is much less complex.

If we were to require that all organizations which provide network service to third parties register in the IP address Whois system (instead of just the medium and large networks) and require that contact information be renewed on a regular basis, we will have made significant progress toward ensuring that every IP address on the Internet can be quickly associated with technical contact information for the network providing service to that address.

Separating legal issues from technical issues

But what about our friends at the International Trademark Association and their accountability interests? It’s important to understand that the intellectual property interests do not have technical concerns. They are interested in content, and whether or not that content is legal.

If ICANN can ensure that every IP address is properly associated with the network that provides service for it, the ITA will be able to contact those network providers when they have a problem with an Internet site (or the DNS registrar if the domain name itself is the problem). These organizations know their customers, because they have to bill them, and often run cables to them. Furthermore, these organizations have ultimate control over the customer’s access to the network. Whether the ITA can get the customer’s personal contact information from the ISP will depend on the rules of the government of the jurisdiction in question.

The United States Government has the right to develop its own rules and regulations for handling these situations and balancing the interests involved. The Government of Canada has the same right. The rules in the United States may differ from the rules in Canada, reflecting the structure and values of each individual society. This is a correct and proper way to handle these problems. The legality of content is a legal question, and it is properly resolved within the domain of national governments, and not within international technical and regulatory standards bodies.

In conclusion

Creating an open DNS Whois system with enforced data accuracy is neither practical, nor is it just. It would prevent democratic governments from developing their own policies that balance the various interests involved in Internet content. Furthermore, as many Internet addresses are not associated with domain names, no DNS Whois system will ever be a comprehensive solution to the problem of accountability. ICANN would be well served to focus its energies on the IP address Whois systems instead, were they can make real progress toward a sustainable solution for Internet management without having to unilaterally resolve fundamental questions about freedom of speech.

By Tom Cross, Director of Security Research

Filed Under


Mike O'Donnell  –  Jul 6, 2004 1:30 PM

We need a lot more thinking in this style. We naturally wish to defend methods that were very agreeable in the good old days. But not all of those methods continue to serve in a much larger and more diverse community. In many cases we can meet the same needs with different mechanisms, particularly when a single system bundles disparate functions, as DNS/Whois do.

The augmented IP/Whois appears to provide important contacts between network admins without many of the social conflicts inherent in DNS/Whois.

Mike O’Donnell

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

New TLDs

Sponsored byRadix

Threat Intelligence

Sponsored byWhoisXML API


Sponsored byDNIB.com


Sponsored byVerisign

Brand Protection

Sponsored byCSC