The WHOIS system originated as a method that system administrators could use to look up information to contact other IP address or domain name administrators (almost like a “white pages”). The use of the data that is returned from query responses has evolved from those origins into a variety of uses including:

1. Supporting the security and stability of the Internet by providing contact points for network operators and administrators, including ISPs, and certified computer incident response teams;
2. Allowing users to determine the availability of domain names;
3. Assisting law enforcement authorities in investigations, in enforcing national and international laws, including, for example, countering terrorism-related criminal offenses and in supporting international cooperation procedures. In some countries, specialized non governmental entities may be involved in this work;
4. Assisting in the combating against abusive uses of ICTs, such as illegal and other acts motivated by racism, racial discrimination, xenophobia, and related intolerance, hatred, violence, all forms of child abuse, including paedophilia and child pornography, the trafficking in, and exploitation of, human beings.
5. Facilitating inquiries and subsequent steps to conduct trademark clearances and to help counter intellectual property infringement, misuse and theft in accordance with applicable national laws and international treaties;
6. Contributing to user confidence in the Internet as a reliable and efficient means of information and communication and as an important tool for promoting digital inclusion, e-commerce and other legitimate uses by helping users identify persons or entities responsible for content and services online; and
7. Assisting businesses, other organizations and users in combating fraud, complying with relevant laws and safeguarding the interests of the public.

Presently ICANN is undertaking a study to determine the uses and abuses of WHOIS information. Other studies that are ongoing concern the accuracy of WHOIS information, and the effectiveness of the processes for reporting inaccurate public WHOIS information.

Due to the potential vulnerability of WHOIS information to improper manipulation, the legal owner of the domain is considered to be whoever controls the domain’s username/passwords, e-mail address, and administrative features.

WHOIS has a sister protocol standard called RWhois.

Thin and thick lookups

WHOIS information can be stored and looked up according to either a “thick” or a “thin” model:

Thick

one WHOIS server stores the complete WHOIS information from all the registrars for the particular set of data (so that one WHOIS server can respond with WHOIS information on all .org domains, for example).

Thin

one WHOIS server stores only the name of the WHOIS server of the registrar of a domain, which in turn has the full details on the data being looked up (such as the .com WHOIS servers, which refer the WHOIS query to the registrar where the domain was registered).

The thick model usually ensures consistent data and slightly faster lookups (since only one WHOIS server needs to be contacted). If a registrar goes out of business, a thick registry contains all important information (if the registrant entered correct data, and privacy features were not used to obscure the data) and ownership can be retained. But with a thin registry, the contact information might not be available (unless adequately escrowed), and it could be difficult for the rightful registrant to retain control of the domain.^[1]

If a WHOIS client did not understand how to deal with this situation, it would display the full information from the registrar. Unfortunately, the WHOIS protocol has no standard for determining how to distinguish the thin model from the thick model.

Exact implementation of which records are stored varies among domain name registries. Some top-level domains, including .com and .net, operate a thin WHOIS, allowing the various domain registrars the ability to maintain their own customers’ data. Other registries, including .org, operate a thick model.^{[citation needed]}

Data Returned

Normally the contact information of the individual owner is returned. However, some registrars offer “private registration”, in which case the contact information of the registrar is shown instead.

Some registry operators are “wholesalers” meaning that they typically sell .com and other domain names to a large number of “retail” registrars, who in turn sell them to consumers. For private registration, only the identity of the wholesale registrar may be returned. In this case, the identity of the individual as well as the “retail registrar” may be hidden.

No reference on ICANN rules regarding

• whether the retail or wholesale registrar is considered to be the owner, and
• which registrar is returned on a WHOIS.

Below is an example of WHOIS data returned for an individual owner. This is the result of a WHOIS query on wikipedia.org:

Domain ID:D51687756-LROR
Domain Name:WIKIPEDIA.ORG
Created On:13-Jan-2001 00:12:14 UTC
Last Updated On:01-Mar-2006 12:39:33 UTC
Expiration Date:13-Jan-2015 00:12:14 UTC
Sponsoring Registrar:Go Daddy Software, Inc. (R91-LROR)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Registrant ID:GODA-09495921
Registrant Name:Wikimedia Foundation
Registrant Organization:Wikimedia Foundation Inc.
Registrant Street1:204 37th Ave N, #330
Registrant Street2:
Registrant Street3:
Registrant City:St. Petersburg
Registrant State/Province:Florida
Registrant Postal Code:33704
Registrant Country:US
Registrant Phone:+1.7272310101
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:noc@wikimedia.org
Admin ID:GODA-29495921
Admin Name:Jimmy Wales
Admin Organization:Wikimedia Foundation
Admin Street1:204 37th Ave. N. #330
Admin Street2:
Admin Street3:
Admin City:St. Petersburg
Admin State/Province:Florida
Admin Postal Code:33704
Admin Country:US
Admin Phone:+1.7276441636
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:jwales@bomis.com
Tech ID:GODA-19495921
Tech Name:Jason Richey
Tech Organization:Wikimedia Foundation
Tech Street1:19589 Oneida Rd.
Tech Street2:
Tech Street3:
Tech City:Apple Valley
Tech State/Province:California
Tech Postal Code:92307
Tech Country:US
Tech Phone:+1.7604869194
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email:jasonr@bomis.com
Name Server:NS0.WIKIMEDIA.ORG
Name Server:NS1.WIKIMEDIA.ORG
Name Server:NS2.WIKIMEDIA.ORG

Querying Regional Internet Registries

WHOIS servers belonging to Regional Internet Registries (RIR) can be queried to determine the Internet Service Provider responsible for a particular IP address. These servers are:

• ARIN – http://whois.arin.net
• RIPE NCC – http://www.ripe.net/whois/
• APNIC – http://whois.apnic.net
• LACNIC – http://whois.lacnic.net
• AfriNIC – http://whois.afrinic.net

The records of each of these registries are cross-referenced, so that a query to ARIN for a record which belongs to RIPE will return a placeholder pointing to the RIPE WHOIS server. This lets the WHOIS user making the query know that the detailed information resides on the RIPE server. Apart from the RIRs mentioned above, there is also a commercial global service: Routing Assets Database used by some large networks (eg. large internet providers that acquired other ISPs in several RIR areas).

Determining WHOIS server by domain name

There is currently no standard for appropriately determining the whois server to be used for a zone.

The GNU WHOIS utility apparently uses the whois-servers.net service. This service provides DNS aliases of WHOIS servers.

Example: com.whois-servers.net, net.whois-servers.net, info.whois-servers.net, <your-country-code>.whois-servers.net

History

When the Internet was emerging out of the ARPANET, there was only one organization that handled all domain registrations, which was DARPA itself. The process of registration was established in RFC 920. WHOIS was standardized in the early 1980s to look-up domains, people and other resources related to domain and number registrations. Because all registration was done by one organization in that time, one centralized server was used for WHOIS queries. This made looking-up such information very easy.

Early WHOIS servers were highly permissive and would allow wild-card searches. You could do a WHOIS lookup on a person’s last name and get all the individual people who had that name. Someone could do a query on a keyword and see all registered domains containing that keyword. Someone could even query a given administrative contact and see all domains they were associated with. Due to the advent of the commercialized Internet, multiple registrars and unethical spammers, such permissive searching is no longer available.

Responsibility of domain registration remained with DARPA as the ARPANET became the Internet during the 1980s. UUNet began offering domain registration service, however they simply handled the paperwork which they forwarded to DARPA’s Network Information Center (NIC). Then the National Science Foundation directed that management of Internet domain registration would be handled by commercial, 3rd party entities. InterNIC was formed in 1993 under contract with the NSF, consisting of Network Solutions, Inc., General Atomics, and AT&T. General Atomics’ contract was cancelled after several years due to performance issues.

On December 1, 1999, management of the top-level domains (TLDs) .com, .net, and .org was turned over to ICANN. At the time, these popular TLDs were switched to a thin WHOIS model. Existing WHOIS clients stopped working at that time. A month later, it had self-detecting CGI support so that the same program could operate a web-based WHOIS lookup, and an external TLD table to support multiple WHOIS servers based on the TLD of the request. This eventually became the model of the modern WHOIS client.

By 2005, there were many more generic top-level domains than there had been in the early 1980s. There are also many more country-code top-level domains. This has led to a complex network of domain name registrars and registrar associations, especially as the management of Internet infrastructure which has become more internationalized. As such, performing a WHOIS query on a domain requires knowing the correct, authoritative WHOIS server to use. Tools to do WHOIS proxy searches have become common. Also, there is a command-line whois client called jwhois which uses a configuration file to map domain names and network blocks to their appropriate registrars.

In 2004, an IETF committee was formed to standardize a whole new way to look-up information on domain names and network numbers. The current working name for this proposed new standard is Cross Registry Information Service Protocol (CRISP).

Querying WHOIS servers

Command-line clients

Originally the only method by which a WHOIS server could be contacted was to use a command line interface text client. In most cases this was on a Unix or Unix-like platform. The WHOIS client software was (and still is) distributed as open source. Various commercial Unix implementations may use their own implementations (for example, Sun Solaris 7 has a WHOIS client authored by Sun).

A WHOIS command line client typically has options to choose which host to connect to for whois queries, with a default whois server being compiled in. Additional options may allow control of what port to connect on, displaying additional debugging data, or changing recursion/referral behavior.

Like most TCP/IP client/server applications, a WHOIS client takes the user input and then opens an IP socket to its destination server. The WHOIS protocol is used to establish a connection on the appropriate port and send the query. The client waits for a response from the server, which it then either returns to the end-user or uses to make additional queries. .

The source package of GNU whois command-line client can be downloaded from Free Software Directory. A Windows port of this can be acquired from SourceForge.

Graphical clients

The term “graphical client” may be a bit of a misnomer for a WHOIS client, since all the data to be derived from a WHOIS server is plain text, and the protocol is a relatively static one. There is not much interaction to do with a WHOIS server. In this context, the term “graphical client” is taken to mean a WHOIS client that runs as an application on a GUI OS and uses the OS’s standard GUI for user interaction.

Web-based queries (whois web sites)

With the advent of the World Wide Web and especially the loosening up of the Network Solutions monopoly, looking up WHOIS information via the web has become quite common. At present, popular web-based WHOIS-queries may be conducted from ARIN ^[2], RIPE ^[3] and APNIC ^{[4] [5]}.Most early web-based WHOIS clients were merely front-ends to a command-line client, where the resulting output just got displayed on a webpage with little, if any, clean-up or formatting.

Nowadays, web based WHOIS clients usually perform the WHOIS queries directly and then format the results for display. Many such clients are proprietary, authored by domain name registrars.

The need for web-based clients came from the fact that command-line WHOIS clients largely existed only in the Unix and large computing worlds. Microsoft Windows and Macintosh computers had no WHOIS clients, so registrars had to find a way to provide access to WHOIS data for potential customers. Many end-users still rely on such clients, even though command line and graphical clients exist now for most home PC platforms.

There are also many sites not owned by registrars or Internet-related companies. These support most of main TLD and remains free. But most of web-based whois sites are incomplete and do not support all TLD nor IP search.

Some work from a built-in whois-server list and some other try to retrieve the one which fits the TLD you ask for from a live Domain Information Groper query (command line clients do this query in background first).

Perl modules

CPAN has several Perl modules available that work with WHOIS servers. Many of them are not current and do not fully function with the current (2005) WHOIS server infrastructure. However, there is still much useful functionality to derive including looking up AS numbers and registrant contacts.

Problems

• Privacy: Registrant’s contact details, such as address and telephone number, are made easily accessible to anyone over the internet for most top-level domains. Although some registrars offer private registrations (where the contact information of the registrar is shown), under ICANN rules the registrar or “private registration” company is then legal owner (lessor) of the domain.
• Ownership may be obscured: In the case of private registration, it may be difficult for an owner to confirm his or her ownership. See section “Accuracy of information”.
• False registrations: The privacy services mentioned above are often abused by people involved in illegal activity, who use them in the knowledge that it makes it extremely difficult for entities (even law-enforcement officers) outside of their registrar’s legal jurisdiction to obtain their contact details. The fact that some registrars are uncooperative when notified of illegal activity makes this situation somewhat worse.
• Inaccuracy of information: Some registrars are not sufficiently careful to ensure the accuracy of contact details listed in the WHOIS. In order to combat this issue, ICANN has threatened to terminate the accreditation of registrars that do not take sufficient action to correct inadequacies.^[6]
• Obsolescence: most of the information stored in a WHOIS server, is subject to change later in time. For instance, the owner may change his (geographical) address. Since the email address used to administer the domain often remains valid, the owner may not bother to update his address with the registrar.
• History: when a domain record is updated (moved, sold), the previous information is not archived but overwritten. A few WHOIS servers, however, do automatically monitor and cache the records for domains which were queried through their interface, making the WHOIS history partially available.
• Spam: Spammers often harvest plain-text email addresses from WHOIS requests. This means that both WHOIS servers and websites offering WHOIS lookups have resorted to special systems (such as CAPTCHA, where users have to type in letters or numbers from a picture) and rate-limiting systems.
• Internationalization: The WHOIS protocol was not written with an international audience in mind. A WHOIS server cannot tell which text encoding it is using for either the requests or replies, and the servers were originally all simply using US-ASCII, although this cannot be assumed anymore with international servers. This obviously will impact the usability of the WHOIS protocol in countries outside the USA, especially as internationalized domain names are falling into wider use. A user can (and possibly will have to due to this limitation) use punycode, but this leads to conversion problems as the punycode system is not easy for a regular user to grasp.
• Lack of WHOIS server lists: There is no central list of WHOIS servers. Therefore, people writing WHOIS tools need to find their own list of WHOIS servers, and different WHOIS tools may contact different WHOIS servers.
• Different registrars’ WHOIS servers return results in different formats, making automation of parsing WHOIS data difficult. While such automation has many legitimate uses (primarily for ISPs), it also lends itself to use by spammers and other people acting unethically.
• Domain Tasting: Some registrars & web based domain availability checking sites have been harvesting users’ domain searches & then register those domains themselves. Usually, these companies test the domains for traffic for about 4-5 days and then cancel the registration.^{[citation needed]}
• Domain name front running: Some registrars, notably Network Solutions have been accused of front running domain names immediately upon WHOIS queries for that domain, effectively locking potential buyers into paying premium second-sale rates to that registrar.^[7]

Accuracy of Information

In cases where the individual’s identity is public, an owner can easily confirm his or her ownership of a domain by sending a WHOIS request.

In the case of “private registration,” confirming ownership may be more difficult. If an owner has purchased a domain name and wants to verify that the “retailer” has indeed completed the registration process, three steps may be required: 1) perform a WHOIS and confirm that the name is at least registered with ICANN, 2) determine the name of the wholesale registrar, and 3) contact the wholesaler and obtain the name of the retail registrar. This provides some confidence that the retailer actually purchased the name for the individual. But if the registrar goes out of business, such as the failure of RegisterFly in 2007, the rightful owners of domains with privacy-protected registrations may have difficulty retaining domain administration.^[8] The end user of “private registration” can attempt to protect themselves by using a registrar that places customer data in escrow with a third party.

ICANN requires that each domain name registrant be given the opportunity to correct any inaccurate contact data associated with a domain. For this reason, the registrar is required to periodically send the owner the contact information on record for verification. (No reference for ICANN rules on verification.)

Law and policy

WHOIS has generated policy issues in the United States federal government. As noted above, WHOIS creates a privacy issue which is also tied to free speech and anonymous speech. However, WHOIS is an important tool for law enforcement officers investigating violations like spam and phishing to track down the owners of domain names. Law enforcement officers become frustrated when WHOIS records are filled with rubbish. As a result, law enforcement agencies have sought to make WHOIS records both open and verified:^[9]

• The Federal Trade Commission has testified about how inaccurate WHOIS records thwart their investigations.^[10]
• There have been congressional hearings that have touched on the importance of WHOIS in 2006, 2002, and 2001.^[11]
• The Fraudulent Online Identity Sanctions Act “make it a violation of trademark and copyright law if a person knowingly provided, or caused to be provided, materially false contact information in making, maintaining, or renewing the registration of a domain name used in connection with the violation,”^[12] where the latter “violation” refers to a prior violation of trademark or copyright law. The act does not make the submission of false WHOIS data illegal in itself, only if used to shield oneself from prosecution for crimes committed using that domain name.

source: http://en.wikipedia.org/wiki/WHOIS

It is often believed that “Ping” is an abbreviation for Packet Internet Groper, but Ping’s author has stated that the names comes from the sound that a sonar makes.

The traceroute tool is available on practically all Unix-like operating systems. Variants with similar functionality are also available, such as tracepath on modern Linux installations and tracert on Microsoft Windows operating systems. Windows NT-based operating systems also provide pathping, which provides similar functionality.

Traceroute works by increasing the “time-to-live” value of each successive batch of packets sent. The first three packets sent have a time-to-live (TTL) value of one (implying that they are not forwarded by the next router and make only a single hop). The next three packets have a TTL value of 2, and so on. When a packet passes through a host, normally the host decrements the TTL value by one, and forwards the packet to the next host. When a packet with a TTL of one reaches a host, the host discards the packet and sends an ICMP time exceeded (type 11) packet to the sender. The traceroute utility uses these returning packets to produce a list of hosts that the packets have traversed en route to the destination. The three timestamp values returned for each host along the path are the delay (aka latency) values typically in milliseconds (ms) for each packet in the batch. If a packet does not return within the expected timeout window, a star (asterisk) is traditionally printed. Traceroute may not list the real hosts. It indicates that the first host is at one hop, the second host at two hops, etc. IP does not guarantee that all the packets take the same route. Also note that if the host at hop number N does not reply, the hop will be skipped in the output.

On modern Unix and Linux-based operating systems, the traceroute utility by default uses UDP datagrams with destination ports number from 33434 to 33534. The traceroute utility usually has an option to specify use of ICMP echo request (type 8 ) instead, as used by the Windows tracert utility. If you have a firewall and if you want traceroute to work from both machines (Unix/Linux and Windows) you will need to allow both protocols inbound through your firewall (UDP with ports from 33434 to 33534 and ICMP type 8 ).

There are also traceroute implementations that use TCP packets, such as tcptraceroute or lft. pathping is a utility introduced with Windows NT that combines ping and traceroute functionality. mtr (My traceroute) is an enhanced version of ICMP traceroute which is available for Unix and Windows systems. All implementations of traceroute rely on ICMP (type 11) packets being sent to the originator.

An Internet Protocol (IP) address is a numerical identification (logical address) that is assigned to devices participating in a computer network utilizing the Internet Protocol for communication between its nodes.[1] Although IP addresses are stored as binary numbers, they are usually displayed in human-readable notations, such as 192.168.100.1 (for IPv4), and 2001:db8:0:1234:0:567:1:1 (for IPv6). The role of the IP address has been characterized as follows: “A name indicates what we seek. An address indicates where it is. A route indicates how to get there.” [2]

The original designers of TCP/IP defined an IP address as a 32-bit number[1] and this system, now named Internet Protocol Version 4 (IPv4), is still in use today. However, due to the enormous growth of the Internet and the resulting depletion of the address space, a new addressing system (IPv6), using 128 bits for the address, was developed (RFC 1883).

The Internet Protocol also has the task of routing data packets between networks, and IP addresses specify the locations of the source and destination nodes in the topology of the routing system. For this purpose, some of the bits in an IP address are used to designate a subnetwork. (In CIDR notation, the number of bits used for the subnet follows the IP address. E.g. 192.168.100.1/16) An IP address can be private, for use on a LAN, or public, for use on the Internet or other WAN.

Early specifications intended IP addresses to each be uniquely assigned to a particular computer or device.[citation needed] However, it was found that this was not always necessary as private networks developed and address space needed to be conserved (IPv4 address exhaustion). RFC 1918 specifies private address spaces (also known as non-routable addresses) that may be reused by anyone; today, such private networks typically connect to the Internet through Network Address Translation (NAT). In addition, technologies such as anycast addressing have been developed to allow multiple hosts at the same IP address but in different portions of the Internet to service requests by network clients.

The Internet Assigned Numbers Authority (IANA) manages the global IP address space. IANA works in cooperation with five Regional Internet Registries (RIRs) to allocate IP address blocks to Local Internet Registries (Internet service providers) and other entities.

IP versions

The Internet Protocol (IP) has two versions currently in use (see IP version history for details). Each version has its own definition of an IP address. Because of its prevalence, “IP address” typically refers to those defined by IPv4.

An illustration of an IP address (version 4), in both dot-decimal notation and binary.

IP version 4 addresses

IPv4 uses 32-bit (4-byte) addresses, which limits the address space to 4,294,967,296 (2³²) possible unique addresses. However, IPv4 reserves some addresses for special purposes such as private networks (~18 million addresses) or multicast addresses (~270 million addresses). This reduces the number of addresses that can be allocated as public Internet addresses, and as the number of addresses available is consumed, an IPv4 address shortage appears to be inevitable in the long run. This limitation has helped stimulate the push towards IPv6, which is currently in the early stages of deployment and is currently the only offering to replace IPv4.

IPv4 addresses are usually represented in dot-decimal notation (four numbers, each ranging from 0 to 255, separated by dots, e.g. 147.132.42.18). Each part represents 8 bits of the address, and is therefore called an octet. It is possible, although less common, to write IPv4 addresses in binary or hexadecimal. When converting, each octet is treated as a separate number. (So 255.255.0.0 in dot-decimal would be FF.FF.00.00 in hexadecimal.)

IPv4 address networks

In the early stages of development of the Internet protocol,^[1] network administrators interpreted IP addresses as structures of network numbers and host numbers, with the highest order octet (first eight bits) of an IP address designating the “network number”, and the rest of the bits (called the “rest” field) used for host numbering within a network. This method soon proved inadequate as local area networks developed that were not part of the larger networks already designated by a network number. In 1981 IP protocol specification was revised with the introduction of the classful network architecture. ^[2]

Classful network design allowed for a larger number of individual allocations. The first three bits of the most significant octet of an IP address came to imply the “class” of the address instead of just the network number and, depending on the class derived, the network designation was based on octet boundary segments of the entire address. The following table gives an overview of this system.

For details on design and use see ‘subnetwork’ and ‘classful network’.

Although a successful developmental stage, classful network design proved unscalable in the rapid expansion of the Internet and was abandoned in 1993 when Classless Inter-Domain Routing (CIDR) was introduced (RFC 1517, RFC 1518, RFC 1519) to define a new concept of allocation of IP address blocks and new methods of routing protocol packets using IPv4 addresses. CIDR is based on variable-length subnet masking (VLSM) to allow allocation on arbitrary-length prefixes.

Today, remnants of classful network concepts function only in a limited scope as the default configuration parameters of some network software and hardware components (e.g. netmask).

IPv4 private addresses

Computers not connected to the Internet (such as factory machines that communicate only with each other via TCP/IP) need not have globally-unique IP addresses. Three ranges of IPv4 addresses for private networks, one range for each class (A, B, C), were reserved in RFC 1918. These addresses are not routed on the Internet, and thus need not be coordinated with an IP address registry.

Any user may use any block. Typically, a network administrator will divide a block into subnets; for example, many home routers automatically use a default address range of 192.168.0.0 – 192.168.0.255 (192.168.0.0/24).

IPv4 address depletion

The IP version 4 address space is rapidly nearing exhaustion of available, officially assignable address blocks.

IP version 6 addresses

An illustration of an IP address (version 6), in hexadecimal and binary.

The designers of IPv6, the next generation of the Internet Protocol, aimed to replace IPv4 on the Internet.^[3] Addresses are 128 bits (16 bytes) wide, which, even with a generous assignment of network blocks, will more than suffice for the foreseeable future. The new address space provides a maximum of 2¹²⁸, or about 3.403 × 10³⁸ unique addresses. The utilization of this large address space is designed in a fashion that provides more efficient route aggregation across the network worldwide.

Example of an IPv6 address: 2001:0db8:85a3:08d3:1319:8a2e:0370:7334

The large number of IPv6 addresses allows large blocks to be assigned for specific purposes and, where appropriate, to be aggregated for providing efficient routing. With a large address space, there is not the need to have complex address conservation methods as used in classless inter-domain routing (CIDR).

Windows Vista, Apple Computer‘s Mac OS X, all modern Linux distributions^[4], and an increasing range of other operating systems include native support for the protocol, but it is not yet widely deployed in other devices.

IPv6 private addresses

Just as IPv4 reserves addresses for private or internal networks, there are blocks of addresses set aside in IPv6 for private addresses. In IPv6, these are referred to as unique local addresses (ULA). RFC 4193 sets aside the routing prefix fc00::/7 for this block. The addresses include a 40-bit pseudorandom number that minimizes the risk of address collisions if sites merge or packets are misrouted.

Early designs (RFC 3513) used a different block for this purpose (fec0::), dubbed site-local addresses. However, the definition of what constituted “sites” remained unclear, and the poorly defined address structure created ambiguities for routing. The address range specification was abandoned and must no longer be used in new systems.

Addresses starting with fe80: — called link-local addresses — are routable only in the local link area. The addresses are assigned automatically by the operating system’s IP layer for each network interface. This provides instant network connectivity for any IPv6 host and means that if several hosts connect to a common hub or switch, they have an instant communication path via their link-local IPv6 address.

None of the private address prefixes may be routed in the public Internet.

IP address subnetworks

The technique of subnetting can operate in both IPv4 and IPv6 networks. The IP address is divided into two parts: the network address and the host identifier. The subnet mask (in IPv4 only) or the CIDR prefix determine how the IP address is divided into network and host parts.

A subnet mask is only used for IPv4. Both IP version however use use the CIDR notation. In this, the IP address is followed by a slash and the number of bits used to for the network part, also called the routing prefix. For example, an IP address and its subnet mask may be 192.0.2.1 and 255.255.255.0, respectively. The CIDR notation for the same IP address and subnet is 192.0.2.1/24, because the first 24 bits of the IP address indicate the subnetwork.

Static and dynamic IP addresses

When a computer is configured to use the same IP address each time it powers up, this is known as a Static IP address. In contrast, in situations when the computer’s IP address is assigned automatically, it is known as a Dynamic IP address.

Method of assignment

Static IP addresses get manually assigned to a computer by an administrator. The exact procedure varies according to platform. This contrasts with dynamic IP addresses, which are assigned either randomly (by the computer itself, as in Zeroconf), or assigned by a server using Dynamic Host Configuration Protocol (DHCP). Even though IP addresses assigned using DHCP may stay the same for long periods of time, they can generally change. In some cases, a network administrator may implement dynamically assigned static IP addresses. In this case, a DHCP server is used, but it is specifically configured to always assign the same IP address to a particular computer, and never to assign that IP address to another computer. This allows static IP addresses to be configured in one place, without having to specifically configure each computer on the network in a different way.

In the absence of both an administrator (to assign a static IP address) and a DHCP server, the operating system may assign itself an IP address using state-less autoconfiguration methods, such as Zeroconf. These IP addresses, known as link-local addresses, default to the 169.254.0.0/16 address range in IPv4.

In IPv6, every interface, whether using static or dynamic address assignments, also receives a local-link address automatically in the fe80::/64 subnet.

Uses of dynamic addressing

Dynamic IP addresses are most frequently assigned on LANs and broadband networks by Dynamic Host Configuration Protocol (DHCP) servers. They are used because it avoids the administrative burden of assigning specific static addresses to each device on a network. It also allows many devices to share limited address space on a network if only some of them will be online at a particular time. In most current desktop operating systems, dynamic IP configuration is enabled by default so that a user does not need to manually enter any settings to connect to a network with a DHCP server. DHCP is not the only technology used to assigning dynamic IP addresses. Dialup and some broadband networks use dynamic address features of the Point-to-Point Protocol.

Sticky dynamic IP address

A sticky dynamic IP address or sticky IP is a term created by cable and DSL users to describe a dynamically assigned IP address that does not change often. This is however an informal term, as a sticky IP does not differ in any way from other dynamic IP address.

Even though IP addresses may not change often for cable or DSL users, the addresses are still controlled by the standard DHCP process. Since the modems are often online for extended periods of time, the leases on the IP addresses are commonly renewed, and therefore may not change.

Should the modem be turned off, a new IP address may be assigned when the modem is turned back on, as a different host on the network may have been assigned the old IP address. IP address changes may also be triggered by resetting the DHCP server configuration; therefore causing the modem to receive a new IP address.

Some users take advantage of stickiness to create websites on the cheap, since a static IP address is usually more expensive. And some ISPs counter this by forcibly re-assigning IP addresses every 24 hours or so.

Uses of static addressing

Some infrastructure situations have to use static addressing, such as when finding the Domain Name Service directory host that will translate domain names to IP addresses. Static addresses are also convenient, but not absolutely necessary, to locate servers inside an enterprise. An address obtained from a DNS server comes with a time to live, or caching time, after which it should be looked up to confirm that it has not changed. Even static IP addresses do change as a result of network administration (RFC 2072)

Modifications to IP addressing

IP blocking and firewalls

Firewalls are common on today‘s Internet. For increased network security, they control access to private networks based on the public IP of the client. Whether using a blacklist or a whitelist, the IP address that is blocked is the perceived public IP address of the client, meaning that if the client is using a proxy server or NAT, blocking one IP address might block many individual people.

IP address translation

Multiple client devices can appear to share IP addresses: either because they are part of a shared hosting web server environment or because an IPv4 network address translator (NAT) or proxy server acts as an intermediary agent on behalf of its customers, in which case the real originating IP addresses might be hidden from the server receiving a request. A common practice is to have a NAT hide a large number of IP addresses in a private network. Only the “outside” interface(s) of the NAT need to have Internet-routable addresses^[5].

Most commonly, the NAT device maps TCP or UDP port numbers on the outside to individual private addresses on the inside. Just as a telephone number may have site-specific extensions, the port numbers are site-specific extensions to an IP address.

In small home networks, NAT functions usually take place in a residential gateway device, typically one marketed as a “router”. In this scenario, the computers connected to the router would have ‘private’ IP addresses and the router would have a ‘public’ address to communicate with the Internet. This type of router allows several computers to share one public IP address.