Whois Stealing My Whois
?"> At this point, its worth saying a little about the process of checking a domain. There is a protocol and software called Whois, which is used for querying the databases of domain names, ultimately maintained for each top-level domain (or TLD, such as .com, .org, etc.) by the "registry" for that TLD. Verisign maintains the registry for the .com and .net TLDs. Whois used to be exclusively a UNIX-based command-line affair, but these days most people get their whois information from web-based interfaces which perform the whois query on the back-end. My favorite service is Completewhois. When hosting services like web.com tell you that a domain is or is not available they first perform a whois query in order to determine if it is.Theres a lot wrong with whois. For example, anyone can set up a whois server, theres no master list of them, and different servers return data in different formats. And when a hosting service, APLus.net for example, performs a back-end whois, its impossible to tell exactly what they are doing and to whom they are talking. Anyway, my next step in testing was to go to the four hosting services meta-searched by CNet and search them directly with new domain names also picked out of thin air. Two days later they havent been taken. At this point I have to say I dont know exactly whats happening, but something fishy is going on. With a whole lot more testing, I think I could figure out the source of Chestertons domain name feed, but I decided it was time to get the story out first. The reader who brought all this to my attention called aplus.net, which told her that Chesterton Holdings monitors whois requests, and thats how they learn which domains to register. This would be a great explanation if it were possible, as a general matter. But its not generally possible to monitor whois requests. Here is whats possible, based on what I know:
"Domain Tasting" is the hot new business for domain abusers. Click here to read more.
- CNet, or someone at CNet, could be passing the requests on to Chesterton. I dont believe this for a second.
- One of the hosting services that CNet is checking with (and there could be more than they indicate) could be passing data on to Chesterton. This seems unlikely to me.
- Chesterton could have compromised one of the servers involved in the process, for instance the whois server used by one of the hosting services. This seems possible to me. There are a number of other hacking techniques, DNS cache poisoning for example, that could indirectly give Chesterton access to data from these queries.
- Verisign could be passing the data on to Chesterton. I dont believe this, either.