| "Deep
in the sea are riches beyond compare.
But if you seek safety, it is on the shore."
Who
Manages the Internet
Who
manages the Internet? There are a lot of issues to such a basic
question; who controls IP addresses, who assigns domain names,
who handles the domain name resolution? This article will answer
these questions with a basic overview of how the Internet works
and what organizations are managing it. I will not discuss the
history of the Internet, go into detail on how DNS works, nor
my personal view on how to improve domain registration. This will
be a basic overview of how the Internet is currently managed and
how you can leverage this knowledge with the command whois.
There
are many critical resources that must be managed for the Internet.
Two that I will be focusing on is the management of IP addressing
and domain names. IP addresses are unique numbers, each address
consisting of four octets (32 bits), as specified in RFC 791.
Domain names are the organization and representation of IP addresses.
In the first part of this article, we will discuss IP addressing
and how the Internet manages it. We will then cover the far more
complicated and political issue of domain names and how they are
controlled.
IP
Addressing
IP
addresses are the work horse of the Internet, it is how your packet
gets from point A to point B. This works because no two IP addresses
are the same. Without a standardized system of unique addressing,
the Internet could not function. But who is in charge of them?
How do you know that the IP address you have is truly unique?
The place to start is IANA, Internet Assigned Numbers Authority
( http://www.iana.org ).
IANA,
located at the Information Sciences Institute at University of
Southern California, is responsible for a variety of Internet
issues, including IP addressing (discussed here) and domain registration
for countries (discussed later). IANA is the ultimate source of
authority for IP addresses, it is ultimately responsible for most
of the IP addresses in the world.
It
controls these IP addresses in a hierarchical manner. IANA distributes
IP addresses as large blocks to three regional registries. Each
block is unique, separate from the other two. Each regional registry
distributes these IP blocks into smaller blocks to ISPs or large
organizations within their region. These ISPs, in turn, distribute
IP addresses to smaller ISPs, companies, schools, etc. Each organization
manages the IP distribution to the next lower level, ensuring
IP addresses are not wasted nor replicated.
The
three main regional IP registries are as follows (note, all three
registries are non for-profit organizations):
RIPE
(http://www.ripe.net/) is the Reseaux IP Europeens (more commonly
called the Regional Internet Registry for Europe). Located in
Amsterdam, The Netherlands, RIPE provides support to approximately
1000 Internet Registries, or ISPs, located in Europe, Middle East,
and parts of Asia and Africa (check out http://www.ripe.net/ripencc/mem-services/general/index.html
to see all the countries).
APNIC
(http://www.apnic.net/) is the Asian Pacific Network Information
Center. Located in Tokyo, Japan, APNIC provides support for all
Asian countries. Currently there is no list of every individual
country that falls under APNIC.
ARIN
(http://www.arin.net/) is the American Registry for Internet Numbers.
Located in Chantilly, VA, ARIN supports everybody else, including
North and South America, the Caribbean, and the sub-Sahara Africa.
Currently there is no list of every individual country that falls
under ARIN.
Leveraging Whois
Armed
with this knowledge, you can always find who owns an IP address.
This is extremely useful when you are tracking down an IP address
that is not resolvable. An example would be finding in your logs
an IP address that is continually scanning your network for holes.
You want to put a stop to this, but how? Often the IP address
does not have in-addr.arpa entry, so reverse nslookups fail.
With
whois, you can query any of the three regional registry databases
for the IP address’s owner. An example would be the IP address
193.0.0.195 . By doing a whois on the network block, you can identify
the ISP or organization that owns the IP block. Please note that
you can lookup the network block 193.0.0.0 or the specific IP
address. Once you find the owner of the IP block, you can then
drill down and find the owner of the specific IP. You specify
one of the three main registries with –h. The following
command asks the RIPE database who "owns" the network
193.0.0.195
whois
client queerying the RIPE Database: http://www.ripe.net/cgi-bin/whois
Enter: -L 193.0.0.195
There
are five ways of querying the RIPE database:
whois client, WWW, WAIS, telnet and e-mail.
Searching
for the names of database objects;
If you wish to look up objects in the RIPE database, you must
use special search keys. A full list of the search keys is given
below:
OBJECT
KEYS
-----------------------------------------------------------------------------------
aut-num AS number (e.g. AS3333)
as-macro as-macro name (e.g. AS-EBONE)
community community name (e.g. HEPNET)
domain domain name (e.g. over.ripe.net)
inetnum range of IP addresses e.g 193.0.0.0 - 193.0.0.255;
network name e.g.RIPE-NCC
inet6num range of IP version 6 addresses or network name
person a person's name or NIC-handle
or e-mail address in RFC822 format.
e.g. Ambrose Magee or AMRM1-RIPE
or ambrose@ripe.net
clns object
domain-prefix domain-prefix, domain-name
inet-rtr internet router name (e.g.
limerick name of limerick
mntner name of mntner object e.g. AMRM1-RIPE-MNT
route internet route e.g. 193.0.0.0/24
role the name, the NIC-handle or the e-mail address (in RFC822
format)
of a role object; e.g. RIPE NCC
If
you also want to search for other strings in the objects, you
can use the WAIS interface; however it doesn't support the special
options that are provided in the RIPE 'whois' interface. The RIPE
whois client has several options, which may be used either alone
or in combination.
The
following is a list, in alphabetical order, of the available options,
which are explained in more detail below.
Option Function
------------------------------------------------------------------------------
-a search all databases
-F fast raw output (implies -Fr)
-h search alternate server
-i inverse look-up
-k used with the telnet interface
-L find all Less specific matches
-m find first level More specific matches
-M find all More specific matches
-p connect to other port than the default whois port
-r turn off recursive lookups
-s search databases with source "source"
-S tell server to leave out "syntactic sugar"
-t requests template for object of type "type"
-T only look for objects of type "type"
-HELP gives a copy of the current `HELP & HOWTO' document.
A
very useful option is "-h", which allows you to connect
directly to the server at the RIPE NCC or to a "mirror"
of the RIPE database elsewhere.
-
Example 2:
#whois
–h whois.arin.net 207.229.165.0
EnterAct,
L.L.C. (NETBLK-EACT-BLOCK-1)
3227 N. Sheffield #4R
Chicago, IL 60657
Netname: EACT-BLOCK-1
Netblock: 207.229.128.0 - 207.229.191.255
Maintainer: EACT
Here is a whois lookup of the IP address 195.116.39.59 which is
in Poland.
#whois
–h whois.arin.net 195.116.39.0
European
Regional Internet Registry/RIPE NCC (NETBLK-RIPE-C) These addresses
have been further assigned to European users. Their contact information
can be found in the RIPE database. See below how to use that database
to obtain up-to-date information.
By
using the whois command, and specifying the IP registry database
(ARIN, RIPE, APNIC) you can drill down and find the owners of
the IP address.
Top
Level Domain Names
IP
address are boring, 32 bit numbers that no one can remember. Domain
names are different, these are the highly political entities that
countless law suites have been fought over. Well, I am going to
skip these politics and cover how the technology currently works.
Domain
names are how we remember IP addresses. The IP address for xxx
is 197.37.75.47. However, this number is impossible to remember,
so I use http://www.inspirationzone.cjb.net, much easier to remember
and use. But who manages the domain names, how does it all work?
It all starts with the Top Level Domain name (TLD). Domain names
are a hierarchy, with TLDs at the top. Each TLD is then divided
into second-level domains, and so on. An example is the domain
name enteract.com. COM is the TLD, while enteract is the second
level domain name that falls under the TLD COM.
There
are two types of TLDs, country-code and generic (gTLD). Every
country in the world has a unique two character identifier, set
by ISO 3166 standard. These country-code identifiers are the TLD
for each country, examples include US for the United States, JP
for Japan, and DE for Germany. There also exists 7 generic TLDs,
COM, NET, ORG, EDU, MIL, INT, and GOV. Generic TLDs are unique
in that they do not denote any nationality.
For
every one of these TLDs, both country-codes and general, there
is a specific organization in charge of it, usually called a Network
Information Center, or NIC. These NICs are responsible for the
registration and management of all the second-level domains under
the TLD. If you need to find out anything about a second-level
domain name, the place to start is the TLDs NIC.
For
the country-code TLDs, each country is responsible for its own
TLD. Thus, Poland is responsible for its own TLD (PL), just as
Japan is responsible for it own TLD (JP). Each country identifies
and manages its own NIC, usually an university or government organization.
These country NICs are then authorized by IANA.
The
seven generic TLDs are unique in that any organization, regardless
of nationality, can use them. The company Network Solutions Inc.
is a NIC, thus the name InterNIC, for four gTLDs, COM (commercial),
NET (Internet) , ORG (organizational – usually non for-profit),
and EDU (educational). The Depart of Defense is responsible for
MIL (military), the government, actually the Center for Electric
Messaging Technologies, for GOV (government), and IANA is responsible
for INT (organizations established by international treaties).
To
find out who is the NIC for a specific TLD, do a whois "TLD"-DOM,
the DOM extension tells the whois database to look up a TLD. This
will give the you location, point of contact, and the DNS servers
of the TLD. Whois by default finds this information at the rs.internic.net
database. This database contains the registration information
for every TLD. So, to find out who is the NIC for Poland’s
TLD PL, use the following command:.
#whois
pl-dom
Poland
(Republic of) top-level domain (PL-DOM)
Research and Academic Computer Network
Bartycka 18
00-716 Warsaw
POLAND
Domain Name: PL
Administrative
Contact:
Krzanowski, Wiktor (WK856) wiktor@NASK.PL
+48 22 651-05-20..24 (FAX) +48 22 41-00-47
Technical
Contact, Zone Contact
Luc, Miroslaw (ML4513) mirek@NASK.PL
+48 22 8268000 (FAX) +48 22 8268009
Domain
servers in listed order:
BILBO.NASK.ORG.PL
148.81.16.51
COCOS.FUW.EDU.PL 148.81.4.6
SUNIC.SUNET.SE 192.36.125.2
NMS.CYFRONET.KRAKOW.PL 149.156.1.3
DNS2.TPSA.PL 194.204.152.3
Here we see Poland’s Research and Academic Computer Network
(at http://www.nask.pl/) is in charge of the TLD PL. Also listed
are the points of contact, the SOA and secondary DNS servers.
With this information, you can drill down and find information
on all second-level domain names under that TLD. After contacting
Poland’s NIC, I was directed to http://www.nask.pl/NASK/net/dns-lista.html.
Root
Servers
Every
TLD, both country-code and generic, is also registered with the
root server, a.root-servers.net. The root server is the absolute
top of the TLD hierarchy (represented by a dot "."),
it points to the DNS servers of all TLDs. The purpose of a root
server is to give the IP address of a TLD’s primary or secondary
DNS servers. When your computer has to resolve a URL, such as
http://www.intel.com/, your computer (if the information has not
been cached) will start with the root server. It asks the root
server what are the DNS servers for the TLD (in this case PL).
The root server replies, sending your computer to the TLD’s
servers, where you system will query about the second-level domain
name. Your system repeats this drill down process until it resolves
the URL.
Having
a single computer resolving the DNS servers for every TLD is not
a good idea, both for bandwidth and high availability issues.
There exists 12 other root servers that act as secondaries to
the primary root server. Scattered throughout the world, these
13 servers resolve every TLD. Thus, just like the a.root-servers.net,
any of the other 12 root servers act as the ultimate authority
for all TLDs. The 13 root servers are as follows (you can get
this information by doing a whois on the name of the server).
a.root-servers.net
Network Solutions Inc., in Herndon VA
b.root-servers.net
University of Southern California (ISI), Marina del Rey, CA
c.root-servers.net
Performance Systems International Inc.
d.root-servers.net
University of Maryland, Computer Science Center
e.root-servers.net
NASA Ames Research Center, Moffett Field, CA
f.root-servers.net
Internet Software Consortium, Palo Alto, CA
g.root-servers.net
DOD Network Information Center, Vienna, VA.
h.root-servers.net
Army Research Laboratory, Aberdeen Proving Ground, MD.
i.root-servers.net
Stockholm, Sweden
j.root-servers.net
Network Solutions Inc., Herndon VA
k.root-servers.net
European Regional Internet Registry, RIPE NCC
l.root-servers.net
University of Southern California (ISI), Marina del Rey, CA
m.root-servers.net
WIDE Project, Fujisawa Japan
Registration
of Second-level Domain Names.
Now
that you know how TLDs are managed, what about the second-level
domain names, how are those managed? Every TLD is responsible
for managing the second-level domain names under them. Lets use
an example, the most common TLD used today, COM. This is the TLD
used the world over, such as ibm.com or toyota.com. But who controls
these second-level domain names, how are they managed?
If
you want to register a second-level domain name with a TLD of
COM, you must do so through Network Solutions Inc. This is the
company responsible for this TLD (do a whois on com-dom). Network
Solutions Inc. is also responsible for the TLDs ORG, EDU, and
NET. To register your second-level domain name, go to their web
site http://www.internic.net/. If the second level domain name
is already registered, then you cannot use that domain name. Once
the second-level domain name is registered, the owner is then
responsible for building and managing their own "NIC"
(basically a primary and secondary server), which resolves the
second-level domain name.
The
same process is true of any TLD. Say you wanted to register the
second-level domain name "this is" with the TLD IT,
giving you the web site www.thisis.it. You would have to find
out who has responsibility of the TLD IT (what country). As we
learned earlier, you do this with the command:
#whois
it-dom
Italy
top-level domain (IT-DOM)
c/o CNR-Istituto CNUCE
Via Santa Maria, 36
Pisa, I-56126
Italy
Looks
like you will have to contact the Italian NIC to register your
second-level domain name this-is. Note, http://www.ripe.net/ also
provides information on all TLDs in Europe and the Middle East.
Whois
for COM, ORG, EDU, and NET.
Remember
how we can do a whois on any TLD with the default whois database
(rs.internic.net). Well, this database also holds information
on any second-level domain name under the TLD COM, EDU, ORG, or
NET. An example would be a whois on the second-level domain name
intel.com.
#whois
inspirationzone.cjb.net
The reason whois will give you this information is that Network
Solutions Inc. is responsible for the database rs.internic.net
and is the NIC for these gTLDs. Thus rs.internic.net resolves
all TLDs and the second-level domain names for the four gTLDs.
Remember,
we cannot do a whois on a second-level domain name who’s
TLD is not COM, EDU, NET, or ORG. We have to query the TLD’s
NIC to get information on any second-level domain names. Refer
to the above example for the TLD PL. There we see that we have
to refer to Poland’s NIC, nask.pl for information on Poland’s
second-level domain names.
With
the power of whois, you can find out who is responsible for any
Top Level Domain name. Once you have identified the NIC of the
TLD, you can drill down and find information on second-level domain
names under the TLD. Each NIC may have a different method for
querying second-level domain names under it. By default, the whois
server rs.internic.net will also answer second-level domain names
for the TLDs COM, ORG, NET, and EDU.
Conclusion
There
is no one organization managing the Internet’s resources,
specifically IP addresses and domain names. Rather, the Internet
is managed in a hierarchial fashion with several organizations
at the top. The command whois enables you to find out who is managing
these resources, through the various levels of the hierarchy.
This
structure has changed radically over the past several years, and
will continue to do so. This article captures a snapshot of the
Internet at this time. To learn more about the future of the Internet,
start with any of the three Regional IP Registries already mention,
or http://www.gtld-mou.org/.
When
I started this article I had hoped to include other issues, such
as nslookup and in-addr.arpa. However, covering all this is impossible
in a single article, I would end up writing a book (which I have
no intention of doing). Hopefully, I have given you the basic
framework of how the Internet is managed, and how you can leverage
that information.
|
