Slashdot Mirror
NSI Modifies "whois" Agreement
drwiii writes "Our good friends at NSI have modified their WHOIS agreement yet again, and it now seems to forbid any repackaging of the results returned from the query, even if your interest is not commercial. Also, notice how the agreement now appears before any results are returned.
" I noticed it says "significant portion", but it also never really defines it, either...
It broke my scripts. All I want to do is find out if a name is taken already before I allow a user to proceed thinking all is well.
I'll bet that's the idea, only they are targeting the new registrars who might want to automate the process of registration.
The biggest mistake in breaking NSI's monopoly was that they got to retain the actual root servers and the whois database. IMHO, the whois database should be regarded as a public record like the property records are.
Each registrar should be REQUIRED to have at least two root servers located on different networks, and a complete copy of the whois database. Whois updates and new DNS entries should be circulated like a newsfeed between the registrars. Each registrar should be assigned a night or nights where they circulate the entire contents of their databases so that consistancy can be checked and maintained. Database feeds should be provided free of charge to any and all who want the feed (provided they have the pipe to handle the data, 1200 baud users need not apply) as a REQUIRED public service.
This might be an example of what a Geek Union would be good for. "We have already cached the root servers. Open the whois databases or we'll all switch to new root servers and lock you out".
Amorphous (AMORPHOUS3-DOM)
590 Spring Creek Court
Marietta, GA 30068
US
Domain Name: AMORPHOUS.ORG
Administrative Contact, Technical Contact, Zone Contact:
Brooks, David (DB24252) dbrooks@COMSTAR.NET
770.977.0460
Billing Contact:
Brooks, David (DB24252) dbrooks@COMSTAR.NET
770.977.0460
...oops. Does this constitute a majority? Even though this is my own information, am I still forbade to give it out at my discretion?
--
Dave Brooks (db@amorphous.org)
http://www.amorphous.org
First of it's not set to SiteAmerica. It's set to mail.register.com which we change on demand and it gets change within 24 hours most of the time.
The MX hasnt been thrown into domain manage because the cgi scripts are still being worked on.
Picture this for a second as an Admin or Tech Support person in the Internet related field such as register.com
Customer: Hi, I just purchased WebTV and I want to host my domain on it. Also please set my MX info to l0ser.webtv.whatever.
--------snip-------
Currently it is being worked on and if anyone here needs an MX record changed or any other info for that matter I'll stick my foot in my mouth and offer my e-mail where I PERSONALLY will change the info for you. Any spams and I will block you in a heartbeat. Any moronic please redirect my domain to my PalmTop and I'll rm -f it.
-----end snip-----
joquendo@register.com
Want Root?
Every large ISP perpetually repackages and disseminates substantial portions of the WHOIS database, no matter what your definition of "substantial".
Their claim is invalid for the following reasons:
Any one of these would invalidate their claim, even if they fixed the others! (Remember this, in case they fix any.) I don't think their claim could ever stand a chance in court.
So does anyone want a CGI script that's a whois gateway? Install it on your site to automatically violate NSI's claim. It would force them to either openly ignore you or take you to court, where they'd have no case. If anyone wants to snub NSI like this, ask me and I'll write a simple whois gateway for you.
On another front, it really seems to me that if all the sysadmins are pissed off at NSI, we could all start pointing our DNS's to an alternate root DNS server (maybe in addition to NSI). What, exactly, is stopping us from doing this? Even if only half the sysadmins did it, the others would follow suit so as not to lose access to all those alternate domains.
Well, I don't. I still don't. That's why I'm now repackaging, disseminating, and modifying (for HTML) the WHOIS record of my old ISP, Internet Direct.
gemini:~$ whois idirect.com
[rs.internic.net]
Access to Network Solutions' WHOIS information is provided to assist persons in determining the contents of a domain name registration record in NSI's registrar database. The data in this record is provided by NSI for informational purposes only, and NSI does not guarantee its accuracy. Compilation, repackaging, dissemination, or other use of the WHOIS database in its entirety, or a substantial portion thereof, is not allowed without NSI's prior written permission. By submitting this query, you agree to abide by this policy. All rights reserved.
Registrant:
TUCOWS Interactive Limited (IDIRECT-DOM)
5150 Dundas Street West #306
Etobicoke ON, M9A 1C3
CA
Domain Name: IDIRECT.COM
Administrative Contact, Technical Contact, Zone Contact:
Administrator, DNS (LH90) dnsadmin@IDIRECT.COM
416-233-7150 (FAX) 416-233-6970
Record last updated on 29-Oct-98.
Record created on 21-Nov-94.
Database last updated on 6-Jul-99 08:47:29 EDT.
Domain servers in listed order:
NS.IDIRECT.COM 199.166.254.254
NS2.IDIRECT.COM 199.166.254.4
CNS2.IDIRECT.COM 207.136.80.18
CNS1.IDIRECT.COM 207.136.66.20
I called NSI (703) 742-0400 and spoke with somebody named Leslie.
I simply stated the following:
1. That my information was now under a new policy that seemed to discourage it's dissemination.
2. That I was not pleased about this "business decision" of theirs.
She was most entirely uninterested in listening to my points. I've spoken with walls and gotten more useful feedback.
So, I encourage all that can afford a 3 to 7 minute phone call to give NSI a call today, and let them know you don't exactly aprove of their changing their policy with regards to the data we gave them when we registered a domain.
I think I'm going to call and see if I can't speak to somebody about how this "business decision" was reached.
scottwimer
-- Beer. It's what's for breakfast.
You have agreed to turn over all intellectual and physical property to ME(tm). Your clothes, your food, the very air you breathe belongs to ME(tm). Any attempts to move from the spot you are currently situated in will be considered destruction of MY(tm) property and legal action WILL be taken. As your bed or chair is also now my property, you can no longer just lie/sit there either. Lying in bed will be considered unlawful use of MY(tm) property, and legal action WILL be taken. Clicking any button on your computer at all will be considered a binding agreement to this EULA. I have your URL, expect to hear from MY(tm) lawyers shortly.
NetSol's whois database isn't the only one to suffer from lack-of-usefulness.
After repeatedly being the victim of smurf attacks (yes, there are still many broken networks out there), I wrote a perl script which analyzed the Netflow export from a Cisco 7000-series router, tested the source IPs' networks for "brokenness," and used whois.arin.net to get contact information for those networks. Much to my dismay, I was getting stuff like...
150.174.97.255 52 Virginia State University (NET-VSUNET)
"Grey, Michael" vsuars@VCUVM1.BITNET
161.223.245.0 32 Indian Health Service (NET-IHS-BNET)
"Jaramillo, Valentino" [No mailbox]
192.48.125.0 33 Solar Energy Research Institute (NET-SERI-2)
"Powers, Chuck" [No mailbox]
Some of these organizations have had their IP allocations since the mid-1980s and apparently haven't updated their contact information in all this time. (BITNET? Can we say "way of the dodo"?) Of course, since there's no "enforcement" to keep the contact information up-to-date, things won't be changing anytime soon. (At least the .nu registry has strong wording in their policy regarding valid contact information...)
"[No mailbox]" shouldn't be allowed as a contact e-mail address, in my opinion. With the abundance of free/near-free e-mail services out there ( HotMail, Net@ddress, etc.), there is no excuse for not having a valid, working e-mail address. If you don't have an e-mail address, then you probably don't need to have IP addresses, either...
c> go to register.com's whois and it will lookup information in both Netsol and their databases...
Unfortunatly, apparently not.
[sjames:~]$ whois yahoo.com@whois.register.com
[whois.register.com]
No match for "yahoo.com".
Get your domain name at http://www.register.com
May I suggest that any domain registration site that requires a graphics browser is broken, by definition.
Jerry
It appears that NSI is no longer asserting ownership of the individual records, but only
of the database as a whole: "Compilation, repackaging, dissemination, or other use of the WHOIS database in its entirety, or a substantial portion thereof, is not allowed without NSI's prior written permission."
The restriction that NSI began attaching in May said: "You agree that you will not reproduce, sell, transfer, or modify any of the data presented in response to your search request, or use of [sic] any such data for commercial purpose, without the prior express written permission of Network Solutions."
So in fact this seems to be a step back towards open records. Now, whether their claim that use of the entire database is "not allowed" has any legal force is something a lawyer would have to answer. They don't explicitly claim copyright, except with the "All rights reserved" statement and my memory is that the phone companies failed with similar "compilation copyrights" on white pages in the past.
Wrong port. The whois.internic.net server runs on port 43 now, and as far as I know it has for a while.
It still works for me:
$ telnet whois.internic.net 43
Trying 198.41.0.6...
Connected to rs.internic.net.
Escape character is '^]'.
slashdot.org
Access to Network Solutions' WHOIS information is
....
etc
--
Reject
reject@metaphorcity dot com
So what, you might say. So I have scripts -- like many other people -- that use the whois db info in a "repackaged" format. And most run without my intervention and have been for a while. So am I now in violation of their agreement? Hell, I may not even know where some of those scripts are anymore! (Possibly a slight exaggeration, but you see the point.)
All I'm trying to say is that their "agreement" seems spurious and can't possibly be binding. I mean, who is agreeing to the terms of the "agreement" if the whois db info is being slurped by a script? The author of the software? Yeah, right. Try that one, and I'm suing MS for a mint. OK, maybe the user account that the script runs under? I'd love to see NSI try to sue nobody@lazlo.qualcomm.com. They going to sue my company? I hope they have a lot of lawyers and a lot of money; there's got to be plenty of companies doing the same thing.
The hell with NSI, I say. Seriously, what is wrong with people these days?
-B
Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.
They also seem to have disabled telnet access to the whois database.
I didn't pay NSI $70 for my address to become their property. I wanted a service to distribute my information in a freely available manner. When I submitted my information to them with credit card number, in no way did they claim it was their property and they would restrict its availability. This negates the whole rationale behind my domain name. What we have here is a monopoly and they should be bypassed. But, who has the servers and money to handle their capacity? Its evil and needs to be stopped.
Send in the lawyers!
[rs.internic.net]
Access to Network Solutions' WHOIS information is provided to assist persons in determining the contents of a domain name registration record in NSI's registrar database. The data in this record is provided by NSI for informational purposes only, and NSI does not guarantee its accuracy. Compilation, repackaging, dissemination, or other use of the WHOIS database in its entirety, or a substantial portion thereof, is not allowed without NSI's prior written permission. By submitting this query, you agree to abide by this policy. All rights reserved.
Yahoo (YAHOO-DOM) YAHOO.COM
yahoo.com (DUZEN3-DOM) DUZEN.COM
yahoo.com, jcarr (JY2887) jcarr_10@YAHOO.COM
303-843-2121 (FAX) 303-843-2221
yahoo.com, trisdog (TY1503) trisdog6@YAHOO.COM
303-571-4930 (FAX) 303-571-4911
yahoo.com, trisdog (TY1504) trisdog6@YAHOO.COM
303-571-4930 (FAX) 303-571-4911
To single out one record, look it up with "!xxx", where xxx is the
handle, shown in parenthesis following the name, which comes first.
There. I repackaged it into this page. Come get some!
--
Try their web interface at http://www.register.com instead.
Yep, that works perfectly. I do wish the ehois worked though, It's a little nicer to parse in a script than web returns.
$ cat whois.sh
#!/bin/sh
whois $1 | grep -v "portion thereof"
$ alias whois=whois.sh
-jwb
The problem is gathering the data. It's easy to determine if a name is active, the hard part is determining that a name is on hold or just registered (Newly registered names don't seem to become active as quickly as one might hope). Of course if the current DNS system is replaced, the NSI whois is worthless anyway since it would no longer reflect the true state of the DNS.
As for the root server issue, the load doesn't have to be huge if the new 'underground' system is planned properly. Caching servers could help a lot. Currently, we have root servers a-m (or at least my named.ca does) Why not go from A - ZZ instead? Then define a 'hub' server and several designated alternates to coordinate the updates.
Once the load is balanced and reasonable, now comes the matter of getting the servers. There is a good business case for providing a server to the cause. Since the system is meant to replace NSI's monopoly, it stands to reason that reasonable fees (certainly not more than is currently charged) could be imposed on registration, and that those fees would be divided amongst the owners of the root servers. (or, a simple rule. Root servers are all authoritative to register a domain name.) The new registrars might even get involved to protect their business interests and investment in becoming a registrar.
In my spare time, I'm thinking about a usenet like distribution system for DNS. The only real problem to solve is the issue of collisions for new registrations. Perhaps a simple database of new registrations with a simple locking mechanism. Every night, the contents of the database could be dumped into the DNS feed to the root servers. As soon as every 'ring 0' server says it's got it, the record is dropped from the new regs database.
In that sort of system, whois would be a two step process. First query a random root server. If no result, query the new regs database. The new process could be hidden so that the whois output looks just like it does now (minus the legal babble).
Simply having a CONTINGENCY plan for all of this would probably bring NSI into line. After all, if it were ever implemented, they're instantly bankrupt (and subject to a bazillion refunds and/or lawsuits). It would be the world's fastest buisness failure. Simple rumblings wouldn't have the same effect, it must be an actual plan with actual willingness to implement it.
A final note: The above is NOT a hijacking maneuver!! That has been (foolishly) tried before. It is simply a perfectly legal end run.
I'm not sure I understand what point you are trying to make, but I do agree the whois does not work on a standard 80 column terminal. Apparently, they fired all of the experienced hackers and hired a bunch of green people who promised a bunch of profits --I don't know. It looks real ugly.
Strong points of register.com:
Negative aspects:
All in all it's lightyears ahead of NIS, and I'm quite happy.
I'm surprised the telco's don't have a similar message when you dial 411...
_______
2B1ASK1
The WHOIS database isn't useful for anything these days anyway. I registered several domains a few weeks ago at register.com. None of them shows up in WHOIS. So there isn't any way any more to reliably determine technical contacts for a domain, or any other information. Frankly, I'm kind of glad, because I get a TON of junk mail from domains I've registered at Internic.
That said, does anyone know of ANY way to reliably tell if a domain has been registered now? WHOIS doesn't tell you, you can't just do an nslookup, etc. Could the boneheads... er... powers that be have not thought of this problem? I seem to have no way of knowing if a domain is registered without going to a website of one of the registrars and hoping their info is accurate.
Seems this multiple-registrars thing has made stuff more complex, not simpler like you'd expect any intelligent group of people to do. Its B.S. that I can no longer reliably get information about who to contact in a domain, and that said data isn't 100% public domain.
Ooops... I repackaged the query in a TCP stream.
Ooops... I did it again. The TCP stream was repackaged into IP packets.
Oh bother. My IP packets were repackaged into ATM frames on the backbone.
*sigh*
Time to start wiring up the direct serial link from my dumb-terminal to their database. Oh wait, that won't work. The serial port will repackage the bytes by inserting parity and stop bits.
Aw, hell, I'll go grab the yellow pages instead.
--Joe--
Program Intellivision!
I kind of like that the silly legalese is at the top of the query now. It makes it a lot easier to ignore as it scrolls off the top of my xterm. :)
Perhaps the whole board might qualify, but there are faster ways of "stealing" that information.
James