- + Preface
- + Chapter1 Resource Management and Registry
- + Chapter2 Resource management before JNIC and JPNIC
- + Chapter3 Restructuring toward fully-fledged resource management by JPNIC
Chapter4 Transition of resource management policy for domain names
- Coping with expansion of the Internet through policy development
- Deployment of Geographic Type JP and its reconstruction into Prefecture Type JP
- Introduction of ED.JP for elementary and secondary education institutions
- Separation of NE.JP and GR.JP from OR.JP
- Establishment of JP domain name registration rule
- + Chapter5 IP address policy in the fully-fledged Internet age
- + Chapter6 Building the global IP address management structure
Chapter7 Framework for global domain name management led by ICANN
- Finding a domain name management framework for new era
- Column: Green Paper and White Paper
- Decision-making process and organizational structure adopted in ICANN
- Involvement from Japan
- ICANN's gTLD policy reforms
- Column: Registry-registrar model and JP Registrar model ? “thick” registry and “thin” registry
- New gTLDs
- Relationship between IP address and ICANN
- Epicenter of Internet governance
- + Chapter8 General-use JP Domain Name and establishment of JPRS
Chapter9 “Publication” and “disclosure” of registration information
- Registry mechanism to register and publish registration data
- Spread of the Internet and registration information
- Discussion on the handling of registration information
- Organization/group information
- Responding to Personal Information Protection Act
- Reference: Documents on handling registration information
Chapter10 IPv4 address pool exhaustion and IPv6
- IPv6 emerging on the Internet
- Efforts of Japan towards IPv6 promotion
- Expansion of the Internet through IPv4
- Accelerated IPv4 address consumption through penetration of continuous connections
- IPv4 address pool exhaustion becomes more of a reality
- IPv4 address pool exhaustion and IPv6 educational activity
- IPv4 address policy in the face of exhaustion
- Internet over IPv6 after IPv4 exhaustion
- + Appendix1: IP address and domain name
- + Appendix2: Transition of Internet resource management
- + About History Compilation Team
- + Revision history
Chapter9 “Publication” and “disclosure” of registration information
Registry mechanism to register and publish registration data
As described in Chapter1, a registry of domain names and IP addresses has two main roles: managing registration information and operating DNS. In particular, managing registration information involves operating and administering the “registry database”.
A variety of information is registered in a registry database. It stores, for example, the string of the registered domain name, the range of assigned IP addresses, the identity of the domain name registrant, the identity of the entity to which the IP addresses are assigned, contact information, information on DNS settings, expiration date, and update history information.
Registering domain names and assigning IP addresses involves registering information with a registry database.
Since the beginning of domain name and IP address management, registry databases have been accessible to anyone on the Internet. Information such as identity of domain name registrants, IP address assignee, and contact information for each name and number have all been published on the Internet.
This is because, right from the outset, there was never any idea of hiding information. Furthermore, registry database information is necessary for constructing and operating the Internet. The Internet is characterized by interconnection and autonomous operation, so information on who operates the network or where they can be contacted has always been essential for coordinating operations or responding to network troubles or incidents.
Registries provide a list of information on domain names, such as registrants of the domain names, IP addresses, and the entities that are assigned the IP addresses. This is available via FTP (File Transfer Protocol) and other means. In addition, registries operate “WHOIS,” a system for referencing registry database information on the Internet.
In Japan, JNIC started an experimental service of such a database in 1992, and JPNIC started to provide WHOIS as a formal service in 1993.
WHOIS is a system based on IP connection. In the early days of the Internet, however, IP connectivity was not in place in many environments. So JPNIC provided an email-based service which would automatically send back information in response to queries.
At present, we experimentally provide file transfer service (anonymous ftp) and information search service (whois). In addition, a similar function is provided via email. By using these functions, you can receive documents distributed by JPNIC or search results for information managed by JPNIC by email even if you do not have IP connection.
The information regarding DNS settings in a registry database was the zone information of JP DNS. The DNS service responds to each query of individual DNS, but it also supports a zone transfer, a mechanism under which all information retained by the DNS server is taken out at one time, so anyone could obtain the list of information on all JP domain names and IP addresses managed by JPNIC. Initially, the JP DNS had no limitations on zone transfer.
Spread of the Internet and registration information
In the early days it was taken for granted that information registered with a registry database (registration information) was published on the Internet. However, as the Internet expanded, the situation changed gradually and became a cause of debate.
As described earlier, the Internet was first used among a limited number of researchers, before commercial providers emerged. Then, as the Internet spread among the general population – especially due to the Web and Microsoft Windows 95 – registration of domain names and assignment of IP addresses extended to companies and then individuals.
With WHOIS, not only names, but also contact information – including addresses, telephone numbers and mail addresses – was published. For university researchers and corporate network administrators, it was seldom a problem to publish their information on the Internet. However, when information about the homes of individuals became public, protecting personal information became a genuine cause for concern.
Moreover, because a large amount of information came to be registered, the use of WHOIS records beyond their intended purposes became a problem. A list of domain names and IP addresses was also published, so it was possible to obtain all the information registered with a registry database by searching WHOIS based on the list. The cases where direct mail or spam mail was sent using this information became noticeable.
Further, list information of domain names, IP addresses, and DNS zone information was abused for port scanning or cyber attacks against Web sites. Information was published on the premise of goodwill, but the situation forced people to reconsider the publication on the premise of bad-will.
Discussion on the handling of registration information
Against this backdrop, JPNIC set up “Database Publication Issue Task Force (DBPI-TF)” in 1998 and started discussing the issue. The viewpoints of the discussion were as follows.
- Countermeasure against abuse
- Ideal state of personal information publication
DBPI-TF published a document entitled “Publication of personal information by JPNIC Whois” in August 1998 as a mid-term report of the discussion . This document described how the current environment surrounding registration information of a registry database was recognized and how JPNIC was working on the issues. The situation where anyone could obtain all the information on domain names and IP addresses was regarded as a particular problem, and the direction chosen was to reconsider the ideal state of information publication without harming the original purpose of WHOIS.
The result of the discussion by DBPI-TF was reported to Database Working Group (DB-WG), and in May 1999, zone transfer of JP DNS and publication of domain name lists and IP address lists terminated .
DBPI-TF re-examined the purpose of collection and publication of registration information, which afterwards led to a review of the data items to be published through WHOIS . The concepts related to registration information in a registry database compiled into a document entitled “Rules regarding handling domain name information and IP address information,” which was implemented in August 2000.
At this time, the review of the registration data items to be published via WHOIS was implemented, and the new idea and procedure of disclosure was introduced . In this framework, publication means to make the data available to anyone through WHOIS, and disclosure means to provide information only upon request in writing.
These ideas about handling registration information and the procedure for publication and disclosure have been taken on in the present structure where JPRS and JPNIC manage JP domain names and IP addresses respectively.
Registration information on domain names and IP addresses contained data items on responsible persons and contact persons for operation. Details on the contact persons are published through WHOIS as important information for the autonomous operation of the Internet.
As Internet operation was shifting from individual engineers to organizational frameworks, demand increased to register contact details of not an individual but a group or an organization to which a contact person belonged.
In the case of domain names, in particular, it became common for a registrant and an operator to be separate entities. This was due to an increase in the number of registrations by individuals, with domain names administered by ISPs or hosting providers in many cases.
Under these circumstances, JPRS introduced a new form of data item called “Contact Information” in the registration information of General-use JP Domain Name, which was launched in May 2001. This made it possible to register operational contacts, without requiring the personal name of the registrant.
For IP addresses, JPNIC created the item called “Group Contact Information” in addition to the existing contact information, so that ISPs and other providers could register information of the operating section, rather than the individuals.
Responding to the Personal Information Protection Act
The “Act on the Protection of Personal Information (Personal Information Protection Act) was enacted in May 2003, to come into full force in April 2005.
The Personal Information Protection Act stipulates the obligations of providers in handling personal information, such as specifying usage purpose and gaining consent of a person before providing such information to a third party.
Preparation to respond to the Personal Information Protection Act was promoted by JPRS for JP domain names and by JPNIC for IP addresses. Actually the principles of handling registration information were already in place, and the arrangement of documents had been completed by then. So it was not necessary to make any big changes in the service contents or procedures. But the existing public documents were reviewed again and restructured according to the provisions of the Act .
For historical reasons, WHOIS for JP domain names and IP addresses had been provided by the same server. However, it was decided to separate them and clarify management responsibility of each party in line with the enforcement of the Personal Information Protection Act. In March 2005, JPRS and JPNIC started to operate their own WHOIS servers and provide the WHOIS services separately.
Reference: Documents on handling registration information
|<< Chapter8||Ver.1.0-April 2015||Chapter10 >>|
of the 14th Steering Committee meeting (June 18, 1998)
of personal information via JPNIC Whois (August 18,
of transfer of DNS zone information and reverse lookup
information on JP domain, and termination of
distribution of domain list, etc.,” JPNIC Newsletter
No.13, March 1999
of DNS zone transfer for JP domain and domain name
lists, etc., and the status afterwards,” JPNIC
Newsletter No.14, august 1999
publication through WHOIS service,” JPNIC Newsletter,
change to contents to be displayed in WHOIS (August
30, 2000) (advance notice)
change to contents to be displayed in WHOIS (October
24, 2000) (implemented on November 1)
to application procedures in conjunction with release
of phase 2 IP address registry system and
implementation of document (re-sending) (March 22
makes JP Domain Name management and administration
compliant with the Personal Information Protection Act
(February 1, 2005)
 Change in Whois
query services in Japan (March 8, 2005)