Home / Blogs

Who is Blocking WHOIS?

On April 16 ICANN issued a breach notice to Turkish Registrar Alantron for not consistently providing access to its WHOIS database via Port 43, a command-line query location that all Registrars are required to supply under conditions of their contract with ICANN under section 3.3.1. Four days later they issued a breach to Internet Group do Brazil for the same problem. WHOIS is a critical resource that makes the Internet function the way it is expected to. It is also at tool of consumer trust and investigation. Without Port 43 access ICANN’s WDPRS compliance system does not work. The WHOIS record, as we all know, is a massive fraud with illicit parties filling records with bogus information and hiding behind anonymity. Fake WHOIS records are typically initiated by the registrant and only technically become the Registrar’s problem after a complaint is filed. The issue of blocking access to the WHOIS record is strictly the province of the Registrar.

Coincidentally, while parties unknown to us filed complaints against Alantron and Internet Group do Brazil, KnujOn was conducting its own far-reaching audit of Port 43. For a period 71 days KnujOn tested the Port 43 WHOIS accessibility of each unique Registrar, we did not test multiple accreditations held by the same companies and only tested once per day to avoid being blacklisted. We also tested at different times of the day each time to avoid possible regular maintenance periods and discarded results if the Registrar’s service only failed once in during the study period. The full results, and ongoing testing of Port 43 access, are posted at http://www.knujon.com/whoisblockingwhois.html

In addition to testing access, we also tested how easy it was to find the Port 43 location of each Registrar. In most cases the Port 43 is logically located at WHOIS.[REGISTRARDOMAIN].[TLD], for example “whois.networksolutions.com” for NetworkSolutions. Sometimes it is located at a different domain as in the case of Xin Net, the Port 43 is hosted at whois.paycenter.com.cn. In most cases we were able to find alternate Registrar WHOIS locations easily but for scores of them we had to ask the Registrar. A handful quickly responded with the correct location, but most never responded, and in a few cases our email was rejected from the ICANN-listed Registrar contact email. A small minority wanted to know why we were asking, but we logged this as non-response since the RAA does allow for Registrar discrimination in the access to WHOIS.

Marcaria.com International, Inc. was the worst, their Port 43 WHOIS worked at beginning of test period and stopped responding on March 30 for a total of 14 successful days out of 71. That Darn Name, Inc., which became intrustdomains.com during the test period, had serious regular outages only responding a total of 38 days, slightly more than a 50% success rate. South America Domains Ltd. dba namefrog.com also started off OK but ceased responding after 46 days on May 10.

OnlineNIC had the worst record in terms of consistency, failing 25 times, intermittently during the study period making their reliability about 65%. OnLineNic was in fact worse during the study period than Alantron. In addition to OnlineNIC being worse than Alantron during this period, World Biz Domains had the exact same Port 43 record responding only 79% of the time.

Netfirms, Inc. failed 12 times, Freeparking Domain Registrars, Inc. 9 times. Good Luck Internet Services, Hebei Guoji Maoyi, Jetpack Domains, Inc., United Domain Registry, Inc. all failed on 8 days. NetraCorp LLC ,NamesBeyond7, and Web Commerce Communications failed 7 times. GKG.NET, INC. and Netpia.com, Inc. failed 4 times. 3 failures for Paknic. Advanced Internet Technologies, Inc., Galcomm, Inc. Guangzhou Ming Yang, Internet Invest, Moniker, Nordreg AB, Visesh Infotecnics Ltd., SiteName Ltd. and Regtime all filed twice.

All Internet companies have technical issues. Even Google and Microsoft do. Much more troubling were the 57 Registrars who would not disclose their Port 43 location to us: 21Company, Hu Yi Global, Abansys, 1st Antagus Internet, AOL LLC, Aruba SpA, Aust Domains, Brights Consulting, chinagov.cn, China Springboard, Cronon AG Berlin, AllGlobalNames, VocalSpace, Digitrad France, Samjung Data Service, Netdorm, French Connexion, Domain Jamboree, Spirit Telecom, Domain Monkeys, Webagentur.at, DomainRegistry.com Inc, DomainSpa, Ledl.net, DotArai, Gee Whiz Domains, Hetzner Online, Digirati Informatica, Hostway Services, ID Genesis, Instra Corporation, Interdomain, Intermedia.NET, InterNetworX Ltd, Internet Solutions, FBS Inc, iWelt AG, Key-Systems, Launchpad, Inc, Advantage Interactive, Add2Net Inc, Planete Marseille, Melbourne IT DBS, M. G. Infocom, Nameshield, New Great Domains, GMO Internet, Porting Access, AB RIKTAD, Sedo.com, Simply Named, Domain Services Rotterdam BV, UK2 Group, HooYoo (US), Verelink, Web Business, and Xiamen ChinaSource.

Our emails to Internet Group do Brasil and Black Ice Domains, Inc. were rejected. For each we used the contact email located in the ICANN Registrar directory. Secura GmbH would not disclose the Port 43 location and asked us why we wanted to know. Humeia Corporation would not disclose the Port 43 location and told us to use the InterNIC WHOIS lookup. Domainfactory GmbH said they were not an ICANN-accredited Registrar and thus not required to have a public WHOIS. However they are listed as an accredited Registrar by ICANN and sell gTLD domains on their website. We are requesting ICANN clarification on this issue.

All of this information has been forwarded to ICANN compliance and we hope it can be resolved quickly. This is merely one section of a much large report we will be publishing soon.

By Garth Bruen, Internet Fraud Analyst and Policy Developer

Filed Under

Comments

GMO Internet Garth Bruen  –  Jun 15, 2010 2:09 AM

We received an email from GMO Internet with the correct Port 43 address. Thanks!

Humeia Garth Bruen  –  Jul 12, 2010 4:06 PM

On July 8, 2010 Humeia contacted us with the correct Port 43 Location: comnet-whois.humeia.com

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Cybersecurity

Sponsored byVerisign

DNS

Sponsored byDNIB.com

New TLDs

Sponsored byRadix

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global