:: Re: [devuan-dev] Private WHOIS for …
Góra strony
Delete this message
Reply to this message
Autor: Rick Moen
Data:  
Dla: devuan-dev
Temat: Re: [devuan-dev] Private WHOIS for Devuan Project domains
Hi, I'm delighted to hear the conference went well.

Again, is Devuan Project using private WHOIS deliberately, or at the
registrars' initiative. And what is the project's preferences on that??


Relevant to that, I wrote:

> I checked Devuan Project's domain registration for domains devuan.org
> and dyne.org -- to check expiration dates and see who is shown for
> Registrant, Tech Contact, and Admin Contact (in part to see if key
> domains had expired or been hijacked).


One of several constructive purposes for public WHOIS is to give members
of the public reliable points of contact usable to advise domain
stakeholders of problems, e.g., warn them of imminent domain expiration.

Starting 2007, I started helping friends (and admired institutions such
as Devuan Project) avoid losing Internet domains to accidental
expiration, having seen that happen too often:
http://linuxmafia.com/~rick/preventing-expiration.html This including
working with friends to create a series of open-source tools, the latest
of which is d-check, to report on which of a series of domains are
nearing expiration. Getting in touch with stakeholders about domains
nearing expiration requires (usually) access to accurate and non-opaque
public WHOIS data.

Now, some people prefer using for their domains 'privacy proxy' or other
obscured WHOIS, for what I assume are good and compelling reasons. I'm
not arguing, only citing drawbacks -- including the public's inability
to look them up and warn them their domains need renewal.


Devuan Project's WHOIS data is IMO alarmingly opaque, currently
(https://pastebin.com/9E3d5xrv). Thus my inquiry.


For whatever it's worth, a few points about what I personally consider
best practices (using my main domain, linuxmafia.com, as an example):
https://paste.debian.net/1076913/

1. Uses multiple persons among the domain roles, to avoid a human SPoF.
(If this were a crucial domain for business, I'd involve three distinct
persons, not just two.)

2. Cites real, monitored e-mail addresses and telephone numbers -- to ensure
domain management doesn't miss important communications including
renewal notices.

3. All e-mail addresses used are out-of-band for the domain in question,
i.e., routed through neither the network, DNS, domain, nor server resources
driving linuxmafia.com itself -- so that I can get 'There's something
wrong with your domain's mail' communications if there's something wrong
with the domain's mail. (As a flaw, our use of my wife's domain deirdre.net
for all contacts' e-mail addresses is admittedly a SPoF, that is difficult
to eliminate for practical reasons not covered here.)

4. Uses a RFC-compliant nameserver roster: RFC-2182 section 5 recommends
minimum 3, maximum 7 authoritative nameservers with diversity among
them. Five seemed a good number.


-- 
Cheers,        There's no theorem like Bayes's Theorem, like no theorem we know.
Rick Moen      Everything about it is appealing, everything about it is a wow.
rick@linux     Let out all that a-priori feeling, you've been concealing,
mafia.com      right up to now.   -- G.E.P. Box (w/apologies to Irving Berlin)