23 Provide name and full description of all the Registry Services to be provided

Prototypical answer:

gTLDFull Legal NameE-mail suffixDetail
.overheidnlministery of the Interior and Kingdom Relationsminbzk.nlView

23 Registry Services

All core registry services for .overheidnl will be provided by .overheidnl’s back end provider SIDN. SIDN is the foundation that operates since 1996 the registry for the .nl TLD, the 7th largest TLD in the world with currently approximately 5 million registered domains and the 3th largest ccTLD.

All infrastructure, systems, procedures and processes used for supporting registry services of .overheidnl will be based on SIDN’s infrastructure, systems, procedures and processes for supporting registry services for .NL.
SIDN deploys a fully redundant infrastructure. All systems supporting registry services (with the exception of the public DNS services) are located at two geographically separated production sites that together form one logical network. The public name servers are geographically spread with a gravitational centre in The Netherlands. This suits the need of the .overheidnl top level, which is also aimed at the Dutch community.
SIDN is an ISO 27001 certified organization. Procedures and processes related to registry services at SIDN are based on the principles of this standard.

23.1 Domain Registration Services
Domain Registration Services are provided to all .overheidnl Accredited Registrars through the Shared Registration System. The SRS for .overheidnl is cloned from SIDN’s registration system for .NL and offers an EPP-interface and a web-interface. Both interfaces are available to all accredited registrars and offer the same functionality. Both interfaces are available through IPv6 and the SRS supports IPv6 AAAA Resource Records in all relevant information fields.

The SRS is compliant with all EPP RFC’s (3735, 3915, 5730, 5731, 5732, 5733, 5734 and 5910) and performs well within the ranges as specified by the SLA Matrix set by ICANN in Specification 10 to the Base Agreement.

Registration transactions for domain names eligible for registration (i.e. domain names that are not excluded or reserved )are handled fully automated by the SRS. Registration transactions are:
- create, update, renew, transfer and deletion of a domain name;
- acknowledgement or refusal of a transfer request;
- restore of a domain name in redemption grace period;
- create, update and deletion of a contact;
- create, update and deletion of a name server.

Upon expiration of a domain name, the registry will automatically renew the registration with one year . If the domain name is deleted or successfully transferred to another registrar within 45 days of this auto-renewal, the charge made for the auto-renewal will be credited.

Deleted domain names are quarantined in a Redemption Grace Period for 40 days before becoming available for registration anew.

The SRS accepts DNSKEYs for signed delegated domain names and the DS record for the child zone will be computed by the registry.

Not all registration transactions are always allowed. For a full description, please see the answer provided to Evaluation Question #27 ‘Registration Life Cycle’.

Excluded domain names will be listed in the registry agreement and honour ICANN’s requirements regarding reserved domain names. Domain names excluded from registration are not in the .overheidnl zone file, have a Whois status ʹexcludedʹ and cannot be registered by anyone. An EPP «create» command will be rejected by the shared registration system.

Reserved domain names can only be registered by a designated or authorized registrant. Policies and procedures regarding the dissemination of reserved domain names will be provided in the registry agreement and published on the registry website for .overheidnl.
After registration, updates of the registrant are blocked in the registration system. An EPP «create», «update» or «transfer» command will be manually reviewed by .overheidnl registry operator and has to be authorized before it will be processed by the registration system.

A test environment of the SRS will be made available to registrars, providing all needed functionality to create and test administrative interfaces.

23.2 DNS and DNSSEC Services
At launch, .overheidnl will be set up with 2 geographically separated name servers (clusters) and an Anycast name server. The Anycast name server will have a minimum of 5 nodes. If and when demand rises above SIDN’s capacity baseline threshold, additional name servers or nodes will be introduced.

All public name servers for .overheidnl are reachable via IPv4 and IPv6 addresses.

The zone file for .overheidnl will be signed with DNSSEC and checked for integrity and accuracy before being published. Zone file generation and publication will be done every half hour, matching the requirements specified in Specification 10 of the Base Agreement. NSEC is used for authenticated denial of existence.

SIDN requires registrants to obey the rules set out in a ‘technical requirements document’ that defines minimal technical requirements for the registration (and delegation) of domain names (in the DNS). Most of the technical requirements are enforced by technical controls in the shared registration system. Other requirements are checked once the domain is delegated, by means of an in-house developed tool called the ‘DNS crawler’. This tool produces monthly feedback on the DNS quality of the domain names registered to registrars. It also reports violations of the technical requirements and DNS errors to registrars and to our compliance monitoring team.

A publicly available name server check will be provided on the website of .overheidnl. This name server check is identical to SIDN’s name server check (https:⁄⁄www.sidn.nl⁄en⁄about-nl⁄registering-a-domain-name⁄dns-check⁄) and provides DNS and DNSSEC information about both delegated and undelegated domain names.

23.3 Registration Information Services
.overheidnl’s WHOIS will be offered publicly through a website and as a command-line protocol over port 43.
The HTML version of the public WHOIS will be accessible through http:⁄⁄whois.nic.overheidnl and will be protected by a Captcha mechanism. The output of the WHOIS service on port 43 is text based (ASCII). Every line is terminated with CRLF as is specified by RFC3912. Besides the standard port-43 WHOIS, we also support a HTML-based WHOIS and an XML-based WHOIS. The WHOIS data is updated in real-time.

Additionally, an ‘IS’ service will be provided for retrieving domain registration statuses. This is a domain availability service, which only shows the status of a domain name. This function could be provided by IRIS⁄CRISP⁄DCHK, but those standards are not commonly used or known.

Accredited Registrars also have access to an XML-based WHOIS, which is partly based on the IRIS specifications (RFC3982 DREG). This WHOIS is only available to accredited registrars and shows full registration information. A free client code is offered through Perl CPAN (Net::Whois::SIDN). The data returned is in UTF-8 format, to support international characters.
Additionally, registrars can retrieve registration information through the EPP interface of the SRS.

SIDN will comply with new standards if and when they are introduced, for example standards based on the results achieved by the IETF WEIRDS group .
Developments in the area of RESTful WHOIS services are studied and our technical advisors work closely with the IETF (IETF WEIRDS WG) community to get this to a standard. When a standard for RESTful WHOIS arises, it will be implemented on IPv4 and IPv6.

.overheidnl will further provide Zone File Access to the public and Bulk Registration Data Access to ICANN entirely in line with the requirements as specified in Specification 4 to the Base Agreement

The .overheidnl registry will provide periodic reporting to ICANN as specified in the Base Agreement and Specifications.

Registrars will receive monthly reports regarding registration transactions (also used as a specification to billing) and feedback on the DNS quality of the registered domain names (through the output from the DNS Crawler).

Similar gTLD applications: (2)

gTLDFull Legal NameE-mail suffixzDetail
.amsterdamGemeente Amsterdamamsterdam.nl-1.75Compare
.politiePolitie Nederlandvtspn.nl-1.71Compare