23 Provide name and full description of all the Registry Services to be provided
|gTLD||Full Legal Name||E-mail suffix||Detail|
|.LAT||ECOM-LAC Federaciòn de Latinoamèrica y el Caribe para Internet y el Comercio Electrònico||cabase.org.ar||View|
Operating a TLD for the latin community requires a deep knowledge of the latin environment and also great expertise in addressing this market. Experience both as a Registry and as a Registrar is essential to understand the complexity of the technical infrastructure required to operate a gTLD. This experience would also provide for the communication skills and proved commercial strategies necessary to better serve this market which still has a great potential for development and growth.
Because of this, eCOM-LAC has relied on NIC Mexico to provide technical services for the .LAT TLD. NIC Mexico is the current Registry Operator of the .MX ccTLD, who is a market leader in the region for technology services specializing in DNS, and who has pioneered the use of cutting edge technology, in order to offer the highest level of services to the Internet community. NIC Mexico will participate in this project to take some of the critical internet infrastructure out of the most developed countries, by reinforcing its own technical infrastructure to increase its service portfolio and gain experience to be able to aid in the development of the internet in the region. This partnership guarantees an excellent level of service in all aspects for end users and registrars.
NIC Mexico was among the first registries to automatize the domain name registration process (before EPP definition) through a web-based solution back in the late 90’s. NIC Mexico also pioneered in DNS anycast implementation deploying its first anycast cloud in 2002. Then in 2004, it was by NIC Mexico’s initiative that a joint project with ISC, TELMEX, Alestra and Avantel brought the first Root Server mirror to Mexico. NIC Mexico coordinated the project that put a copy of the Root Server F managed by ISC in Mexico.
Today NIC Mexico has a fully compliant EPP registration system and a DNS implementation that features geographic and network diversity, complimented with contracts with two global DNS Anycast Cloud providers to secure overcapacity in case of a major contingency.
In 2009 NIC Mexico successfully launched second level domain registrations for the TLD .MX. This project included re-defining policies, processes and systems to make them compatible with the best practices in the industry. NIC Mexico maintains the biggest registrar base among the Latin American Registries (+200).
eCOM-LAC and NIC Mexico will offer .LAT domain name services to all ICANN Accredited Registrars and according to ICANN’s requirements for preserving the operational security and stability of the Internet. The services for .LAT TLD will match both business and technical industry standards to offer registrants a globally visible domain name with latin identity.
NIC Mexico will provide registry services for the .LAT TLD that cover the five critical registry functions:
A. Receipt of data from registrars concerning registration of domain names and name servers
B. Dissemination of TLD zone files.
C. Dissemination of contact or other information concerning domain name registrations (Whois service)
D. Internationalized Domain Names
E. DNS Security Extensions (DNSSEC)
.LAT Registry will offer the following services:
1. DOMAIN NAME REGISTRATION AT THE SECOND LEVEL
.LAT Registry will offer domain name registration following the industry’s best practices. The Registry will accept data from registrars for domain name registration on behalf of registrants. This includes:
* The desired domain name: It will be used first for availability check and then to continue with the registration process. .LAT will provide IDN registration in Spanish language at the second level.
* Name server information for delegation purposes, including glue records
* Contact information. Registrant, Administrative, Technical and Billing contacts will be supported
* DNSSEC related information. We will describe the DNSSEC implementation details further in the application.
.LAT Registry will provide Domain Name Registration by means of the Shared Registration System (SRS). The SRS is a long time proven in-house development built over a highly adaptable architecture, designed to provide the best performance at any time to all participant registrars. Security and stability are the main design drivers.
* The SRS relies on a long-proved architecture based on DELL high capacity servers and Oracle RDBMS for the main database. All network and processing equipment features full redundancy to provide for scalability and resiliency. Other elements of the registration system include the billing system, PBX, online-chat and CRM. Business managers and customer support agents will use specially designed applications to perform their activities.
* EPP Authentication will be made both at (transport) level with SSL certificates and at (application) level via username and password. The registrar will be able to register domain names for the desired term defined in yearly increments from two to ten years.
* NIC Mexico will provide technical support to registrars both for the initial setup and for the daily operations. The call center will be available on business hours to service support requests by phone and email; there will be also live-chat assistance. Outside business hours, there will be an emergency response team on-call for participating registrars.
* The accreditation process will be agile and will include signing of the .LAT annex to the Registrar Agreement. It also considers interoperability testing and verification using a test environment available to interested registrars to verify the correct integration of their systems and the .LAT SRS.
OTHER DOMAIN REGISTRATION SERVICES
.LAT Registry will offer domain renewal both automatic and upon request of the registrar of record of the domain name. Domain Transfers will follow the procedures described in the applicable RFC’s and the consensus policies like the Inter-Registrar Transfer Policy (now Policy on Transfer of Registrations between Registrars). .LAT Registry will also offer Domain Restore capabilities following RFC3915.
2. WHOIS SERVICE:
.LAT Registry will offer a whois service for dissemination of information concerning domain name registration, including contact and DNS delegation information.
* .LAT Registry will offer whois both as a TCP service through port 43 and via web.
* As required in the AGB .LAT Registry will implement a thick registry; this will allow the implementation of a centralized whois to better serving the public with the most up-to-date information about .LAT domain names.
* The contents and format of the query responses will be as required in Specification 4 of the Registry Agreement.
* The whois service will have a dedicated database (different from the SRS database) and dedicated servers for web and port 43 access. The whois database will be updated from the SRS database every 5 minutes.
* The whois systems will have abuse prevention measures in place like query quotas to limit access by origin IP address for both the port 43 and the web-based services. Repeted overflows of query quotas will result in the IP adress being blocked. In addition to query quotas, the web based whois service will feature a captcha to prevent automated systems from mining the database.
* NIC Mexico’s whois implementation is a long time proven in-house development built over a highly adaptable architecture, designed to provide the best performance at any time to all participant registrars and internet community. Security and stability are the main design drivers. DELL high capacity servers will provide processing power, and the database will be Oracle RDBMS optimized to deliver top performance from a read-only database.
* .LAT Registry will take every effort needed to balance the need for privacy with the need to provide access to records that contain information on the registrant and contacts of domain names in order to maintain security and stability of the DNS. .LAT registry will operate the WHOIS service in a way that is compatible with applicable privacy laws. .LAT will request from registrants the minimal set of information needed to perform the whois functions as required by ICANN.
3. DNS SERVICE.
.LAT Registry will offer domain name resolution through NIC Mexico’s DNS Infrastructure.
* NIC Mexico’s DNS Infrastructure is composed of 6 different anycast clouds (m, e, x, i, c, o.mx-ns.mx) or Name Servers in the classical terminology.
* NIC Mexico manages seven global nodes in different parts of the globe. Each node is capable of announcing in BGP any of the six anycast clouds.
* NIC Mexico announces a particular IPv4 ⁄24 prefix to receive the traffic of a particular anycast cloud. Two external anycast providers announce a ⁄23 covering prefix of each anycast cloud and NIC Mexico can stop announcing the ⁄24 so the external providers receive the traffic of a particular anycast cloud. The first external DNS anycast provider normally receive the traffic of one anycast cloud, the second external DNS anycast provider normally receive the traffic of two anycast clouds and NIC Mexico normally receive traffic of the remaining three anycast clouds. In case of a large attack that NIC Mexico is not able to cope with NIC Mexico can stop announcing the ⁄24 prefix allowing the external providers to receive part of the traffic.
* NIC Mexico announces an IPv6 ⁄32 and ⁄48 in order to provide IPv6 connectivity in two of the six anycast clouds. The external DNS anycast providers do not receive IPv6 traffic.
* NIC Mexico’s SRS updates two DNS stealth master servers in almost real-time (1 minute is the worst-case scenario for an update in the SRS to be transferred to the DNS stealth masters). These two DNS stealth master servers then transfer zone updates to the nodes and external DNS anycast cloud providers.
DNS Security Extensions
* NIC Mexico’s SRS implements RFC5910 in order to allow registrars to update DS RR information through EPP.
* NIC Mexico’s SRS Web Interface implements a web module where a registrar can update DS RR information.
* NIC Mexico does not verify if DS is valid with the child zone at registration time, but a batch process and configured to run daily to validate DS information and report any problems with DNSSEC chain of trust to registrars.
* NIC Mexico uses a FIPS 140-2 Level 4 to store the KSK. An m-of-n command structure is implemented in the HSM. The ZSK private key is stored in a server called “zone signing server” that can only communicate through a private network with the stealth masters.
* Zone signing is performed in the “zone signing server” and ZSK private key information is encrypted with an m-of-n shared secret.
4. OTHER SERVICES
.LAT Registry will offer an advanced security service that will prevent a domain name from updates made online, by means of the SRS interfaces, web and EPP.
This service will be oriented to allow registrars of the .LAT TLD offer to registrants an increased security level for protection of their valuable domain names that are essential assets for business operations and brand protection. The Registry Lock service will add an extra layer of verification and control on operations affecting “locked” domains. Registrars will use it in combination with their own security measures to help registrars mitigate the risk of hijacking as well as unintended domain deletions, transfers and any other undesired update.
To setup the service for a domain name, the registrar must send a letter to the registry indicating:
* The domain name
* AuthInfo of the domain name
* Name and contact information of the individuals authorized to make changes to the domain name. It is intended that they should be the registrant or administrative contacts of the domain name.
* A password or pass phrase must be included to verify the identity of the contact.
To modify the information of a domain name that has the Registry Lock service activated, one of the appointed contacts must get in touch with the .LAT registry’s customer support by phone. After identity validation, the contact can instruct the customer support agent to update the domain name information.
Once the information has been updated, the SRS will send a notice to the registrant and administrative contact with the updated information of the domain name. This service is considered a premium service for the exceptional costs that it represents.
This service is included to protect registrars (and registrants) from inadvertent or undesired deletions. Some of the TLD registries currently active offer this service, as defined in the RFC3915.
When a registrar deletes a domain name, it enters into a Redemption Grace Period where the registrar of record can restore the domain name to an active status by issuing an EPP 〈rgp:restore〉 command, which is a billable operation. After the command execution, the domain name is put back in the zone file, but the restore will not be complete yet. Accordingly to RFC3915 the registrar still has to send an EPP 〈rgp:report〉 command to finalize the recovery process with all the required information as indicated in RFC3915.
Details on the implementation of de Domain Restore service will be provided further within the Domain Registration Life-Cycle.
.LAT registry will implement search capabilities on the whois to offer a way to find domain names registered within a TLD. This tool would prove useful when trying to locate domain names that could be in violation of intellectual property or that may be subject of criminal investigation. Search capabilities will be available for the web version only.
There will be some measures in place to deter abuses on the searchable whois. NIC Mexico will implement an incremental delay in the response to multiple queries from the same IP address per period. Another abuse prevention feature of the searchable whois will be blocking of IP address if the number of concurrent connections exceeds a certain threshold. The limits for incremental delays per number of queries and concurrent connection thresholds will be set at an initial number and then adjusted when more experience is gathered.
More details in que response to question 26.
Similar gTLD applications: (0)
|gTLD||Full Legal Name||E-mail suffix||z||Detail|