26 Whois

Prototypical answer:

gTLDFull Legal NameE-mail suffixDetail

Table of Contents

1 - General description
2 - Data access
2.1 Typology of accessible data
2.2 Profiles for data access control
3 - RDDS architecture
4 - RDDS infrastructure
5 - Rate limitation
6 - Reverse lookups
7 - Interconnectivity and synchronization with other systems
8 - Performance and scalability
9 - ICANN Bulk access compliance
10 - RFC compliance
11 - Resources
11.1 - Initial implementation
11.2 - On-going maintenance

1 - General description

Registration Data Directory Service (RDDS) is one of the five vital functions of the Registry.
It is in direct connection with the database of the Shared Registration System and offers access to the public administrative and technical data of the registry.
The registry back-end solution implements data access through various interfaces that will be described below as well as their data access policies.

The main focus will be made on Whois on port 43 following RFC 3912 which is the main point of access.
The web Whois offers similar functionalities, is based on the same architecture and will be presented through screenshots.

The following description will provide full and detailed description of the architecture of the RDDS both from an application and from an infrastructure point of view.
This architecture is the same as the one used in production by AFNIC for .FR zone and has been fully functional for the last 15 years, with the ability to meet stringent SLAs as well as to scale from the management of a few thousands domain names in operations to over 2 million in late 2011.

2 - Data access

When considering the data access services, we must address :
* the typology of accessible data
* access control : who can access what kind of data
* performance : guarantee of availability and performance for requesting data

Potential limitations to the systems will also be described.
To be able to maintain a good access to everybody (registrar, holders, outside world), our back-end solution provides multiple access with consistent role and access policies.

2.1 Typology of accessible data

Data that can be accessed through the RDDS are mainly :
* contact data : holder, administrative, technical, billing
* domain data : domain name, status
* host data : name servers, IP addresses
* ephemeris : creation, expiration dates
* registrar data

These data are all described in the RFCs and fully compliant to the mapping of RFCs 5730 to 5734 and an example of standard port 43 output is given at the end of the present answer.

2.2 Profiles for data access control

= Whois for registrars =

The main registrar access tool is our RDDS service accessible both on port 43 following specifications of RFC 3912 and through web access.
Both web and port 43 RDDS offer natively compliance with privacy law with a “restricted disclosure” flag if needed by the TLD. This option is activated through Extensible Provisioning Protocol (EPP) standard ʹdiscloseʹ parameters while creating or updating a contact and automatically understood by the whois server to anonymize the data.
This service is accessible both in IPv4 and IPv6.
RDDS access for registrar is rate limited to ensure performance. (see performance)

= Public whois =

RDDS access is also available on port 43 to everybody through a rate limited access to ensure performance. (see performance)

= Legal requirements =

AFNIC back end solution implements by default French privacy laws with opt-out holder personal data privacy.
This option can be deactivated if necessary to be compliant with the policy of the TLD.

3 - RDDS architecture

= RDDS architecture =

RDDS is running on two load balanced front virtual servers directly connected to two databases : the production database for data access, and a rate-limiting service database which applies rate-limiting policies and store IP involved. This server implements token bucket algorithm to flatten traffic on the server.

The two front servers are load balanced using classical round robin implementation.

The network infrastructure is the same as described in the global architecture (referred to below) and no specific dedicated switch or router is to be considered as the rate limiting tool is an applicative one. A global description of the network infrastructure (switch and routers involved) can be found in answers to Question 32 (Architecture).

[see attached diagram Q26_3_RDDS_architecture_diagram.pdf]
Diagram : RDDS architecture diagram
Description : This diagram shows global interaction between Internet, DMZ and private network zones. Topology of network and servers is illustrated including dedicated IP address scheme and network flows.

= RDDS logical diagram =

Our robust infrastructure shows dual Internet Service Provider (ISP) connectivity both in Ipv4 and Ipv6 (Jaguar and RENATER), redundant firewall and switching infrastructure. This part of the architecture is mutualized for all TLDs hosted.

The networking architecture dedicates LAN for administration, backup and production.

Servers are hosted on different network zones : database for database, private for servers not visible on the internet and public for external servers visible on the DMZ. Dedicated zones are also set up for monitoring servers, administration servers or desktop and backup servers.
RDDS servers are directly on the public zone.
Each server is load balanced and the service is not impacted by the loss of one server, the capacity of each server being sized to be able to host the whole traffic.

Servers hosting the .LANCASTER TLD are shared with up to an estimated number of 20 TLDs of comparable scale and use case.

= RDDS physical diagram =

The IP scheme used is the following :

2001:67c:2218:1::4:0⁄64 for IPv6 Internet homing⁄24 for Ipv4 Internet homing

Production LAN⁄24 for public network IP range⁄24,⁄24 for private network IP ranges distributed on the zones described above.

Backup LAN
172.x.y.0⁄24 : x is a different on each network zone. y is fixed to the value of the associated production LAN in the same zone (for example Private zone production LAN being 10.1.”50”.0⁄24, Private zone backup LAN is 172.16.”50”.0⁄24)

Administration LAN
172.z.y.0⁄24 : z is the value of x+1, x being the digit chosen for the corresponding Backup LAN in the same zone. y is fixed to the value of the associated production LAN in the same zone (for example Private zone production LAN being 10.1.”50”.0⁄24, Private zone administration LAN is 172.17.”50”.0⁄24)

Hot standby of the production database is automatically taken into account by the RDDS Oracle Transparent Network Substrate configuration. Therefore if the database are migrated in hot standby due to failure of part of the system, the Registration Data Directory Services (RDDS) access is automatically swapped to the new base.

4 - RDDS infrastructure

In the following description “server” will refer to either a physical or a virtual server.
Due to very fast growth of performance in storage and processors technologies, the infrastructure described below could be replaced by more powerful one available at the time of the set up for the same cost.

At the applicative and system level, AFNIC’s SRS systems are shared with up to an estimated number of 20 TLDs of comparable scale and use case.

AFNIC has invested in very efficient VMWare Vsphere virtualization infrastructure. It provides a flexible approach to recovery both through quick activation of a new fresh server in case of local failure (cold standby) and through global failover to a mirrored infrastructure on another site.
This comes in addition to natural redundancy provided by the load balanced servers.

The RDDS is therefore hosted on virtualized infrastructure on the public zone (Demilitarized Zone - MZ) to the exception of the database, which presents very high rate of I⁄O (Input⁄Output), and is hosted on a dedicated physical infrastructure on the private zone.

The rate limiting database is hosted on one physical dedicated physical server. This server represents no failure point as a failure of the rate limiting system doesn’t affect the service (a standard uniform limitation is then applied instead of intelligent rate limiting).
The main database is the production database also used by the SRS and other registry vital functions and is described more in detail in Question 33 (Database Capabilities).

Databases are based on Oracle technologies. The main database is replicated logically on two sites. Full local recovery processes are in place in case of loss of integrity through the Oracle redolog functions which provides full recovery by replay of historized logged requests.

The whole RDDS service is located in the primary Tier 3 datacenter used by AFNIC in production, the
secondary datacenter serves as failover capacity. Continuity mechanisms at a datacenter level are described in Questions 34 (Geographic Diversity), 39 (Registry Continuity) and 41 (Failover testing).

The detailed list of infrastructures involved can be described as follows :

This infrastructure is designed to host up to an estimated number of 20 TLDs of comparable scale and use case.

= Virtual servers =

RDDS server : 2 servers
* Processor: 1 bi-core CPU
* Main memory: 16 GB of RAM
* Operating system: RedHat RHEL 6
* Disk space: 500 GB

= Data storage : see Question 33 (Database Capabilities) =

= Physical server =

Rate limiting database : 1 server
* Processor: 1 bi-core CPU
* Main memory: 8 GB of RAM
* Operating system: RedHat RHEL 6
* Disk space: 500 GB

Back up servers, backup libraries, Web whois server : mutualized with the global registry service provider infrastructure

= Additionnal infrastructure =

Failover, sandbox, preproduction infrastructure : 3 servers
* 1 bi-core CPU, 16 GB of RAM, RedHat RHEL 6, 500 GB

5 - Rate limitation

To ensure resiliency of the RDDS a rate limitation mechanism is in place.
RDDS is largely used by various public users and registrars, some of them for domain name drop catching. Potentiality of heavy load on this service is very high.
Therefore a rate limitation is applied with threshold calculated from the level of activity expected in order not to penalize normal use of the service. A double level mechanism enables different threshold for identified IP (white list) from registrar and for the public access.

Rate limitation is directly implemented on the front end server.

Access is rate limited through token-bucket algorithms with rate-limiting IP data stored on a dedicated database.
Penalties are applied as follow :
* any IP : 7,200 request 24 hour IP.
* white listed IP for registrars : 86,400 requests⁄ 24 hour ⁄IP.

6 - Reverse lookups

The web RDDS access offers advanced searchability capacities.
The following functions are available :

= Direct queries =

* Partial match query on domain name, administrative, technical, and billing contact name and address, registrant name and address, registrar name including all the sub-fields described in EPP (e.g., street, city, state or province, etc.).
* Exact match query on registrar id, name server name, and name server’s IP glue records
The result of direct queries is the object queried (contact, domain, ...)

= Reverse queries =

* Partial match query on domain name, administrative, technical, and billing contact name and address, registrant name and address, registrar name including all the sub-fields described in EPP (e.g., street, city, state or province, etc.).
* Exact match query on registrar id, name server name, and name server’s IP glue records including IPv6 queries.
The result of reverse queries is the list of objects of a given type linked with the result object (list of domains with a given contact result, or name server result,...)

This powerful tool is limited in access :
* Captcha system avoids scripting of the interface.
* Direct queries are open to every user but the number of result objects is limited to 1,000 answers for 1 query.
* Reverse queries can only be done by registrars on the extranet interface, and the number of result objects is limited to 10,000 answers for 1 query. The interface cannot be used more than 100 times a day.

7 - Interconnectivity and synchronization with other systems

= SRS =

Data updated by the SRS are immediately visible in the RDDS with no further synchronisation needed. Rate limitation is applied both on SRS and RDDS service to avoid any load on the database. SRS and RDDS are partly in the same network zone, both RDDS servers and EPP SSL reverse proxies being in the public network zone (DMZ).

= Main database =

Hot standby of the production database is automatically taken into account by the RDDS Oracle Transparent Network Substrate configuration. Therefore if database are migrated in hot standby due to failure of part of the system, the RDDS service is automatically swapped to the new architecture.

= Rate limiting database =

No standby is implemented on the rate-limiting database. In case of failure, a standard global limitation is applied while, replacement of the database is operated.

= Monitoring =

Monitoring is operated through probes and agents scanning systems with a 5 minutes period. The monitoring system gets snmp data from all servers described in the RDDS architecture and also from dedicated Oracle monitoring agent for the database.
Hot standby is not implemented on monitoring agents.

8 - Performance and scalability

The Registry’s RDDS offers high level production SLAs and derives from the branch of systems that have evolved over the last 12 years to successfully operate a set of french ccTLDs.

The Registry’s RDDS is used to publish .fr, .re, .yt, .pm, .tf, .wf TLDs information. It is used by more than 800 registrars in parallel managing more than 2 millions domain names and by a large user community.

AFNIC’s RDDS is designed to meet ICANN’s Service-level requirements as specified in Specification 10 (SLA Matrix) attached to the Registry Agreement.

As described in Question 31 (Technical Overview) in relation to each of the phases of the TLD’s operations, the following transaction loads are expected on the WHOIS servers : 12 queries⁄hour on average for both launch phase and on going operations.

AFNIC’s WHOIS systems can serve up to 10,000 requests⁄min on load balanced service to be compatible with the launch and growth scenario described in Question 31 (Technical Overview).

The targeted TLD objective being around 1,000 domain names with a provision for 12 queries⁄hour on average, this ensures that enough capacity is available to handle the launching period, as well as demand peaks and unexpected overhead.

Capacity planning indicators are set up to anticipate exceptional growth of the TLD.
Technologies used enables quick upgrade on all fields :
* Servers : virtual resizing to add CPUs or disk space if resource is available on the production ESX servers. If not, 2 spare additional ESX servers can be brought live if additional performance is needed.
* Servers (alternate) : additional servers can be added and taken into account immediately through dns round robin algorithm.
* Database : database capacity has been greatly oversized to avoid need of replacement of this physical powerful server. Precise capacity planning will ensure that sufficient delay will be available to acquire new server if needed. A threshold of 40% of CPU use or total storage capacity triggers alert for acquisition.

9 - ICANN Bulk access compliance

The Registry Operator will provide both data escrow and ICANN bulk access in a same process.
Data escrow generates data on a daily basis. One file per week is kept for ICANN access to bulk data.

10 - RFC compliance

The system has been launched compliant with RFCs. Mechanisms are in place to ensure that on going maintenance and new functional delivery stay compliant with RFCs.

= Delivery process =

The RDDS evolutions are developed on the development environment.
The development process implies strict coding rules and use of shared best practices. Pair programming is standard practice. Unit test are developed prior to function development to ensure resiliency of the produced code.

Delivery process take place in four steps :
* 1st step : RDDS validation and RFC compliance is checked through automated tools. A 100% compliance signal must be received to be able to proceed to second step.
* 2nd step : delivery to the pre-production environment. The development is delivered on the preproduction environment. This environment is available for internal testing team.
* 3rd step : delivery to the sandbox environment. This sandbox environment is opened for registrar where they have two accounts to validate their clients before production activation.
* 4th step : the new release is delivered in production.

= Format validation =

RDDS rfc compliance is reached through a specific RDDS checker which is use for non-regression test before each new release.

= Cross checking =

Whois cross checking partnership is established with .at Registry operator to validate in sandbox environment prior to delivery in production through mutual agreement.

= Whois Output =

Output of a whois query is 100% similar to the whois query example available in RFC 3912.

11 - Resources

Four categories of profiles are needed to run the Registry’s Technical Operations : Registry Operations Specialists (I), Registry Systems Administrators (II), Registry Software Developer (III) and Registry Expert Engineers (IV). These categories, skillset and global availability of resources have been detailed in Question 31 (Technical Overview of Proposed Registry) including specific resources set and organisation to provide 24⁄7 coverage and maintenance capacity.
Specific workload for RDDS management is detailed below.

11.1 - Initial implementation

The initial implementation effort is estimated as follows :

Database Administrator 0.03 man.day
Network Administrator 0.03 man.day
System Administrator 0.03 man.day
Software Developer 0.10 man.day
Software Engineer 0.05 man.day

11.2 - On-going maintenance

On-going maintenance on the RDDS module includes mainly integration of new policy rules, privacy law evolutions, evolution of contracts, infrastructure evolution, failover testing.

Although all the defined technical profiles are needed for such on-going maintenance operations, on a regular basis, it is mainly a workload handled by monitoring and development teams for alert management and new functional developments, respectively.

The on-going maintenance effort per year is estimated as follows, on a yearly basis :

Operations Specialist 0.15 man.day
System Administrator 0.05 man.day
Software Developer 0.05 man.day
Software Engineer 0.10 man.day

Similar gTLD applications: (16)

gTLDFull Legal NameE-mail suffixzDetail
.totalTotal SAtotal.com-4.18Compare
.banqueGEXBAN SASgexban.net-4.18Compare
.bostikBostik SAbostik.com-4.17Compare
.CANALPLUSCANAL+ FRANCEcanal-plus.com-4.17Compare
.sncfSociété Nationale des Chemins de fer Francais S N C Fsncf.Fr-4.17Compare
.MUTUELLEFédération Nationale de la Mutualité Françaisemutualite.fr-4.17Compare
.mmaMMA IARDafnic.fr-4.14Compare
.LECLERCA.C.D. LEC Association des Centres Distributeurs Edouard Leclercprodomaines.com-4.11Compare
.AQUITAINERégion d’Aquitainetic.aquitaine.fr-4.07Compare
.corsicaCollectivité Territoriale de Corsegmail.com-4.07Compare
.bzhAssociation www.bzhafnic.fr-4.07Compare
.ovhOVH SAScorp.ovh.com-4.07Compare
.alsaceREGION D ALSACEsdv.fr-3.95Compare
.PARISCity of Parisafnic.fr-3.78Compare