[dns-operations] [Ext] Re: Safe public whois site/tool?

Eduardo Alvarez eduardo.alvarez at icann.org
Wed Mar 6 18:28:42 UTC 2019


Yes, the best authoritative source for this information will always be the TLD registry.

Additionally, as more TLD Registries continue to implement RDAP, RDAP clients will also be capable of finding this information for end users.

For anyone is interested, a prototype of a RDAP client is available at
https://rdap-client.viagenie.ca/ 
This RDAP client is fully based in JavaScript and runs completely on the user browser, mitigating the risk of front running. Because it uses the bootstrapping mechanism with the IANA registry (https://www.iana.org/assignments/rdap-dns/rdap-dns.xhtml), the end user does not need to know the TLD Registry server.

However this approach works only for TLDs where the Registry implements RDAP and registered their RDAP server with IANA, which is expected of gTLD Registries by late August 2019.

Regards,
--Eduardo A.

On 3/6/19, 7:06 AM, "dns-operations on behalf of Salmensuo Sami" <dns-operations-bounces at dns-oarc.net on behalf of Sami.Salmensuo at traficom.fi> wrote:

    Hi,
    
    >There is only one good answer to this case, and it works all the time:
    >use the registry website for the relevant TLD!
    
    That is the best answer.
    
    But if someone wants to use website whois search
    https://www.traficom.fi/en/communications/fi-domains/whois-shows-public-information-domain-name
    is pretty safe to use.
    
    - Sami / Traficom
    
    -----Original Message-----
    From: dns-operations <dns-operations-bounces at dns-oarc.net> On Behalf Of Patrick Mevzek
    Sent: keskiviikko 6. maaliskuuta 2019 4.16
    To: dns-operations at dns-oarc.net
    Subject: Re: [dns-operations] Safe public whois site/tool?
    
    
    
    
    On 2019-03-05 20:50 -0500, Doug Barton <dougb at dougbarton.email> wrote:
    > I know that there are a lot of public whois sites, and purveyors of 
    > domain name tools, but I also know that a non-trivial number of them are 
    > scams, to the extent that some of them will even register good names out 
    > from under you if you use them.
    
    There is only one good answer to this case, and it works all the time:
    use the registry website for the relevant TLD!
    
    First hop at https://www.iana.org/domains/root/db to find the registry 
    website and then go to it, there is almost always a web whois interface 
    there.
    
    Guaranteed authoritative answer (where other websites may only show 
    cached data) and no risks of information leaks or domains being suddenly 
    registered.
    
    A bit more tedious for thin registries right now, but this is basically 
    only .COM/.NET and that particular case will cease to exist soon.
    
    If you use any other kind of website, you can have as guarantee for what 
    they do with your data, only what they write in their TOS or equivalent 
    and what you believe they will really do or not.
    -- 
    Patrick Mevzek
    _______________________________________________
    dns-operations mailing list
    dns-operations at lists.dns-oarc.net
    https://lists.dns-oarc.net/mailman/listinfo/dns-operations
    dns-operations mailing list
    https://lists.dns-oarc.net/mailman/listinfo/dns-operations
    
    _______________________________________________
    dns-operations mailing list
    dns-operations at lists.dns-oarc.net
    https://lists.dns-oarc.net/mailman/listinfo/dns-operations
    dns-operations mailing list
    https://lists.dns-oarc.net/mailman/listinfo/dns-operations
    
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2042 bytes
Desc: not available
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190306/57a72975/attachment.bin>


More information about the dns-operations mailing list