The power of whois.
Who Manages the Internet?
Lance Spitzner
Last Modified: 28 July 1999
Be advised, due to the dynamic nature of the Internet, and Domain Name control in particular, this paper may be somewhat out of date.

Who manages the Internet? There are a lot of issues to such a basic question; who controls IP addresses, who assigns domain names, who handles the domain name resolution? This article will answer these questions with a basic overview of how the Internet works and what organizations are managing it. I will not discuss the history of the Internet, go into detail on how DNS works, nor my personal view on how to improve domain registration. This will be a basic overview of how the Internet is currently managed and how you can leverage this knowledge with the command whois.

There are many critical resources that must be managed for the Internet. Two that I will be focusing on is the management of IP addressing and domain names. IP addresses are unique numbers, each address consisting of four octets (32 bits), as specified in RFC 791. Domain names are the organization and representation of IP addresses. In the first part of this article, we will discuss IP addressing and how the Internet manages it. We will then cover the far more complicated and political issue of domain names and how they are controlled.
 

IP Addressing

IP addresses are the work horse of the Internet, it is how your packet gets from point A to point B. This works because no two IP addresses are the same. Without a standardized system of unique addressing, the Internet could not function. But who is in charge of them? How do you know that the IP address you have is truly unique? The place to start is IANA, Internet Assigned Numbers Authority (http://www.isi.edu/div7/iana/).

IANA, located at the Information Sciences Institute at University of Southern California, is responsible for a variety of Internet issues, including IP addressing (discussed here) and domain registration for countries (discussed later). IANA is the ultimate source of authority for IP addresses, it is ultimately responsible for most of the IP addresses in the world.

It controls these IP addresses in a hierarchical manner. IANA distributes IP addresses as large blocks to three regional registries. Each block is unique, separate from the other two. Each regional registry distributes these IP blocks into smaller blocks to ISPs or large organizations within their region. These ISPs, in turn, distribute IP addresses to smaller ISPs, companies, schools, etc. Each organization manages the IP distribution to the next lower level, ensuring IP addresses are not wasted nor replicated.

The three main regional IP registries are as follows (note, all three registries are non for-profit organizations):

RIPE (www.ripe.net) is the Reseaux IP Europeens (more commonly called the Regional Internet Registry for Europe). Located in Amsterdam, The Netherlands, RIPE provides support to approximately 1000 Internet Registries, or ISPs, located in Europe, Middle East, and parts of Asia and Africa (check out http://www.ripe.net/centr/tld.html to see all the countries).

APNIC (www.apnic.net) is the Asian Pacific Network Information Center. Located in Tokyo, Japan, APNIC provides support for all Asian countries. Currently there is no list of every individual country that falls under APNIC.

ARIN (www.arin.net) is the American Registry for Internet Numbers. Located in Chantilly, VA, ARIN supports everybody else, including North and South America, the Caribbean, and the sub-Sahara Africa. Currently there is no list of every individual country that falls under ARIN.

 

Leveraging Whois

Armed with this knowledge, you can always find who owns an IP address. This is extremely useful when you are tracking down an IP address that is not resolvable. An example would be finding in your logs an IP address that is continually scanning your network for holes. You want to put a stop to this, but how? Often the IP address does not have in-addr.arpa entry, so reverse nslookups fail.

With whois, you can query any of the three regional registry databases for the IP address’s owner. An example would be the IP address 207.229.165.130 (my personal IP assigned by my ISP). By doing a whois on the network block, you can identify the ISP or organization that owns the IP block. Please note that you can lookup the network block 207.229.165.0 or the specific IP address. Once you find the owner of the IP block, you can then drill down and find the owner of the specific IP. You specify one of the three main registries with –h. The following command asks the ARIN database who "owns" the network 207.229.165.0

#whois –h whois.arin.net 207.229.165.0

EnterAct, L.L.C. (NETBLK-EACT-BLOCK-1)
3227 N. Sheffield #4R
Chicago, IL 60657
Netname: EACT-BLOCK-1
Netblock: 207.229.128.0 - 207.229.191.255
Maintainer: EACT
 

Here we learn the IP address belongs to my ISP, Enteract. This IP block (EACT-BLOCK-1) of 63 class C addresses was received directly from ARIN. If the IP address block belongs to RIPE or APNIC, the ARIN database will direct you to one of those two. Here is a whois lookup of the IP address 195.116.39.59 which is in Poland.

#whois –h whois.arin.net 195.116.39.0

European Regional Internet Registry/RIPE NCC (NETBLK-RIPE-C) These addresses have been further assigned to European users. Their contact information can be found in the RIPE database. See below how to use that database to obtain up-to-date information.

By using the whois command, and specifying the IP registry database (ARIN, RIPE, APNIC) you can drill down and find the owners of the IP address.
 

Top Level Domain Names

IP address are boring, 32 bit numbers that no one can remember. Domain names are different, these are the highly political entities that countless law suites have been fought over. Well, I am going to skip these politics and cover how the technology currently works.

Domain names are how we remember IP addresses. The IP address for my ISP is 206.54.252.8. However, this number is impossible to remember, so I use www.enteract.com, much easier to remember and use. But who manages the domain names, how does it all work? It all starts with the Top Level Domain name (TLD). Domain names are a hierarchy, with TLDs at the top. Each TLD is then divided into second-level domains, and so on. An example is the domain name enteract.com. COM is the TLD, while enteract is the second level domain name that falls under the TLD COM.

There are two types of TLDs, country-code and generic (gTLD). Every country in the world has a unique two character identifier, set by ISO 3166 standard. These country-code identifiers are the TLD for each country, examples include US for the United States, JP for Japan, and DE for Germany. There also exists 7 generic TLDs, COM, NET, ORG, EDU, MIL, INT, and GOV. Generic TLDs are unique in that they do not denote any nationality.

For every one of these TLDs, both country-codes and general, there is a specific organization in charge of it, usually called a Network Information Center, or NIC. These NICs are responsible for the registration and management of all the second-level domains under the TLD. If you need to find out anything about a second-level domain name, the place to start is the TLDs NIC.

For the country-code TLDs, each country is responsible for its own TLD. Thus, Poland is responsible for its own TLD (PL), just as Japan is responsible for it own TLD (JP). Each country identifies and manages its own NIC, usually an university or government organization. These country NICs are then authorized by IANA.

The seven generic TLDs are unique in that any organization, regardless of nationality, can use them. The company Network Solutions Inc. is a NIC, thus the name InterNIC, for four gTLDs, COM (commercial), NET (Internet) , ORG (organizational – usually non for-profit), and EDU (educational). The Depart of Defense is responsible for MIL (military), the government, actually the Center for Electric Messaging Technologies, for GOV (government), and IANA is responsible for INT (organizations established by international treaties).

To find out who is the NIC for a specific TLD, do a whois "TLD"-DOM, the DOM extension tells the whois database to look up a TLD. This will give the you location, point of contact, and the DNS servers of the TLD. Whois by default finds this information at the rs.internic.net database. This database contains the registration information for every TLD. So, to find out who is the NIC for Poland’s TLD PL, use the following command:.

#whois pl-dom

Poland (Republic of) top-level domain (PL-DOM)
Research and Academic Computer Network
Bartycka 18
00-716 Warsaw
POLAND
Domain Name: PL

Administrative Contact:
Krzanowski, Wiktor (WK856) wiktor@NASK.PL
+48 22 651-05-20..24 (FAX) +48 22 41-00-47

Technical Contact, Zone Contact
Luc, Miroslaw (ML4513) mirek@NASK.PL
+48 22 8268000 (FAX) +48 22 8268009

Domain servers in listed order:

BILBO.NASK.ORG.PL 148.81.16.51
COCOS.FUW.EDU.PL 148.81.4.6
SUNIC.SUNET.SE 192.36.125.2
NMS.CYFRONET.KRAKOW.PL 149.156.1.3
DNS2.TPSA.PL 194.204.152.3

 Here we see Poland’s Research and Academic Computer Network (at www.nask.pl) is in charge of the TLD PL. Also listed are the points of contact, the SOA and secondary DNS servers. With this information, you can drill down and find information on all second-level domain names under that TLD. After contacting Poland’s NIC, I was directed to http://www.nask.pl/NASK/net/dns-lista.html.
 

Root Servers

Every TLD, both country-code and generic, is also registered with the root server, a.root-servers.net. The root server is the absolute top of the TLD hierarchy (represented by a dot "."), it points to the DNS servers of all TLDs. The purpose of a root server is to give the IP address of a TLD’s primary or secondary DNS servers. When your computer has to resolve a URL, such as www.nask.pl, your computer (if the information has not been cached) will start with the root server. It asks the root server what are the DNS servers for the TLD (in this case PL). The root server replies, sending your computer to the TLD’s servers, where you system will query about the second-level domain name. Your system repeats this drill down process until it resolves the URL.

Having a single computer resolving the DNS servers for every TLD is not a good idea, both for bandwidth and high availability issues. There exists 12 other root servers that act as secondaries to the primary root server. Scattered throughout the world, these 13 servers resolve every TLD. Thus, just like the a.root-servers.net, any of the other 12 root servers act as the ultimate authority for all TLDs. The 13 root servers are as follows (you can get this information by doing a whois on the name of the server).

a.root-servers.net
Network Solutions Inc., in Herndon VA

b.root-servers.net
University of Southern California (ISI), Marina del Rey, CA

c.root-servers.net
Performance Systems International Inc.

d.root-servers.net
University of Maryland, Computer Science Center

e.root-servers.net
NASA Ames Research Center, Moffett Field, CA

f.root-servers.net
Internet Software Consortium, Palo Alto, CA

g.root-servers.net
DOD Network Information Center, Vienna, VA.

h.root-servers.net
Army Research Laboratory, Aberdeen Proving Ground, MD.

i.root-servers.net
Stockholm, Sweden

j.root-servers.net
Network Solutions Inc., Herndon VA

k.root-servers.net
European Regional Internet Registry, RIPE NCC

l.root-servers.net
University of Southern California (ISI), Marina del Rey, CA

m.root-servers.net
WIDE Project, Fujisawa Japan
 

Registration of Second-level Domain Names.

Now that you know how TLDs are managed, what about the second-level domain names, how are those managed? Every TLD is responsible for managing the second-level domain names under them. Lets use an example, the most common TLD used today, COM. This is the TLD used the world over, such as ibm.com or toyota.com. But who controls these second-level domain names, how are they managed?

If you want to register a second-level domain name with a TLD of COM, you must do so through Network Solutions Inc. This is the company responsible for this TLD (do a whois on com-dom). Network Solutions Inc. is also responsible for the TLDs ORG, EDU, and NET. To register your second-level domain name, go to their web site http://www.internic.net/rs-internic.html. If the second level domain name is already registered, then you cannot use that domain name. Once the second-level domain name is registered, the owner is then responsible for building and managing their own "NIC" (basically a primary and secondary server), which resolves the second-level domain name.

The same process is true of any TLD. Say you wanted to register the second-level domain name "this is" with the TLD IT, giving you the web site www.thisis.it. You would have to find out who has responsibility of the TLD IT (what country). As we learned earlier, you do this with the command:

#whois it-dom

Italy top-level domain (IT-DOM)
c/o CNR-Istituto CNUCE
Via Santa Maria, 36
Pisa, I-56126
Italy

Looks like you will have to contact the Italian NIC to register your second-level domain name this-is. Note, www.ripe.net also provides information on all TLDs in Europe and the Middle East.

 

Whois for COM, ORG, EDU, and NET.

Remember how we can do a whois on any TLD with the default whois database (rs.internic.net). Well, this database also holds information on any second-level domain name under the TLD COM, EDU, ORG, or NET. An example would be a whois on the second-level domain name intel.com.

#whois intel.com

Intel Corporation (INTEL-DOM)
2200 Mission College Blvd
P.O. Box 58119
Santa Clara, CA 95052-8119

Domain Name: INTEL.COM

The reason whois will give you this information is that Network Solutions Inc. is responsible for the database rs.internic.net and is the NIC for these gTLDs. Thus rs.internic.net resolves all TLDs and the second-level domain names for the four gTLDs.

Remember, we cannot do a whois on a second-level domain name who’s TLD is not COM, EDU, NET, or ORG. We have to query the TLD’s NIC to get information on any second-level domain names. Refer to the above example for the TLD PL. There we see that we have to refer to Poland’s NIC, nask.pl for information on Poland’s second-level domain names.

With the power of whois, you can find out who is responsible for any Top Level Domain name. Once you have identified the NIC of the TLD, you can drill down and find information on second-level domain names under the TLD. Each NIC may have a different method for querying second-level domain names under it. By default, the whois server rs.internic.net will also answer second-level domain names for the TLDs COM, ORG, NET, and EDU.
 

Conclusion

There is no one organization managing the Internet’s resources, specifically IP addresses and domain names. Rather, the Internet is managed in a hierarchial fashion with several organizations at the top. The command whois enables you to find out who is managing these resources, through the various levels of the hierarchy.

This structure has changed radically over the past several years, and will continue to do so. This article captures a snapshot of the Internet at this time. To learn more about the future of the Internet, start with any of the three Regional IP Registries already mention, or http://www.gtld-mou.org.

When I started this article I had hoped to include other issues, such as nslookup and in-addr.arpa. However, covering all this is impossible in a single article, I would end up writing a book (which I have no intention of doing). Hopefully, I have given you the basic framework of how the Internet is managed, and how you can leverage that information.
 
 

Author’s bio
Lance Spitzner enjoys learning by blowing up his Unix systems at home. Before this, he was an Officer in the Rapid Deployment Force, where he blew up things of a different nature. You can reach him at lance@spitzner.net .
 
 

Whitepapers / Publications