Jump to main contents

History of Internet Resources Management in Japan

Focusing on Domain Name and IP Address

open all section menu
close all section menu

Internet Timeline
Japanese Page

Chapter9 “Publication” and “disclosure” of registration information


Registry mechanism to register and publish registration data

As described in Chapter1, a registry of domain names and IP addresses has two main roles: managing registration information and operating DNS. In particular, managing registration information involves operating and administering the “registry database”.

A variety of information is registered in a registry database. It stores, for example, the string of the registered domain name, the range of assigned IP addresses, the identity of the domain name registrant, the identity of the entity to which the IP addresses are assigned, contact information, information on DNS settings, expiration date, and update history information.

Registering domain names and assigning IP addresses involves registering information with a registry database.

Since the beginning of domain name and IP address management, registry databases have been accessible to anyone on the Internet. Information such as identity of domain name registrants, IP address assignee, and contact information for each name and number have all been published on the Internet.

This is because, right from the outset, there was never any idea of hiding information. Furthermore, registry database information is necessary for constructing and operating the Internet. The Internet is characterized by interconnection and autonomous operation, so information on who operates the network or where they can be contacted has always been essential for coordinating operations or responding to network troubles or incidents.

Registries provide a list of information on domain names, such as registrants of the domain names, IP addresses, and the entities that are assigned the IP addresses. This is available via FTP (File Transfer Protocol) and other means. In addition, registries operate “WHOIS,” a system for referencing registry database information on the Internet.

In Japan, JNIC started an experimental service of such a database in 1992, and JPNIC started to provide WHOIS as a formal service in 1993[194].

WHOIS is a system based on IP connection. In the early days of the Internet, however, IP connectivity was not in place in many environments. So JPNIC provided an email-based service which would automatically send back information in response to queries.

At present, we experimentally provide file transfer service (anonymous ftp) and information search service (whois). In addition, a similar function is provided via email. By using these functions, you can receive documents distributed by JPNIC or search results for information managed by JPNIC by email even if you do not have IP connection.

--- JPNIC Newsletter No.2 (November 1994) 5. Introduction to JPNIC information services[195]

The information regarding DNS settings in a registry database was the zone information of JP DNS. The DNS service responds to each query of individual DNS, but it also supports a zone transfer, a mechanism under which all information retained by the DNS server is taken out at one time, so anyone could obtain the list of information on all JP domain names and IP addresses managed by JPNIC. Initially, the JP DNS had no limitations on zone transfer.

Spread of the Internet and registration information

In the early days it was taken for granted that information registered with a registry database (registration information) was published on the Internet. However, as the Internet expanded, the situation changed gradually and became a cause of debate.

As described earlier, the Internet was first used among a limited number of researchers, before commercial providers emerged. Then, as the Internet spread among the general population – especially due to the Web and Microsoft Windows 95 – registration of domain names and assignment of IP addresses extended to companies and then individuals.

With WHOIS, not only names, but also contact information – including addresses, telephone numbers and mail addresses – was published. For university researchers and corporate network administrators, it was seldom a problem to publish their information on the Internet. However, when information about the homes of individuals became public, protecting personal information became a genuine cause for concern.

Moreover, because a large amount of information came to be registered, the use of WHOIS records beyond their intended purposes became a problem. A list of domain names and IP addresses was also published, so it was possible to obtain all the information registered with a registry database by searching WHOIS based on the list. The cases where direct mail or spam mail was sent using this information became noticeable.

Further, list information of domain names, IP addresses, and DNS zone information was abused for port scanning or cyber attacks against Web sites. Information was published on the premise of goodwill, but the situation forced people to reconsider the publication on the premise of bad-will.

Discussion on the handling of registration information

Against this backdrop, JPNIC set up “Database Publication Issue Task Force (DBPI-TF)” in 1998 and started discussing the issue[196]. The viewpoints of the discussion were as follows.

  1. Countermeasure against abuse
  2. Ideal state of personal information publication

DBPI-TF published a document entitled “Publication of personal information by JPNIC Whois” in August 1998 as a mid-term report of the discussion[197] [198]. This document described how the current environment surrounding registration information of a registry database was recognized and how JPNIC was working on the issues. The situation where anyone could obtain all the information on domain names and IP addresses was regarded as a particular problem, and the direction chosen was to reconsider the ideal state of information publication without harming the original purpose of WHOIS.

The result of the discussion by DBPI-TF was reported to Database Working Group (DB-WG), and in May 1999, zone transfer of JP DNS and publication of domain name lists and IP address lists terminated[199] [200].

DBPI-TF re-examined the purpose of collection and publication of registration information, which afterwards led to a review of the data items to be published through WHOIS[201] [202]. The concepts related to registration information in a registry database compiled into a document entitled “Rules regarding handling domain name information and IP address information,” which was implemented in August 2000[203].

At this time, the review of the registration data items to be published via WHOIS was implemented, and the new idea and procedure of disclosure was introduced[204] [205]. In this framework, publication means to make the data available to anyone through WHOIS, and disclosure means to provide information only upon request in writing.

These ideas about handling registration information and the procedure for publication and disclosure have been taken on in the present structure where JPRS and JPNIC manage JP domain names and IP addresses respectively.

Organization/group information

Registration information on domain names and IP addresses contained data items on responsible persons and contact persons for operation. Details on the contact persons are published through WHOIS as important information for the autonomous operation of the Internet.

As Internet operation was shifting from individual engineers to organizational frameworks, demand increased to register contact details of not an individual but a group or an organization to which a contact person belonged.

In the case of domain names, in particular, it became common for a registrant and an operator to be separate entities. This was due to an increase in the number of registrations by individuals, with domain names administered by ISPs or hosting providers in many cases.

Under these circumstances, JPRS introduced a new form of data item called “Contact Information” in the registration information of General-use JP Domain Name, which was launched in May 2001. This made it possible to register operational contacts, without requiring the personal name of the registrant.

For IP addresses, JPNIC created the item called “Group Contact Information” in addition to the existing contact information, so that ISPs and other providers could register information of the operating section, rather than the individuals[206].

Responding to the Personal Information Protection Act

The “Act on the Protection of Personal Information (Personal Information Protection Act) was enacted in May 2003, to come into full force in April 2005.

The Personal Information Protection Act stipulates the obligations of providers in handling personal information, such as specifying usage purpose and gaining consent of a person before providing such information to a third party.

Preparation to respond to the Personal Information Protection Act was promoted by JPRS for JP domain names and by JPNIC for IP addresses. Actually the principles of handling registration information were already in place, and the arrangement of documents had been completed by then. So it was not necessary to make any big changes in the service contents or procedures. But the existing public documents were reviewed again and restructured according to the provisions of the Act[207] [208].

For historical reasons, WHOIS for JP domain names and IP addresses had been provided by the same server. However, it was decided to separate them and clarify management responsibility of each party in line with the enforcement of the Personal Information Protection Act. In March 2005, JPRS and JPNIC started to operate their own WHOIS servers and provide the WHOIS services separately[209].

Reference: Documents on handling registration information

Publication of JP domain name registration information (JPRS)
Handling of information (JPNIC)
<< Chapter8 Ver.1.0-April 2015 Chapter10 >>

[194] “Use of JPNIC database,” JPNIC Newsletter No.1, April 1994

[195] “Introduction to JPNIC information service,” JPNIC Newsletter No.2, November 1994

[196] Minutes of the 14th Steering Committee meeting (June 18, 1998)

[197] Publication of personal information via JPNIC Whois (August 18, 1998)

[198] “Publishing of personal information via JPNIC Whois,” JPNIC Newsletter No.12, December 1998

[199] “Discontinuation of transfer of DNS zone information and reverse lookup information on JP domain, and termination of distribution of domain list, etc.,” JPNIC Newsletter No.13, March 1999

[200] “Discontinuation of DNS zone transfer for JP domain and domain name lists, etc., and the status afterwards,” JPNIC Newsletter No.14, august 1999

[201] Information disclosure request procedure (draft) (March 31, 2000)

[202] “Information publication through WHOIS service,” JPNIC Newsletter, April 2000

[203] Rules regarding handling of domain name information and IP address information (August 30, 2000)

[204] Partial change to contents to be displayed in WHOIS (August 30, 2000) (advance notice)

[205] Partial change to contents to be displayed in WHOIS (October 24, 2000) (implemented on November 1)

[206] Changes to application procedures in conjunction with release of phase 2 IP address registry system and implementation of document (re-sending) (March 22 2005)

[207] JPRS makes JP Domain Name management and administration compliant with the Personal Information Protection Act (February 1, 2005)

[208] JPNIC public documents that became valid on April 1, 2005 (April 1, 2005)

[209] Change in Whois query services in Japan (March 8, 2005)