The Internet comprises a vast number of computers and computer networks that are interconnected through communication links. The interconnected computers exchange information using various services, such as electronic mail and the World Wide Web (WWW). The WWW service allows a server computer system (i.e., web server or website) to send textual and graphical webpages of information to a remote client computer system. The remote client computer system can then display the webpages. Each resource (e.g., computer or webpage) of the WWW is uniquely identifiable by a Uniform Resource Locator (URL). To view a specific webpage, a client computer system specifies the URL for the webpage in a request (e.g., a HyperText Transfer Protocol (HTTP) request). These follow the familiar format http://www.example.com uniquely identifying the particular resource. The request is forwarded to the web server that serves the webpage to the client computer system. When the client computer system receives the webpage, it typically displays the webpage using a browser. A browser is a special-purpose application program that requests and displays the webpages.
WHOIS is a TCP-based (Transmission Control Protocol) transaction-oriented query/response protocol that is used to provide information services to Internet users. While originally used to provide “white pages” services and information about registered domain names, current deployments cover a much broader range of information services. The protocol delivers its content in a human-readable format. A sample WHOIS printout is shown in FIG. 1.
A WHOIS server listens on TCP port 43 for requests from WHOIS clients. The WHOIS client makes a text request to the WHOIS server, then the WHOIS server replies with text content. All requests are terminated with ASCII CR and then ASCII LF. The response might contain more than one line of text, so the presence of ASCII CR or ASCII LF characters does not indicate the end of the response. The WHOIS server closes its connection as soon as the output is finished. The closed TCP connection is the indication to the client that the response has been received.
For historical reasons, WHOIS lacks many of the modern protocol design attributes, for example internationalization and strong security. The WHOIS protocol has no mechanism for indicating the character set in use. Originally, the predominant text encoding in use was US-ASCII. In practice, some WHOIS servers, particularly those outside the USA, might be using some other character set either for requests, replies, or both. This inability to predict or express text encoding has adversely impacted the interoperability (and, therefore, usefulness) of the WHOIS protocol.
The WHOIS protocol has no provisions for strong security. WHOIS lacks mechanisms for access control, integrity, and confidentiality. Accordingly, WHOIS-based services are used for information which is non-sensitive and intended to be accessible to everyone.
The domain name system (DNS) is the world's largest distributed computing system that enables access to any resource in the Internet by translating user-friendly domain names to IP Addresses. The process of translating domain names to IP Addresses is called Name Resolution. A DNS name resolution is the first step in the majority of Internet transactions. The DNS is in fact a client-server system that provides this name resolution service through a family of servers called Domain Name Servers. The hierarchical domain space is divided into administrative units called zones. A zone usually consists of a domain (say example.com) and possibly one or more sub domains (projects.example.com, services.example.com). The authoritative data needed for performing the name resolution service is contained in a file called the zone file and the DNS servers hosting this file are called the authoritative name servers for that zone. The DNS clients that make use of the services provided by authoritative name servers may be of two types. One type is called a stub resolver that formulates and sends a query every time it receives a request from an application that requires Internet service (e.g., a browser). The other type is called a caching (also called recursive/resolving) name server that caches the name resolution responses it has obtained from the authoritative name servers and is thus able to serve multiple stub resolvers.
The zone file hosted on an authoritative name server consists of various types of records called Resource Records (RRs). A type (RRtype) is associated with each DNS resource record. The code for these RRtypes is assigned by an international organization called Internet Assigned Names Authority (IANA). An RR of a given RRtype in a zone file provides a specific type of information. Some of the common RRtype codes are: NS, MX, CNAME, and A. An NS RR in a zone file gives the fully qualified domain name (FQDN) of the host that is considered the name server for that zone. For example, an NS RR in the zone file of the zone example.com may give the information that the host ns1.projects.example.com is a name server for the domain projects.example.com. Similarly an MX RR gives the host name for a mail server for the zone. An A RR gives the IP address for a host in a domain within the zone. CNAME provides “canonical name” records and mapping of names in the zone file. A zone file generally consists of multiple RRs of a given RRtype with some exceptions (e.g., there can be only SOA RR in a zone file). It can also have multiple RRs for the same domain name and same (or different) RRtype (e.g., multiple name servers or mail servers for a domain services.example.com). A sample DNS zone file printout is shown in FIG. 2.
The DNS infrastructure consists of many different types of DNS servers, DNS clients, and transactions between these entities. The most important transaction in DNS is the one that provides the core service of DNS (i.e., name resolution service) and is called the DNS Query/Response. A DNS Query/Response transaction is made up of a query originating from a DNS client (generically called a DNS resolver) and response from a DNS name server. The response consists of one or more RRs. These RRs may be served from its own zone file (for an authoritative name server) or from a cache of RRs obtained from other name servers (for a caching/resolving/recursive name servers). In this way, the DNS serves as a global, distributed database. Name servers (serving zone files) each contain a small portion of the global domain space, and clients issue queries using a domain name and a desired RRtype.