Scott Yang's Playground

This is a follow up to yesterday’s post, where I looked at Network Solutions’ domain tasting practise. It has long been warned on various Internet forums that you should not make WHOIS queries on registrars’ web interface if you do not intend to buy straight away. Your queries might be logged by the dodgy registrar whose website you have been using, and these queries might be sold to domain tasters or cybersquatters, so that 2 days later when you actually want to register those domains, they become unavailable.

The suggestion on “checking out a domain” has been:

1. Try to query on trust worthy website, such as Jay’s Domain Tools.
2. Try to use a standalone WHOIS client, for example the “whois” command on your Linux console.

The problem with (1) is — how can you classify the website as trustworthy? Anyone can slap a disclaimer “we do not sell WHOIS queries” but how do you know whether your queries are logged, and how they process the logs internally? What happy if the website changes hands? For the ultra paranoid, no web-based WHOIS tools are trust worthy.

Then, the “myth” is that command line WHOIS clients must be safe as you are querying the WHOIS server directly. The man-in-the-middle, i.e. the website acting as the front-end, is eliminated, thus there is no way your queries can be logged and resold. Well, the truth is, anything that can be queried can log those queries, and we are still ending up at ground 0 — are you trusting the source?

Who then, is the source that the command line WHOIS client is querying against?

On my Debian, Ubuntu and Gentoo boxes, when you apt-get install whois or emerge whois, it uses the WHOIS software from here, “an improved whois client” and part of many Linux distributions. From the source code, it appears the default WHOIS source for .com and .net is — Network Solutions! Under debian/changelog, it was changed from querying InterNIC to querying Network Solutions back in December 1999, i.e. 2x the eternity in Internet age.

That also implies that every .com/.net WHOIS query you make using Debian’s whois client, it is Network Solutions who receives the query and responds to it. It might be logged together with time and your IP address — we simply don’t know. I am not saying that NetSol is going to sell the queries on their WHOIS server to evil domainers. But then from NetSol’s track record (registering prior to clients confirming purchase, wildcard deployment on .com (Verisign is the parent company of NetSol), etc etc) — they will go low if there is financial gain from it. What they are going to do with the query log is probably anyone’s guesses.

On the other hand, GNU jwhois, which is the default WHOIS client on CentOS, still queries InterNIC for .com/.net domains, even at its latest 4.0 version. Now, who do you trust more? InterNIC who is operated by ICANN a “non-profit organisation”, or Network Solutions who is a child company of VeriSign, a public company? Then again on InterNIC’s whois page:

Results for .com and .net are provided courtesy of Verisign Global Registry Services.

I guess there is not much you can do about it. Still the old suggestion — only query when you are ready to buy!