A Brief History of domain Registration Data Disclosure System, RDDS

For people to communicate over distance requires that they know who and where they are. In the early days of the Internet a “phone book” listing people and institutions and the digital “numbers” under which their networked computers could be reached was sufficient. If someone did something harmful, “peer pressure” was usually enough to resolve the issue.

Names and Numbers

Maintenance of the networked computers numerical addresses, called the Assigned Numbers List, was handled by Jon Postel at the University of Southern California’s Information Sciences Institute (ISI).

The practice of using easier to remember names instead of a difficult to remember line of number started with the ARPANET; established by the Advanced Research Projects Agency, (ARPA) of the United States Department of Defense, from which the Internet developed and before the creation of the Domain Name System (DNS).

Elizabeth”Jake” Feinler developed and maintained the first ARPANET directory at the Stanford Research Institute (now SRI International) maintained a text file named HOSTS.TXT Working closely with ISI it mapped host names to the numerical addresses of computers on the ARPANET. Addresses were assigned manually. Computers, including their hostnames and addresses, were added to the primary file by contacting the SRI Network Information Center (NIC), directed by Feinler, via telephone during business hours.

WHOIS and the DNS

Later, Feinler set up a WHOIS directory on a server in the NIC for retrieval of information about resources, contacts, and entities. She and her team developed the concept of domains. Feinler suggested that domains should be based on the location of the physical address of the computer. Computers at educational institutions would have the domain edu, for example. The process of registration was established in RFC 920. WHOIS was standardized in the early 1980s to look up domains, people, and other resources related to domain and number registrations. As all registration was done by one organization at that time, one centralized server was used for WHOIS queries.

As the DNS and other registration systems (e.g., IP addresses, Autonomous System Numbers) were being deployed, there was a need to be able to contact the operators of networks and domain names. Since WHOIS was available, it was pressed into use for this purpose. The WHOIS listed the administrative (Admin) and technical (Tech) contacts as the people in charge of the time-shared computers on the ARPANET. The Admin contact was usually a person with the authority to act if one of the users on their system was misbehaving. The Tech contact was the person who today would commonly be called the sysadmin.

The responsibility of domain registration remained with Defense Advanced Research Projects Agency, DARPA as the ARPANET became the Internet during the 1980s. Feinler and her team managed the Host Naming Registry from 1972 to 1989. Then, the National Science Foundation directed that commercial, third-party entities would handle the management of Internet domain registration. InterNIC was formed in 1993 under contract with the NSF, consisting of Network Solutions, Inc., General Atomics and AT&T.

20th-century WHOIS servers were highly permissive and would allow wild-card searches. A WHOIS query of a person’s last name would yield all individuals with that name. A query with a given keyword returned all registered domains containing that keyword. A query for a given administrative contact returned all domains the administrator was associated with. Since the advent of the commercialized Internet, multiple registrars and unethical spammers, such permissive searching is no longer available.

WHOIS Use-Cases

Today’s Internet use-cases, however, no longer map to the original purpose of that WHOIS system. WHOIS has evolved and grown to a directory of several hundred million domain name registrants on the Internet.

WHOIS data also evolved to be used – and misused – in many ways not originally envisioned. The simple concept of Admin and Tech contacts being available to everyone freely is significantly complicated by the emergence of regional privacy regulations, law enforcement demands, complex business structures, combating fraud and abuse and conflicting policies. At the same time, people have come to rely on the WHOIS system and still require its data for lawful purposes.

From WHOIS to RDRS

On December 1, 1999, management of the top-level domains (TLDs) com, net, and org was assigned to the Internet Corporation for Assigned Names and Numbers, ICANN. At the time, these TLDs were converted to a thin WHOIS model. (see Info Box) 

ICANN has been exploring changing WHOIS to enable greater privacy. An ICANN Expert Working Group (EWG) recommended in June 2013 that WHOIS should be scrapped. It recommends that WHOIS be replaced with a system that keeps information secret from most Internet users, and only discloses information for “permissible purposes”. ICANN’s list of permissible purposes includes domain-name research, domain-name sale and purchase, regulatory enforcement, personal data protection, legal actions, and abuse mitigation. Although WHOIS has been a key tool of journalists in determining who was disseminating certain information on the Internet, the use of WHOIS by the free press is not included in ICANN’s proposed list of permissible purposes.

On February 27, 2023, the ICANN Board directed the ICANN Organization to develop and launch a new ticketing system to handle requests for access to nonpublic registration data related to gTLDs.

In November 2023, ICANN launched the Registration Data Request Service (RDRS). The RDRS is a new service to handle requests for access to nonpublic registration data related to generic top-level domains (gTLDs).

According to ICANN, the RDRS is a free, global, one-stop shop ticketing system that handles nonpublic gTLD registration data requests. The RDRS connects requestors of nonpublic data with the relevant ICANN-accredited registrars for gTLD domain names that are participating in the service. The service does not guarantee access to requested registration data. All communication and data disclosure between the registrars and requestors takes place outside of the system.

With the introduction of the RDRS ICANN managed to generate more questions than the RDRS is able to answer.