By: Andy Newton
Date: March 1, 2012
The WHOIS protocol has been around for a long, long time. It predates the Domain Name System (DNS), the service it is used most to describe, and even IPv4. While the most recent RFC describing the WHOIS protocol was written in 2004, it has been unchanged since its inception: over TCP, the server accepts input until it sees and then it sends an answer to the client and closes the connection.
Despite (or maybe because of) this protocol’s simplicity, it has survived three previous attempts by the IETF to standardize replacements believed to be better. Two of those efforts focused on making WHOIS a better, more generalized directory service protocol. RWhois added referrals and WHOIS++ added distributed indexing. The Internet Registry Information Service (IRIS), also an attempt to do better, focused more on the application of providing directory services for the DNS and IP registries, albeit in a highly “extensible” manner. And there have been experiments to replace WHOIS with the Lightweight Directory Access Protocol LDAP.
None of those have taken hold.
So when IETF announcements fly by with the title “WHOIS-based Extensible Internet Registration Data Service (WEIRDS),” it is quite natural for eyebrows to become affixed in an upward cant. Who in their right mind would attempt this once more? WEIRDS, indeed.
All that being said, significant issues exist with the applications that have been built atop TCP port 43. The simple nature of the protocol leaves no room for negotiating features or for up-leveling to a new version. Referrals remain a thorny issue, programmatic parsing of output is hit-or-miss, and internationalized domain names bring in a whole new dimension of complexity.
An example of the referral problem occurred during the summer of 2011. When you look up information regarding an IP network, you may be surprised by how many WHOIS clients direct you to the correct regional Internet registry (RIR) database, despite the fact that WHOIS has no referral mechanism. They do this by looking for the names of the RIRs in specific places in the WHOIS output. This precarious, ad hoc referral parsing was accidentally broken when the American Registry for Internet Numbers (ARIN), attempting to be more consistent with the other RIRs, modified its output slightly to include more information. This simple and seemingly innocuous change had to be reverted so that many of today’s spam and intrusion-detection systems could report accurate information.
The WEIRDS approach to this problem is based not on a new protocol but on the reuse of existing application strata, specifically RESTful (representational state transfer) web services. The work of applying RESTful web services (RWS) to Internet registry WHOIS access was pioneered by the RIRs; in 2010, ARIN put into production its WHOIS–RWS system followed shortly thereafter by the fielding of a similar service by the Réseaux IP Européens Network Coordination Centre (RIPE NCC). While differing in schemas (based on the needs of their respective regions), both services use XML (Extensible Markup Language) over HTTP addressed by URLs and accessed with the traditional and standard HTTP methods, a programming paradigm used by Amazon, Google, Yahoo, and others to allow integration of third-party applications into their services. Data storage applications backed by Amazon’s popular S3 service use RESTful web services to store and retrieve data. Smart-phone applications that send tweets use RESTful web services for integration to Twitter. And tools exist for nearly every language to create RESTful web clients; often services can be demonstrated with stock web browsers or simple Unix shell scripts.
Unlike prior attempts to replace WHOIS, this adoption has been encouraging. ARIN, using XML schemas specific to ARIN’s data model, now sees more than 40 percent of its WHOIS data needs served using the RESTful web service. Once a standard model is agreed upon, it is easy to imagine even greater data access using this method.
With respect to domain names, however, questions have been raised with regard to the expected adoption of any replacement or complement to traditional WHOIS. The naming community has many more actors, and there are legal implications and international politics, which has slowed progress and made it less certain. Hence the apprehension regarding a new WHOIS for domain name registries.
For its part, the International Corporation for Assigned Names and Numbers (ICANN) is working on the policy aspects of this issue. ICANN’s Security and Stability Advisory Committee (SSAC) published itsSSAC Report on Domain Name WHOIS Terminology and Structure in September 2011, a document noting the differences between data, access protocols, and services, which is intended to disambiguate policy impasses where data, protocol, and service issues are conflated. The ICANN staff has also published two proposals for RESTful web services aimed at domain name registries and registrars.
Finally, the WEIRDS effort does have an active, participant constituency not seen in the previous efforts: data consumers, specifically from the spam abatement, reputation scoring, and network anti-abuse industries. As network abuses have become more sophisticated over the years, vendors with products to help combat these abuses have increasingly turned to the Internet registries for more and more information. One could consider it combat intelligence. The products and services of those industries need tighter integration and more robust service than is currently offered by the WHOIS protocol.
So WEIRDS is unlike the RWhois, WHOIS++, and IRIS work. Many more constituencies are participating. The nexus with the policy community is being tended to with active support from ICANN, and the technology model is simple and well within the mainstream of most programmers. And, as with all IETF activities, everyone is welcome and voices can be heard by joining the IETF’s WEIRDS mailing list.