23 Provide name and full description of all the Registry Services to be provided
|gTLD||Full Legal Name||E-mail suffix||Detail|
|.boston||The Boston Globe Newspaper Company Inc.||boston.com||View|
The internet today, with 22 generic top-level domain names and approximately 270 country code TLDs, is about to change. As the domain name space will be opened to organizations applying for gTLDs associated with particular interests and businesses sectors, this will help organizations and communities enhance branding, community building, security, and user interaction. Hundreds of new extensions may be introduced and each applicant will have to look for a stable and secure Registry system and technical provider. The Registry Operator has therefore chosen to outsource the technical back-end operations for the domain name Registry to OpenRegistry (the Registry Service Provider). OpenRegistry combines a steady track record with modular software to help applicants take advantage of this opportunity.
When it is stated that the Registry service Provider will perform certain services or comply with certain standards and processes, the Registry Service Provider will do this in the name and on behalf of the Applicant, who itself is committed to comply with these standards and processes towards ICANN under the Registry Agreement and the terms and conditions of the new gTLD program. Unless it is expressly stated otherwise, all services described in this question will be provided by the Registry Service Provider in the name and on behalf of the Applicant, who will monitor the Registry Service Provider’s compliance with its contractual terms and the requirements laid down by ICANN on a regular basis.
1.1. Registry Service Provider
This document sets out the range of services that OpenRegistry offers to its customers in compliance with ICANN’s new top level domain application process. The services are fully compliant with ICANN’s requirements regarding the deployment and management of a gTLD Registry System.
OpenRegistry’s multilingual staff have over 20 years of combined experience in developing and managing sophisticated solutions for domain name Registrars, domain name Registrants (in particular brand owners) and Registry Operators, as well as being involved in the design of policies for and managing registrar relationships with several ccTLDs.
All members of the team (including outsourced personnel) have been specifically trained on the Registry Platform and have an extensive knowledge and hands-on know-how about the DNS. OpenRegistry has offices in Luxembourg and Belgium.
OpenRegistry was founded by the three key leaders involved in the successful creation and operation of the .be and .eu Registries, which combined currently represent over four million domain names. The OpenRegistry team has 20 years of experience in developing and managing sophisticated solutions for Registrars and Registry Operators. The OpenRegistry system draws on the best features of the .be and .eu systems, combined with new technology that has been introduced, which results in best practice system protocols and software design.
OpenRegistry offers from a simple, totally outsourced product to a licensed version of the Registry software for clients who wish to manage their own infrastructure. In each and every case, the system meets and even exceeds ICANN’s Registry contract requirements. The software provides the flexibility to offer options to Registry Operators that are in line with its own specific operational and technical circumstances.
(View attachment for Figure 1: Registry Software Capabilities)
There are three key feature groups which address the ICANN evaluation process and which meet and even exceed ICANN’s mission and core values to protect the stability of the global Internet. These are the technical features, financial features and third party modules that are detailed in the next sections.
(View attachment for Figure 2: Registry Software Features Overview)
1.2. Stability & Security
The Registry Platform that will be deployed for the applied-for gTLD, which meets and even exceeds the technical requirements set by ICANN, combined with the team’s experience in running ccTLD domain extensions, provide a solid basis to assist the Applicant to meet its commitments to ICANN. As a Registry Service Provider, OpenRegistry is an operationally secure company with highly skilled staff and appropriate premises for running Registry Services conform to the ISO27001 standard.
DNS services are monitored at all times and external high quality any-cast providers are added in the mix to deliver excellent and premium class nameserver infrastructure all over the world.
The main features of the Registry Platform include a complete and extendible set of functionalities that can be controlled by the administrator. Some of the more profound features include support for IPv4, IPv6 and DNSSEC. The Registry Platform relies on standards-based software, carrier-grade hardware and protocol compliant interfaces. These include enabling dynamic zone file updates for immediate use after registration, escrow services and advanced reporting. Extensible Provisioning Protocol (EPP) transactions are only accepted from pre-registered IP addresses and all transactions, whether web or EPP are protected by Secure Socket Layer (SSL). All transactions are monitored, traced and logged.
The Registry Service Provider’s staff are industry-trained (in Java, SQL, Linux) university-certified professionals each with over a decade of experience in building and managing network infrastructure (CISCO, Juniper,… ) using quality hardware appropriate for the array of customers.
Diverse audit trails of all activities across software, hardware, staff movement, building access to ensure the security of our systems, are provided. A penalty system ensures Registrars cannot flood the Registry Platform with invalid requests, which would potentially degrade the system’s performance. New connections (SYN packets) are limited on the domain name Registry’s edge routers to minimize the impact of Denial of Service (DOS) and Distributed Denial of Service (DDOS) attacks. The system is further protected with a redundant intrusion detection⁄intrusion prevention system to exercise deep packet inspection and block risks on SQL-injection and cross site scripting.
OpenRegistry offers a range of services to increase the security of communications between the Registry Operator and Registrars. By default, the communication channel is encrypted using Secure Socket Layer (SSL)⁄Transport Security Layer (TLS). On top of encryption, the following options are available:
1) User login with passwords and granular authorization;
2) Trade and transfer control to prevent unintentional transfers;
3) Limited access per second to avoid data harvesting;
4) Monitored update allows ownership data to be changed only after manual checks;
5) Temporary take-over by the Registry Operator in case of Registrar bankruptcy;
6) Domain lock avoids malicious transfer or trades;
7) On-hold status can be set pending an Alternative Dispute Resolution (ADR) case;
8) Domain Name Monitoring module exposes typo-squatters by listing similar domain names;
9) The Registrant extranet puts Registrants in charge of their domain names.
The Registry Platform provides a minimum of two anycast addresses, nodes in 52 locations around the world and a capacity of over 500 billion queries a day with a resolution rate of under one millisecond. Each node is set up in a redundant configuration so that a hardware failure on one machine does not prevent the node from responding to queries.
The Registry’s primary server location is located in Belgium, in a secure, state-of-the-art facility. Special care has been taken to provide several physical layers of security. The Registry database and application servers will be hosted there, with a mirror site in Luxembourg. The Registry Platform is connected using multiple Internet Service Providers (ISPs), all of them Tier 1 providers.
The applications run on a blade infrastructure, allowing for immediate recovery in the case of failure of any one element and providing easy scalability. The setup provides micro-cloud functionality that allows for easy scalability and multiple layers of redundancy. The local backup (warm standby) server is kept current by a stream of write-ahead log records, so it can take over as the master server with minimal delay. Name servers are distributed over the world for load balancing and robustness. External parties provide anycast functionality. The unicast nodes provided are set up in a redundant configuration so that a hardware failure on one machine does not prevent the node from responding to queries.
All the Registry data are stored on a cluster of database servers, both on the primary and on the mirror site. These databases are synchronized permanently. If the load on the production database is deemed too high to deliver excellent quality service, read-only copies are put in place for read-only service, such as WHOIS and Data Escrow, to off-load traffic from the main database. A special delayed recovery database is available on the primary site to be able to recover quickly from data corruption should it have spread to all on-line database servers.
(View attachment for Figure 3: Registry Services interfacing the Registry Database)
The Registry Platform is feature rich with a multitude of parameters that can be set to suit the applicant’s requirements. At system level software modules and functionalities can be switched on and off by the system administrator.
The Registry Platform contains all functionality required by ICANN for a TLD to operate efficiently through two main interfaces or more if necessary. The XML based EPP interface provides excellent means for Registrars who want to offer their customers a fully automated interface. A web interface provides extra functions that are difficult to automate next to a set of commands that are fully compatible with EPP.
The audit trail ensures that from day one every single activity in the system is logged and copied, including all associated data. This allows for going back in time and examining the situation both before and after a transaction took place. Journaling is built straight in the database, so it is hassle free for programmers and works with all programming languages.
The full and flexible audit log eliminates huge log files or endless searching. The audit log can be searched using filters and detailed search criteria, so the requested is found fast and efficiently.
The system was created for the current domain name Registry-Registrar-Registrant model but could easily accommodate a direct Registry-Registrant relationship, for which a web interface is particularly useful.
2. Technical Features
2.1. WHOIS and Domain Availability Service (DAS)
End users (Registrants) are expected to have access to the contact details of a domain name holder. The WHOIS module complies with the ICANN standards, but offers optional flexibility with two different accesses : the WHOIS giving the full details (if allowed) of the domain name holder, and DAS (Domain Availability Service) which only shows whether the domain name is available or not. WHOIS data is fully configurable to meet existing or future data protection requirements, with each field able to be switched on or off. It can be accessed via both a web interface (CAPTCHA protected, where the user needs to enter a verification code to avoid machine-generated queries) or via port 43.
Open Registries may find other uses for their WHOIS data to benefit both the Registry Operator and Registrants, such as a search capable WHOIS on the domain name database to find domain names or registrants in a particular industry or area. Profiles can be set up to determine which information is displayed.
WHOIS and DAS functionalities are described in detail in response to question 26.
2.2. DNSSEC Enabled
In compliance with ICANN requirements, the applied-for TLD will be DNSSEC enabled from day one. Additionally, a DNSSEC solution is offered for the Registrars that they can implement with minimum disruption to their own systems. The implementation of DNSSec is described in detail in response to question 43.
2.3. DNS Service
The DNS infrastructure consists of an own set of redundant unicast nameservers running various flavors of operating systems and DNS software, and a set of high quality anycast nameserver providers. These services are provided by machines distributed all over the world over the IPv4 and IPv6 network and using DNSSEC.
1) Real-time DNS updates compliant with RFC 2136
2) DNS Services implemented using ISC BIND, compliant with RFC 1034, RFC 1035, RFC 1101, RFC 2181, RFC 2182, and RFC 3007
A detailed description of the DNS service is provided in the response to question 35.
2.4. Tailored Contact Types
When a domain name is registered, the Registrant must provide the Registrar of the domain name with valid and up-to-date contact information. In theory, by looking up the domain name in any public WHOIS database, anyone is supposed to be able to view this registration information, and thus contact the person or company that owns it (Registrant or Licensee). The Registry Platform allows specifying tailored contact types to suit the Registry Operator’s need. Each contact type can contain the default set of contact data or fields specified.
2.5. Dynamic Zone Files
The Registry Platform provides a dynamic zone file update, ensuring that, when a domain name is registered, it is available for use immediately.
2.6. Internationalized Domain Name (IDN) Compatible
The Registry Platform is IDN compatible and does not rely on the domain name registrar to convert natural script into punycode. The Registrar simply needs to enter the required information in natural language and the Registry Platform will do the rest. This applies for both EPP and web interfaces.
A detailed description of the implementation of IDN is provided in the response to question 44.
2.7. Nameserver Groups
The Registry Platform can create nameserver groups. A nameserver group contains a list of nameservers that can be linked to a domain name. This can be used instead of individual nameservers on a domain name. When one nameserver is replaced by another, nameserver groups deal with this change in one update that is then propagated to all domain names linked to that group. When using individual name-servers, all domain names using the old name servers need to be updated.
The extranet option allows the Registrant to access and, when permitted, modify his data at the Registry Operator level. It can also be used by the Registrant to approve trade or transfer of a domain name. If needed, the Registrant can be given access to the extranet to switch on some levels of control. For instance, the Registrant can ask to be informed of any change of data made by the Registrar. Similarly, the Registrant can choose to be informed by e-mail when his domain name is scheduled for deletion. In this case, the modification or deletion can only be executed after confirmation from the Registrant.
The Registry Platform accommodates multiple types of Sunrise arrangements, including first-come-first-served validations or a defined Sunrise window that sends all applications for validation. Rules for the sunrise period can be set such as the type and location of applicant and type, or the dates and geographical coverage of prior IP rights.
2.10. Validation Management
The Registry Platform can provide a direct link to any Trademark Clearinghouse that ICANN may choose, thus encouraging more brand owners to participate in the Sunrise. Validation options include selection of names which are excluded from registration, which are Premium names, and include an auction process for competing applications.
2.11. SRS Registration and Flexible Permissions
SRS is short for Shared Registry System. The Registry Platform offers, besides the access through EPP required by ICANN, the capability to register domain names via the web. The Registry Platform includes a module that allows for flexible permissions for all users. This is very useful to give different permissions to different types of users for different sets of actions, for example to define what certain Registrars or Resellers can or cannot do. These permissions can be applied to different transactions in the system, allowing staying in total control of the TLD.
2.12. Registrar Interface
1) Fully documented client Application Programming Interface (API)
2) Web interface to allow Registrars full control of names under their management
3) Easy to use and fully compatible with Extensible Provisioning Protocol (EPP)
4) Extra modules provide feature rich experience
2.13. Extensible Provisioning Protocol (EPP)
1) Full EPP compliance with RFC 3730 and RFC 4930
2) Supports standard EPP object mappings for an Internet Domain Name Registry RFC 4931, RFC 4932, and RFC 4933
3) Multi-layer authentication
4) Includes support for implementing EPP extensions
5) Highly configured EPP Service to ensure that Regulator and Registry Operator Policy is adhered to with minimal intervention
6) Works with any RFC compliant EPP server
A detailed description of the implementation of EPP is provided in response to question 25.
2.14. Hidden Master Nameservers
The master nameserver, which interfaces directly with the Registry Database, provides all slave nameservers with the current registration and database information, but cannot be accessed by third party users. This provides optimal security and integrity for the Registry Database.
2.15. Variable Renewal Period
The Registry Platform allows for configuration of the renewal period, with a maximum of 10 years. By default, domain names are renewed every year, but this could be set to any other period, within the limits imposed by ICANN.
2.16. Length Limitations
The Registry Platform allows for the definition of criteria in terms of the length of the registered domain name. This feature can be used for example, to avoid the creation of two and three letter domain names within the TLD.
2.17. String Blocking
This feature allows for blocking of simple or complex ‘strings’ from being used in domain names. Examples include the name of competitors of the Registry Operator for a brand TLD, parts of that name, or foul language.
2.18. Automatic Transfer and Trade Handling
The Registry Platform is capable of automatically handling all transfers and trades using a proven automated process of approval by the registrants. When a transfer is initiated, the current owner receives an e-mail requesting approval. In case of a trade, the new owner also receives an e-mail. Only when all parties involved have electronically given their approval is the transfer or trade scheduled for automatic execution.
2.19. Registrar Dashboard
The Registrar has a dashboard to verify the current status of the registrar account. This includes a number of statistics on domain names in portfolio, domain names recently registered, transferred in and out, etc. These statistics are also provided over a longer period of time, allowing the registrar to conduct statistical analysis of the portfolio. The interface also provides an overview of transaction failures and the reason why, if applicable. It also shows a detailed financial status.
2.20. Registrar Export
The Registrar web provides a separate page where the Registrar has bulk access to the entire portfolio of domain names, contacts and all other useful information stored in the database linked to the Registrar’s account. The data is available in various formats including XLS, CVS and XML. This provides the Registrar with ample facility to verify portfolio and import data into and verify data against any external system used by the Registrar.
3. Financial Features
3.1. Pricing Model
The Registry Platform’s management module allows the Registry Operator to create pricing models as needed. Prices can be set for each type of operation and can have an associated validity period. Price changes can easily be implemented and put in the system with a specific starting date.
3.2. Pre-payment System
For each domain name Registrar, an account is provisioned in the Registry Platform. Every paying transaction reduces the account balance by the corresponding fee. When the account does not contain enough funds, the transaction will not finish successfully. This method eliminates the risk of bad debtors. Invoices are generated at the end of each month for the transactions executed and paid for in the previous period. This flexible system also allows for a post-payment application.
3.3. Credit Lines
While the pre-payment system does not allow a Registrar to execute paying transactions, such as registering a new domain name, a credit mechanism is available that allows the Registry Operator to give a Registrar a credit line for a specific period and a specific amount. During that period, the Registrar’s account may temporarily run negative for the specified amount.
The Registry Platform allows for both an automated as well as an explicit renewal. Both options occur at the end of the month in which the renewal is due. Payments must be made with the Registrar’s pre-payment accounts, although the Registry Operator can give a particular Registrar a credit line for a specific period. Monthly invoices, detailing all transactions that have occurred in the previous month, are generated by the Registry Platform.
The Registry Platform’s management module keeps track of all payments that have been entered into the system. Registrars can access their complete invoice and payment history via the web interface.
3.6. Early Warning System
The Registry Platform contains a system of threshold to prevent the Registrar’s account from going negative. When the prepay account drops below a certain threshold level, an email will be sent to the Registrar to inform him, thus allowing the Registrar to transfer sufficient funds into the account in time.
4. Third Party Modules
4.1. Alternative Dispute Resolution (ADR) Extranet
In the event that a dispute arises over a domain name, the status of the domain name in question needs to be blocked. This is required to prevent the current holder from changing crucial data. As timing is very important, the Registry Platform includes a simple interface for the Alternative Dispute Resolution (ADR) provider that allows placing the disputed name on hold or in use again according to the outcome of the deliberation. Furthermore, if a complaint is launched against a domain name, the Registry Operator can permit the ADR dispute resolution service provider to log in and suspend any transactions on the name until the process is complete. When the dispute is resolved, the ADR provider can either remove the suspension or force a transfer according to the applicable rules and procedures of the UDRP (Uniform Domain-Name Dispute Resolution Policy).
If applicable, the extranet option allows the Registrant to access and, when permitted, modify his data at the Registry Operator level. It can also be used by the Registrant to approve his trade or transfer. If needed, the Registrant can be given access to the extranet to switch on some levels of control. As a first level, the Registrant can ask to be informed of any change of data made by the Registrar. Similarly, the Registrant can choose to be informed by email when his domain name is scheduled for deletion. If the Registrant chooses the second level of security, the modification or deletion can only be executed after confirmation from the Registrant.
4.3. Sunrise Process Management
The Registry Platform accommodates multiple types of Sunrise arrangements, including first-come-first-served validations or a defined Sunrise window that sends all applications for validation. Rules for the Sunrise period can be set, for example, the type and location of applicant and type, or the dates and geographical coverage of prior IP rights.
4.4. Validation Management
The Registry Platform can provide a direct link to any Trademark ClearingHouse that ICANN may choose to operate, thus encouraging more brand owners to participate in the Sunrise. Validation options include selection of names which are excluded from registration, which are Premium names, and include an auction process for competing applications. The Registry Platform is by default compliant with the Trademark Clearinghouse.
4.5. Escrow Module
The escrow module allows for an easy transfer of full and incremental backups to one of ICANNʹs accredited escrow providers. Reports of all exchanges are kept and combined in a monthly report. Emergency backup procedures and verification scripts can be added.
A detailed description of the data escrow is provided in the response to question 38.
Similar gTLD applications: (20)
|gTLD||Full Legal Name||E-mail suffix||z||Detail|
|.SFR||Societe Francaise du Radiotelephone - SFR||sfr.com||-2.24||Compare|
|.ADAC||Allgemeiner Deutscher Automobil-Club e.V. (ADAC)||zentrale.adac.de||-2.24||Compare|
|.kpn||Koninklijke KPN N.V.||kpn.com||-2.22||Compare|
|.gent||COMBELL GROUP NV⁄SA||combellgroup.com||-2.22||Compare|
|.SAPO||PT Comunicacoes S.A.||gmail.com||-2.21||Compare|
|.MEO||PT Comunicacoes S.A.||gmail.com||-2.21||Compare|
|.SCHWARZGROUP||Schwarz Domains und Services GmbH & Co. KG||sbg.de||-2.2||Compare|
|.SCHWARZ||Schwarz Domains und Services GmbH & Co. KG||sbg.de||-2.2||Compare|
|.LIDL||Schwarz Domains und Services GmbH & Co. KG||sbg.de||-2.2||Compare|
|.lplfinancial||LPL Holdings, Inc.||lpl.com||-2.19||Compare|
|.lpl||LPL Holdings, Inc.||lpl.com||-2.18||Compare|
|.DHL||Deutsche Post AG||markmonitor.com||-2.15||Compare|
|.TRUST||Deutsche Post AG||markmonitor.com||-2.15||Compare|
|.EPOST||Deutsche Post AG||markmonitor.com||-2.15||Compare|
|.DEUTSCHEPOST||Deutsche Post AG||markmonitor.com||-2.15||Compare|
|.DELOITTE||Deloitte Touche Tohmatsu||deloitte.com||-1.82||Compare|