Registrar and registry backend processes.
I think, briefly, that we need to force Verisign and the registrars to be FAR more public about the backend process for WHOIS data and for the TLD zone data. Especially with .com, .net, and probably .org, and this latest failure of 'the system' and the obvious lack of information on 'the system.' It's clearly broken, and needs to be put up for public review by 'the powers that be' so that it can be fixed. What's happening now feels close to a boiler room poker game, noone seems to know all the players, and even fewer know all the rules, so in the end everyone is a loser. I know this is adding fuel to the proverbial fire, but apparently we need to burn out this thing so we don't get scorched by yet another unexpected fire.
[second posting attempt, apologies if the first identical post ever arrives] On Mon, 17 Jan 2005 15:47:50 -0700, Michael Loftis <mloftis@wgops.com> wrote:
It's clearly broken, and needs to be put up for public review by 'the powers that be' so that it can be fixed. What's happening now feels close to a boiler room poker game, noone seems to know all the players, and even fewer know all the rules, so in the end everyone is a loser.
i suspect part of the reason for it feeling this way is because of the large amounts of money that are made specifically off of the .com and the .net registries. ~$1.2 _billion_ for .com and ~$30 million for .net annually (numbers from the following article). for what? the actual costs involved in administering these databases can't be anywhere near the revenue generated. the public is being bled for the greed of a few (as usual), imho. anyhow, it also makes me wonder about the motivations behind this incident coming so close to the application deadline for administration of the .net registry ($30 million/year x 6 years minimum = $180,000,000). i dislike conspiracy theories but i'm also a realpolitiker. david -- P.S. can anyone comment on the reputations of the .net registry administration contenders (no need to comment on verisign)? VeriSign Has Challengers to Run .Net, the Domain By ELIZABETH OLSON The New York Times Published: January 17, 2005 WASHINGTON, Jan. 16 - As long as the Internet runs smoothly, few people think too much about its workings. But later this month, the system's underpinnings will become a topic of debate when rival companies publicly bid to run .net, one of the Internet's most popular domains. This will be the first time that VeriSign's .net franchise will be challenged. While .net is not as ubiquitous as .com, it has more than five million registered domain names, which translates daily into millions of page views, 155 billion e-mail messages and some $1.4 million in commercial transactions, according to VeriSign, the company in Mountain View, Calif., that manages .com, as well as .net. About 40 percent of government domains allow access through .net, including the White House, the United States Senate, Homeland Security agencies and the Social Security Administration, making it a vital Internet transportation layer, said Tom Galvin, a spokesman for VeriSign. So far, at least three companies in addition to VeriSign have indicated that they plan to vie for the franchise, which expires June 30. They are NeuStar, a Sterling, Va., company that runs .biz, and Afilias, which manages .info. A nonprofit firm in Frankfurt, Denic eG, which manages Germany's eight million registered .de domain names, has also indicated that it is planning to bid. Selecting the domain manager is the job of the Internet Corporation for Assigned Names and Numbers. But Icann finds itself in a ticklish position because it has publicly clashed with VeriSign over the company's proposed Site Finder service, which would redirect queries from inactive or defunct Web addresses to a search engine supported by advertisers signed up by VeriSign. When Icann concluded that was an unacceptable diversion and refused to allow the service, VeriSign accused the group of overstepping its role and filed a lawsuit. The initial case was filed in federal court but set aside, and VeriSign refiled it in California state court, where it is pending. To avoid "any perception of bias because of the litigation," Icann has decided to appoint an independent body to evaluate the applications, which are due Tuesday, said Icann's chief operating officer, Paul D. Twomey. A .net administrator is to be selected three months before VeriSign's contract expires. "We are on record that the operator could be the present one," said Mr. Twomey. The important point, he emphasized, is that the .net operator must have the technical capacity and the security safeguards to keep the domain up and running smoothly. The bidding process is also a sort of dress rehearsal for about 10 new domain names that are to be introduced and put up for bidding, he said. They include .jobs, .travel, .post and .mobi (for mobile phone content). If VeriSign loses, it would not be the first Internet registry switch. In early 2003, VeriSign, as part of its deal to keep control of .com, agreed on competitive bidding for the management of .org and .net. The Public Interest Registry, a nonprofit group, won the bidding for .org. VeriSign is lobbying actively to hold onto its .net stewardship, however, lining up written support from major players including Microsoft and I.B.M. At $5 a year for each domain name, VeriSign earns an estimated $30 million annually from administering .net - far less than its revenues for .com, which has 200 million names at $6 each. Mr. Galvin said that because of its effect on the United States economy, deciding on the .net manager was "the biggest decision Icann has had to make so far." More than a third of the top e-commerce sites - including much-visited sites like walmart.com - actually use a .net server, he said, making the domain more important than the number of names would indicate. In fact, the five million registered names only amount to about 8 percent of all domain names. VeriSign is campaigning on what it says is a stellar track record of keeping .net running continuously, though its rivals say that the California company has lagged behind on technological innovations that would make .net run more reliably. VeriSign has administered .net since 2000, when it acquired Network Solutions, which had operated the domain since 1992.
On Mon, Jan 17, 2005 at 06:16:25PM -0800, davidb@panix.com wrote:
P.S.
can anyone comment on the reputations of the .net registry administration contenders (no need to comment on verisign)?
A nonprofit firm in Frankfurt, Denic eG, which manages Germany's eight million registered .de domain names, has also indicated that it is planning to bid.
For what it is worth, some consider the .de whois server broken; see below. Let's note that the new RFC (3912) doesn't mention the "help methodology" anymore. -------- Begin Quote -------- The .DE whois server is broken. I should be able to telnet to the WHOIS server on the whois port, send it a domain, and get results. If I do that, I get: $ telnet whois.denic.de whois Trying 81.91.162.7... Connected to whois.denic.de. Escape character is '^]'. denic.de domain: denic.de status: connect Connection closed by foreign host. The only way to get "real" data out of the .DE whois server is to use cryptic options: $ telnet whois.denic.de whois Trying 81.91.162.7... Connected to whois.denic.de. Escape character is '^]'. -T dn,ace -C US-ASCII denic.de % Copyright (c)2004 by DENIC % Version: 1.00.0 % % Restricted rights. [.... snip ....] Further, these options are not documented anywhere, because the usual "help" methodology, as documented by the RFC, doesn't work: $ telnet whois.denic.de whois Trying 81.91.162.7... Connected to whois.denic.de. Escape character is '^]'. ? domain: ? status: invalid Connection closed by foreign host. -- Lionel Elie Mamane
For what it is worth, some consider the .de whois server broken; see below. Let's note that the new RFC (3912) doesn't mention the "help methodology" anymore.
In the high stakes game of registry redelegation, with .org as a data point and the new gTLD competition (winners: [info,biz,name,pro]) as another, the difference of function of what answers on :43 isn't, IMO, a liability. It is both trivial to fix, and defensible (EU Data Protection Framework), and not in the criteria set that appears to be key in the selection of bids. The criteria for selection of the next .net delegation operator is likely, in my limited experience, to turn on issues that have little to do with a bidders actual ability to operate the .net registry. Aside: In January 2002 I wrote Request to Move RFC 954 to Historic Status, published as draft-brunner-rfc954-historic-00.txt. Two years later, Leslie Daigle wrote a different draft which is now rfc3912. Aside: A ccTLD operator submitted a bid for .org. The "technical evaluator" retained by ICANN ranked the bids submitted by existing gTLD operators other than VGRS as (1) info, (2) biz, (3) pro. I was surprised by the presence of (2) and (3) on the list, and by the absence of two bids from that list. If you want to look for a real criteria, you might want to ask "How long after the transfer will the new operator receive any monies for the set of registrations contained in the registry at the moment of transfer?" Eric
lionel@mamane.lu (Lionel Elie Mamane) wrote:
A nonprofit firm in Frankfurt, Denic eG, which manages Germany's eight million registered .de domain names, has also indicated that it is planning to bid.
For what it is worth, some consider the .de whois server broken; see below. Let's note that the new RFC (3912) doesn't mention the "help methodology" anymore.
And some call this not broken but necessary. I can explain off-list, if you like.
The .DE whois server is broken. I should be able to telnet to the WHOIS server on the whois port, send it a domain, and get results.
You are getting results.
$ telnet whois.denic.de whois Trying 81.91.162.7... Connected to whois.denic.de. Escape character is '^]'. denic.de domain: denic.de status: connect
Connection closed by foreign host.
Further, these options are not documented anywhere, because the usual "help" methodology, as documented by the RFC, doesn't work:
http://www.denic.de/en/domains/technik/denic_whois-server/index.html (Easily found by searching for "whois", first hit - yes, I know, it's ugly, but you're still not telling the truth which is my point here)
$ telnet whois.denic.de whois Trying 81.91.162.7... Connected to whois.denic.de. Escape character is '^]'. ? domain: ? status: invalid
Which is defined in what RfC? If it is, I will gladly tell the folks to implement it. Anyway, I see your point in that server being somewhat problematic if you need more than "free/used"; yet the information is there, and someone who really needs more info has no hard time finding the docs. Yours, Elmar. -- "Begehe nur nicht den Fehler, Meinung durch Sachverstand zu substituieren." (PLemken, <bu6o7e$e6v0p$2@ID-31.news.uni-berlin.de>) --------------------------------------------------------------[ ELMI-RIPE ]---
On Tue, Jan 18, 2005 at 10:03:31AM +0100, Elmar K. Bins wrote:
lionel@mamane.lu (Lionel Elie Mamane) wrote:
A nonprofit firm in Frankfurt, Denic eG, which manages Germany's eight million registered .de domain names, has also indicated that it is planning to bid.
For what it is worth, some consider the .de whois server broken; see below. Let's note that the new RFC (3912) doesn't mention the "help methodology" anymore.
And some call this not broken but necessary. I can explain off-list, if you like.
$ telnet whois.denic.de whois Trying 81.91.162.7... Connected to whois.denic.de. Escape character is '^]'. ? domain: ? status: invalid
Which is defined in what RfC?
RFC 954, which has recently (September 2004) been obsoleted by RFC 3912, which doesn't mention it anymore. -- Lionel
lionel@mamane.lu (Lionel Elie Mamane) wrote:
$ telnet whois.denic.de whois Trying 81.91.162.7... Connected to whois.denic.de. Escape character is '^]'. ? domain: ? status: invalid
Which is defined in what RfC?
RFC 954, which has recently (September 2004) been obsoleted by RFC 3912, which doesn't mention it anymore.
Yes, one could have seen that. I'll take the issue to the people involved. Yours, Elmar. (Btw: "HELP" works...) -- "Begehe nur nicht den Fehler, Meinung durch Sachverstand zu substituieren." (PLemken, <bu6o7e$e6v0p$2@ID-31.news.uni-berlin.de>) --------------------------------------------------------------[ ELMI-RIPE ]---
On Tue, 18 Jan 2005, Elmar K. Bins wrote:
eight million registered .de domain names, has also indicated that it is planning to bid.
For what it is worth, some consider the .de whois server broken; see below. Let's note that the new RFC (3912) doesn't mention the "help methodology" anymore.
And some call this not broken but necessary. I can explain off-list, if you like.
Why off-list? Just tell that you want to support multi-lingual domain names.
Further, these options are not documented anywhere, because the usual "help" methodology, as documented by the RFC, doesn't work:
http://www.denic.de/en/domains/technik/denic_whois-server/index.html
(Easily found by searching for "whois", first hit - yes, I know, it's ugly, but you're still not telling the truth which is my point here)
I believe he meant that URL should be presented as part of normal whois answer. While me and others who "care" have already found it long ago, you can't expect that of people who might do one denic lookup per year
$ telnet whois.denic.de whois Trying 81.91.162.7... Connected to whois.denic.de. Escape character is '^]'. ? domain: ? status: invalid
Which is defined in what RfC? If it is, I will gladly tell the folks to implement it.
? should produce documentation on how to use your whois server and what options it supports. However I've not seen many implement it and it and in fact recent RFC3912 on whois does not even mention it any more. But please don't take it that you should not implement it, if its no big deal (and for most its not), then please present text-only copy of documentation for most important options. And in general because most people do not even know about "?", please just present URL to documentation in all other queries. -- William Leibzon Elan Networks william@elan.net
Hi William,
And some call this not broken but necessary. I can explain off-list, if you like.
Why off-list? Just tell that you want to support multi-lingual domain names.
There are a couple more reasons, and I'm not sure it's NANOG business ;-)
I believe he meant that URL should be presented as part of normal whois answer. While me and others who "care" have already found it long ago, you can't expect that of people who might do one denic lookup per year
True. But if this lookup is so important, they are easily willing to try the website. Of course, it's not nice, giving no hint at all. I've told the folks here, maybe they'll insert a comment or something.
But please don't take it that you should not implement it, if its no big deal (and for most its not), then please present text-only copy of documentation for most important options. And in general because most people do not even know about "?", please just present URL to documentation in all other queries.
"Be generous in what you accept..." Yup :-) Yours, Elmar. PS: Btw, "HELP" works... -- "Begehe nur nicht den Fehler, Meinung durch Sachverstand zu substituieren." (PLemken, <bu6o7e$e6v0p$2@ID-31.news.uni-berlin.de>) --------------------------------------------------------------[ ELMI-RIPE ]---
On Tue, Jan 18, 2005 at 05:08:18AM +0100, Lionel Elie Mamane <lionel@mamane.lu> wrote a message of 61 lines which said:
Further, these options are not documented anywhere,
In the man page of GNU whois :-) When querying \fIwhois.denic.de\fP for domain names, the program will automatically add the flags \fI-T dn,ace -C US-ASCII\fP. .P Remember that the whois protocol is a mess. May be IRIS will fix that.
At 10:32 AM +0100 1/21/05, Stephane Bortzmeyer wrote:
Remember that the whois protocol is a mess. May be IRIS will fix that.
For those concerned with IRIS, please take time to review the documents listed at the bottom of this page: http://www.ietf.org/html.charters/crisp-charter.html RFCs 3981, 3982, 3983 represent the review of the entire IETF (tacitly by most). Although these are "permanent" documents, it is never too late to read and comment on them. Revisions happen. The document for the RIR's (ARIN, et.al.) hasn't completed its review, it can be seen at: http://www.ietf.org/internet-drafts/draft-ietf-crisp-iris-areg-09.txt and there's a related draft at: http://www.ietf.org/internet-drafts/draft-ietf-crisp-iris-areg-urires-00.txt It's never too late to comment on a protocol, although it maybe too late to comment on a document. ;) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar "A noble spirit embiggens the smallest man." - Jebediah Springfield
participants (8)
-
davidb@panix.com
-
Edward Lewis
-
Elmar K. Bins
-
Eric Brunner-Williams in Portland Maine
-
Lionel Elie Mamane
-
Michael Loftis
-
Stephane Bortzmeyer
-
william(at)elan.net