> On Apr 21, 2018, at 1:58 PM, b...@theworld.com wrote:
>
> That's actually an excellent point and counterpoint to my suggestion
> to move the WHOIS information into DNS RRs.
>
> But backup and failover are reasonably well understood technologies
> where one cares. Registrars could for example cache copies of those
> zone records and act as failover whois servers.
Instead of putting the contact info directly into the DNS, put pointers to the
locations of the data instead. I.e. whois moves off dedicated ports and
hardwired servers and into zone-controlled SRV records:
_whois._tcp.orthanc.ca SRV 0 0 43 orthanc.ca.
SRV 5 0 43 backup.otherdomain.example.com.
This gives each zone control of the information they want to export (by
directing whois(1) to what they consider to be authoritative servers).
The domain owners themselves could control the information they chose to expose
to the public, through the SRV records, and the information they chose to
publish in the whois servers those records point at. If the domain owner is
happy with their (say) registrar providing that information, they would just
point the appropriate SRV record at the registrar. This is no different from
how people handle email outsourcing via MX records.
The idea that whois is in any way authoritative is long gone. Those who want
to hide have been able to do that for ages. (I think I pay $15/year to mask
some of the domains I control.) But for law enforcement, a warrant will always
turn up the payment information used to register a domain, should the
constabulary want to find that information out. And for court proceedings,
whois data is useless. (I speak from $WORK experience.)
--lyndon
