Since  people normally don’t know how internet works, I’ll explain a bit how it works before explaining why it is not neutral.

Internet is a web, you’ve probably read that somewhere. Operators in the world connect to each other to be able to transmit traffic. This kind of connection is called “peering”. Some operators connect to each other for free, but some do not.
Let’s say we have a big national operator A, with dozen of peerings and lots of traffic. Operator B is a “tier 1″ operator, selling bandwidth to operator A. Operator C is a small local operator, connected to operator B. Now, as both operators A and C are in the same country, they will tend to have lots of traffic between each other, especially if operator A also host services as it is often the case. Now, when our operator C asks operator A a peering, there are many cases we usually see:

• Most common case: operator A agrees to the peering, but operator C has to pay for all traffic in or out of this peering. Operator A doesn’t care because it doesn’t really need this peering, the volume of data to operator C being rather small compared to international or other operators.
• One case I saw in France: operator A has peering conditions that states minimum used bandwidth/etc. Operator A replies to operator C that with the current traffic, it can’t agree to a peering. Same here, while cost might be trivial for operator A, it might be quite a lot for operator C
• Finally the rarest case: operator A has peering policies to agree to “anyone who want to peer”. Operator C will most likely have to pay installation of a connection to one of operator A’s PoP (point of presence), but won’t need to pay each month for used bandwidth (which doesn’t cost anything except hardware to operator A).

Now, those “peering policies” might be a bit more than just volume requirements. A big national operator may refuse a peering to a smaller operator to keep the small operator’s costs high. While in theory most operators have advantage to peer to each other, biggest operators makes it almost impossible for smaller operators to reduce their costs, even when peering would cost less for the big operator (I can understand that sometimes the traffic generated by an operator doesn’t cover the costs of installing a line and providing a port on a router, but peering refusal is often based on other non-technical basis.

Neutrality would mean that time and transmission conditions from a point A to a point B is not affected by any non-technical constraint (as far as I’m concerned, if establishing a peering is more expensive than staying on the current tansmission mode, refusing a peering is fine). Currently, reasons for not accepting a peering at different operators varies from “because you are a concurrent” to “we are too lazy to connect you”.

Typical whois reply will look like:

   Server Name: MICROSOFT.COM.ZZZZZZ.MORE.DETAILS.AT.WWW.BEYONDWHOIS.COM
   Server Name: MICROSOFT.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
   Server Name: MICROSOFT.COM.ZZZZZ.DOWNLOAD.MOVIE.ONLINE.ZML2.COM
   Server Name: MICROSOFT.COM.ZZZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM
   Server Name: MICROSOFT.COM.ZZZ.IS.0WNED.AND.HAX0RED.BY.SUB7.NET
   Server Name: MICROSOFT.COM.WILL.LIVE.FOREVER.BECOUSE.UNIXSUCKS.COM
   Server Name: MICROSOFT.COM.WILL.BE.SLAPPED.IN.THE.FACE.BY.MY.BLUE.VEINED.SPANNER.NET

Of course it might looks like the whois server was hacked, that’s what people with bad knowledge of internet would think (hint: almost everything is explained in RFCs).

When you perform a whois lookup, the whois server will usually search domains and return you informations about the domain you requested. However on internet you also have Glue Records which are searchable via whois.

When you perform a whois on, let’s say “microsoft.com”, the whois server will search all records that starts with microsoft.com. Now let’s say the owner of spanner.net created a glue record on microsoft.com.will.be.slapped.in.the.face.by.my.blue.veined.spanner.net, it will match.

Now lots of people did that, so whois records are full of glue records starting with microsoft.com. The only way to limit that is to code a limit in ICANN whois server. So it was decided that only 25 expanded or 50 name-only records would be shown. What happens to the real domain name? It’s also listed as one of the records, usually at the end.

So, nothing was hacked, no whois server was harmed, you just got a bunch of people who are exploiting a specific behaviour of the whois system to make their glue records get listed before the real domains. If you want to appear in microsoft.com you can create a glue record which would look like: microsoft.com.zzzzzzzzzz.uh.did.you.wake.me.up.from.my.sleepdeprivation.com.

Have fun posting stuff on your blog, but stop saying whois servers were hacked when they were not. Anyone who owns a domain name can create glue records, no hacking skills are required to achieve this. You are giving too much credit to guys who just pressed a few options in their registrar’s admin panel (and remember that you can be easily tracked back too). That’s far from what I would call “hacking”, and even not at the “script kiddie” level.

Oh and guyz, it’s been like this for a long time (first time I saw that there was only one record, it was in something like 1998. In the following years more and more records were added to finally reach today’s state). Remember to always verify your sources, even when you got breaking news like “microsoft.com was hacked”.

Finally, I find it amusing to see someone with a MacOS X machine called “bofh” and a green terminal (yay! old school) “discovering” a hack and feeling the urge to report it (and show his green terminal to the world, too). Mac OS X is not a hacker OS, and Apple’s whois client sucks – recent whois client add options to either only receive domain responses, or get expanded responses. Please use a real OS (FreeBSD, Linux Gentoo) or make your own.

Some of my favourite records from a LONG time ago:

MICROSOFT.COM.SHOULD.GIVE.UP.BECAUSE.LINUXISGOD.COM
MICROSOFT.COM.SE.FAIT.HAX0RIZER.PAR.TOUT.LE.ZOY.ORG
MICROSOFT.COM.N-AIME.BILL.QUE.QUAND.IL.N-EST.PAS.NU
MICROSOFT.COM.MUST.STOP.TAKEDRUGS.ORG
MICROSOFT.COM.IS.NOTHING.BUT.A.MONSTER.ORG
MICROSOFT.COM.IS.AT.THE.MERCY.OF.DETRIMENT.ORG
MICROSOFT.COM.FAIT.VRAIMENT.DES.LOGICIELS.A.TROIS.FRANCS.DOUZE.ORG
MICROSOFT.COM.WILL.CRASH.IN.6MN.ORG
MICROSOFT.COM.IS.A.STEAMING.HEAP.OF.FUCKING-BULLSHIT.NET