Back

23 Provide name and full description of all the Registry Services to be provided

gTLDFull Legal NameE-mail suffixDetail
.seatSEAT, S.A. (Sociedad Unipersonal)abril.catView
Q23 - Registry Services


1. Overview

CORE Internet Council of Registrars will provide the technical registry services for the operations of the .seat Registry. The CORE Registration System offers the usual registry services for the .seat TLD: Receipt of data from registrars concerning registration of domain names and name servers via EPP (SRS; see also answer to Question 24, SRS Performance); Dissemination of top-level domain (TLD) zone files (DNS; see also answer to Question 35, DNS service, configuration and operation of name servers); Dissemination of contact or other information concerning domain name registrations (port-43 Whois, web-based Whois; see also answer to Question 26, Whois service); Internationalised Domain Names (see also answer to Question 44, Support for Registering IDN domains); DNS Security Extensions (DNSSEC; see also answer to Question 43, DNSSEC). These services are introduced below. For more detailed descriptions, please refer to the answer to the respective question in the gTLD Applicant Guidebook. Additional benefits offered by the registry are full support for Internet Protocol version 6 (IPv6), data escrow, registrar reports and support for Sunrise and Landrush phases. All of these are compliant with the new gTLD requirements. No further registry services according to the definition in the gTLD Applicant Guidebook are offered for the .seat TLD.

The Shared Registry System (SRS) is the central coordinating instance in the overall system concept. It is the authoritative source of the domain, host and contact data, provides client⁄server-based access methods for the registrars and internal personnel to this data, is responsible for the zone generation, performs accounting and reporting, and feeds the Whois servers.

The SRS is responsible for managing the domain registrations by accepting requests for the creation, update and deletion of domains and related information from the registrars, who act on behalf of the registrants.

The CORE Internet Council of Registrars and its developers have ample experience in designing, developing and operating shared registry systems. The CORE Registration System is compliant with established standards like Internet Engineering Task Force (IETF) Requests for Comments (RFCs) and can be customised for the specific needs of a top level domain, ensuring Internet Corporation for Assigned Names and Numbers (ICANN) gTLD standards compliance.

CORE Internet Council of Registrars has been entrusted with the technical operation of the .cat and .museum TLDs on behalf of the puntCAT and MuseDoma registries. Therefore, CORE has the knowledge and experience that are necessary to provide the mentioned registry services. Since the software development is handled exclusively in-house, the .seat Registry Services do not depend on any external companies or developers. Software development at CORE is always based on principles like efficiency, scalability and security by design.


2. Infrastructure Design


2.1 Goals

The design of the .seat Registry infrastructure achieves three goals:


2.1.1 High Availability

The resolution of domain names by the Domain Name System (DNS) infrastructure is the most critical part. If it fails, not only a large fraction of Internet users is affected, but other Internet infrastructure depends on the domain name resolution as well, causing a cascade of failures.

The shared registry system itself is also in the focus. While theoretically, a short outage would not have a direct and larger impact to the TLD users, a longer outage can become problematic, especially in the light of DNSSEC: If the registry is unable to re-sign the zone in time, the zone will become bogus and the effect will be similar to a failure of the whole DNS infrastructure.


2.1.2 Scalability

The aspects of scalability must be observed for two reasons: The infrastructure must grow with the demand; economic considerations let it seem unreasonable to launch with oversized hardware equipment. The software design must be able to cope with increasing demand, it must allow the long term upgrade of the infrastructure. Scalability must also be provided for unforeseeable load peaks. The infrastructure must be resilient and one step ahead; spare resources must be available.


2.1.3 Security

In an increasingly adverse environment, security is a cardinal goal. Various attack vectors need to be addressed. For example, the public infrastructure must be protected against pure (distributed) denial of service attacks and exploits of bugs in devices, operating systems and application software, and the SRS must be protected against intrusion by third parties with the intent of deletion or manipulation of data or stealing private keys used for DNSSEC.


2.2 Design Principles

The design principles that follow these goals are as follows:

* Shared Registry System (SRS)
** The SRS (actually all services except the name servers) is run on two sites, a primary and a secondary site. These sites are geographically separated for an event of force majeure that makes one of the sites unavailable.
** Fail-over strategies are used systematically, either by the software itself or by employing cluster technologies where applicable.
** Systematic data replication⁄backup⁄escrow is ensured.
** Modularisation of the software and avoidance of monolithic structures improves scalability and maintainability.
** Intrinsic support for multiple instances of software components to distribute load is guaranteed.
** State-of-the-art security technology reduces chances for attackers to a minimum.
** Some components like the Extensible Provisioning Protocol (EPP) interfaces may run in multiple instances. Incoming requests are distributed to these instances with the help of load balancers. Excluding instances one by one allows maintenance in respect to both hardware and software without interrupting the actual service.
* DNS Infrastructure
** Diversity in software and hardware increases security.
** Use of Anycast networks ensures high availability.


3. Features


3.1 Receipt of Data from Registrars

The SRS receives data from the registrars, writes the data into the database and passes on TLD zone files to the DNS services. The registry has a Whois function to make information about contacts and domain registrations available to the general public. DNS and Whois are updated dynamically. The registry TLD name servers receive DNSSEC-signed master zone data.

The .seat TLD will be operated as a so-called ʺthickʺ registry, i.e. the data for domain registrants, administrative contacts, technical contacts and billing contacts is stored in the registry repository. Registry policy mandates that each domain must be associated with exactly four contacts, one contact of each type. In contrast to a ʺthinʺ registry (which doesnʹt store contact information), this allows the registry Whois service to provide contact information itself, i.e. it doesnʹt rely on registrars to operate their own Whois services for the inquiry of domain contact data.

Registrars can provide the data necessary for the registration of domains, contacts and name servers (hosts) in two ways. Firstly, using the EPP interface of the CORE Registration System, which allows completely automatic processing of requests. Secondly, there is the option of using a password-protected web interface (ʺControl Panelʺ). The Control Panel offers copious amounts of information and many tools for registrars and registry administrators. Registry objects can be inquired and modified, creating new objects is possible just as easily. In addition, automatically generated reports for registrars are made available for download. Each report contains detailed information about the registry objects of the respective registrar. The Control Panel also allows the administration of registrars. Such administrative functions are of course limited to users belonging to the registry. These can also - their privileges permitting - inspect the tariffs and make corrective entries in the billing system.


3.2 Internationalised Domain Names

The CORE Registration System supports internationalised domain names (IDN, see RFC 3490, 5890-5894) in several ways.

In the extensible provisioning protocol (EPP), there are various XML elements that expect a domain name. The EPP implementation of the CORE Registration System accepts domain names in A-label notation (punycode) as well as in U-label notation (unicode). The former notation is preferred; all EPP responses use A-labels, even if the respective request used U-labels.

Internationalised domain names are not only supported as first-class objects, but also as so-called variants of a base domain. In this case, a domain has more than one representation. The alternatives are organised as attributes of the base domain, meaning they cannot exist by themselves. This has the advantage that they are much less subject to domain squatting, since the variants always belong to the same registrant as the base domain. In the DNS the variants are represented by DNAME records (as it is done in the .cat and .gr TLDs) or published with the same name servers as the base domain. A precondition for the use of variants is that the specified language(s) allow the derivation of a canonical name from any valid domain name. This is, for example, achieved by the principles defined in RFC 3743 for the Chinese⁄Japanese⁄Korean languages.

For more information about IDN support, please refer to the answer to Question 44, Support for Registering IDN Domains.


3.3 DNSSEC

Support of the DNSSEC extension according to RFC 5910 allows to specify the DNSKEY data. The CORE Registration System calculates the delegation signer (DS) records from the DNSKEY data and adds them to the zone file. Further information about the DNSSEC implementation can be found in the answer to Question 43, DNSSEC.


3.4 IPv6 Support

The .seat Registry infrastructure supports IPv6 on all levels: Firstly, the name servers use IPv6 addresses on the DNS protocol level (port 53), i.e. domain names can be resolved by using the IPv6 protocol. Secondly, the registry software is able to assign IPv6 addresses to in-zone hosts as provided in the EPP Host Mapping (RFC 5732) and to publish these addresses via AAAA records in the zone. Thirdly, registrars can connect to the registry by using the EPP transport protocol via IPv6. Fourthly, the Whois service (both port 43 and web interface) can be accessed via IPv6. Fifthly, the registrar web interface can be accessed via IPv6. Details about the IPv6 capabilities can be found in the answer to Question 36, IPv6 Reachability.


4. Zone Management

Whenever the authoritative data of a domain or host is altered, the change is forwarded to the DNS component and other components. Upon reception of this change, the DNS-specific database tables are updated. The structure of these tables directly corresponds to the structure of the zone file, so that the zone file can be generated with little effort.

The generated zone is then fed into the DNSSEC signing component. Since the zone changes only marginally between the runs, the signing component re-uses RRSIG signatures and NSEC3 name mappings from previous runs. This reduces the run time of the signing process by an order of magnitude on average.

In the next step, the zone is delivered to the ironDNS system, which manages the distribution of the zone to the name servers independently. For more details about this process, please refer to the answer to Question 35, DNS Service.

The whole process is covered by integrity checks. The zone is inspected by heuristic rules, for example, the change in size between the previous and new zone is determined and checked against limits. If there is any evidence that the zone may contain problems, the deployment process is halted and manual inspection by the support team is requested. Where applicable, the distribution is accompanied by safeguards, like cryptographic digests, to allow the detection of changes or truncations.


5. Whois service

The CORE Registration System contains a public service that can be used to inquire data of registry objects (i.e. domains, contacts, hosts and registrars), the Registration Data Directory Services (RDDS). At the moment, this is implemented as a Whois service. Details regarding the Whois service can be found in the answer to Question 26, Whois service. Abuse of this service is effectively prevented, for details refer to the answer to Question 28, Abuse Prevention and Mitigation.


6. Escrow and Reports

The SRS also handles the monthly reports to ICANN and the generation of escrow files according to ICANNʹs specifications. The reports and escrow files are automatically sent to ICANN and the escrow provider, respectively.

In its role as the registry backend operator for .museum and .cat, CORE Internet Council of Registrars has continuously provided reliable registry data escrow services for these registries, in full compliance with the escrow specifications of the respective ICANN registry agreements.

In the same fashion, CORE also produces registrar escrow files for its registrar activities, in full compliance with ICANNʹs Registrar Data Escrow (RDE) requirements.

Fully automated daily processes are in place that create the full or incremental XML escrow files as required, then split, sign and encrypt them according to the requirements from ICANN and the escrow agent, and finally transfer the resulting data to the escrow agentʹs server. The escrow files contain the main SRS data, zone data and RDDS⁄Whois data. CORE Internet Council of Registrars also provides access to full zone data for the .museum and .cat TLDs to eligible parties upon sign-up to this service. Access is granted to authenticated users via an SSL⁄TLS-secured web interface.

All registry agreements with ICANN require the registry operator to submit a monthly report about the registryʹs activities, inventory and performance to ICANN. COREʹs registry system is able to create such a report containing (among other things) data about: domain⁄host inventory statistics, domain transfer statistics and domain renewal⁄deletion⁄restore statistics per registrar; service availability, outage durations and response times for SRS, DNS and Whois; Whois request statistics.

In addition, the following reports may be created for each registrar: Inventory report: domain, contact and host objects sponsored by the registrar on a specific date; Transfer report: transfers in progress, completed or rejected on a specific date; Autorenewal report: domains being automatically renewed on a specific date; Billing report: detailed information about every single billing operation that has been performed on the registrarʹs account (including refunds).


7. Support for Sunrise Phase

A common problem that arises during the initial launch of a new top level domain (and, potentially, subsequently when new features like IDNs are introduced) is to ensure that trademark owners or otherwise eligible parties can claim their names in an organised manner that can be audited in case of legal disputes. To this end, registries usually offer a so-called ʺSunriseʺ phase, i.e. a certain period of time during which only eligible parties are allowed to register domain names. Eligibility has to be proved by providing information about a trademark related to the domain name, for example. Such additional information is provided by the registrars during registration of the domain name, with the help of a special EPP extension (see answer to Question 25, Extensible Provisioning Protocol, for details).

The validity of a Sunrise domain name application is checked by an external service provider, the so-called Trademark Clearinghouse. At the time of writing, ICANN has issued a request for information for providers to perform the Trademark Clearinghouse functions. It is envisaged that the CORE Registration System will use a suitably defined interface of the Trademark Clearinghouse to submit requests according to the trademark data submitted by domain name applicants.

To facilitate the handling of Sunrise applications, the CORE Registration System is equipped with a built-in issue system that offers registry personnel a convenient web interface to review domain name applications and to approve or reject them accordingly.

The issue system allows searching for applications by various criteria (e.g. domain name or current workflow⁄approval state). It offers a two-level review workflow that allows the delegation of pre-selection tasks to the first level support staff, after which a final decision - if still required - can be made by second level personnel. All application details, including registrant information and all supplied trademark information is conveniently displayed. The issue system fully tracks and documents application status and history, allowing for a complete audit in case of legal issues. Furthermore, it is fully integrated with the registry backend, i.e. it automatically notifies the SRS about the reviewersʹ decisions and immediately activates the respective domain in case of an approval.

The issue system was first used during puntCATʹs elaborate multi-phase Sunrise period in 2006 and proved to be an invaluable tool for efficiently organising a TLD roll-out process.

The CORE Registration System offers built-in support for Sunrise and Landrush phases. In the case of the .seat Registry, only a Sunrise phase will be supported.


8. Domain Expiration and (Auto-)Renewal Policies

Domains are registered for a certain interval only. The possible intervals are multiples of a year. The system maintains a so-called ʺexpirationʺ date, which represents the date up to which the registrar has paid the fees for the respective domain. This date is also published on the public Whois servers and is included in reports generated for the registrars.

Domains must be registered at least for a year. The registration period can be extended at any time by issuing a ʺrenewʺ request to the registry. However, the resulting expiration date must be not beyond 10 full years in the future.

Since usually the registrars use the same intervals for their customers, there is always the problem that some customers make up their decisions whether to keep a domain or to delete it at the very end of the registration term. To accommodate the registrars with this problem, it is common practice among the registries to grant a so-called grace period, which starts at the expiration date. During this 45 day period, the registrar may delete the domain without paying any fees for the already started next term. If after 45 days the domain has neither been deleted nor renewed by the registrar, the registry itself automatically renews the domain by one year.


9. Billing

The registry maintains an account for each registrar. All registrations, transfers, renewals and other billable operations have to be prepaid, and corresponding fees are deducted from the registrarʹs account.

Whenever a billable operation is attempted, the registrarʹs account is first checked for sufficient funds. If the account is lacking the required funds, the operation is rejected. A corresponding result code is returned if the rejection affects a realtime EPP command, as opposed to e.g. an internal autorenew operation that was not directly triggered by a registrar command. However, the autorenewal of expired domains is treated differently; to avoid accidental domain deletions, autorenewals are continued even in case of insufficient registrar funds. Non-billable operations (like all read-only commands) and activities that trigger refunds are always executed, regardless of the registrarʹs account balance.

If sufficient funds are available, the operation is executed and the registrarʹs account is charged with the corresponding fee (if the operation was completed successfully).

Each registrar may provide an account balance threshold value. The billing subsystem will automatically send an e-mail containing a ʺlow account balance warningʺ to the registrar whenever the registrarʹs funds drop below the configured threshold value.

Some commands, like domain deletions or transfer cancellations, result in refunds if corresponding grace periods apply. The affected registrarʹs account is immediately credited for each refund.

The billing subsystem utilises its own database, containing tables for registrar accounts (including current balance and warning threshold), tariffs for billable operations along with their validity periods and book entries (each one representing a single credit or debit).

The SRS component responsible for actual registry operation communicates with the billing component. Any billable or refundable event (such as domain creation, domain deletion within grace period, request for domain transfer, domain renewal or autorenewal) results in the lookup of a suitable tariff in the tariff table, the creation of a corresponding record in the book entry table and the update of the registrarʹs account.

The entire implementation is carefully designed to ensure billing accuracy. The checking for sufficient funds as well as the processing of book entries representing the billable events are always done within the same database transaction that performs the actual billable repository change, thus ensuring transactional integrity and account consistency.


10. OT+E and Staging Environment

In addition to the production registry system, CORE Internet Council of Registrars provides an independent Operational Test and Evaluation (OT+E) system to give registrars the opportunity to develop and test their client software in a self-contained ʺsandboxʺ environment that does not interfere with production business.

The OT+E system emulates the behaviour of the production system as closely as possible to allow for realistic testing. It also includes a Whois server, as well as a name server fed from the sandbox data, which facilitates the testing of transfer policy and DNSSEC implementations on the registrar side, respectively.

The OT+E system differs, however, from the production system in some respects to further simplify development for the registrars: Firstly, each registrar is granted two independent identities on the OT+E system. This enables each registrar to test domain transfers easily by creating domains with the first identity and transferring them to the second identity (or vice versa). Secondly, to allow short turnaround times for registrars during their tests, most of the periods and deadlines used by the production system are significantly shortened (or entirely disabled) on the OT+E system. For example, the OT+E system – contrary to the production SRS – uses an Add Grace Period shorter than 5 days to allow registrars to test domain name redemption more easily.

Apart from the mentioned differences, the OT+E system will always run the exact same software as the production system. Both systems are updated at the same time whenever a new release is deployed.

To facilitate a smooth roll-out of major software upgrades, especially those that involve protocol or policy changes requiring changes to client systems, a separate so-called ʺStagingʺ system is operated, on which these new software versions are deployed with appropriate lead time before the same changes are applied to the production and OT+E systems. The actual lead time depends on the nature and the extent of the changes involved.

The SRS is routinely adapted to improved standards and to cope with new technical, capacity and organisational demands.

gTLDFull Legal NameE-mail suffixDetail
.ruhrregiodot GmbH & Co. KGdotzon.comView
1. Overview

The TANGO Registration System of Knipp Medien und Kommunikation GmbH (herein after referred to as Knipp) offers the usual registry services: Receipt of data from registrars concerning registration of domain names and name servers via EPP (SRS; see also answer to Question 24, SRS Performance); Dissemination of top-level domain (TLD) zone files (DNS; see also answer to Question 35, DNS service, configuration and operation of name servers); Dissemination of contact or other information concerning domain name registrations (port-43 Whois, web-based Whois; see also answer to Question 26, Whois service); Internationalised Domain Names (see also answer to Question 44, Support for Registering IDN domains); DNS Security Extensions (DNSSEC; see also answer to Question 43, DNSSEC). These services are introduced below. For more detailed descriptions, please refer to the answer to the respective question in the gTLD Applicant Guidebook. Additional benefits offered by the registry are full support for Internet Protocol version 6 (IPv6), data escrow, registrar reports and support for Sunrise and Landrush phases. All of these are compliant with the new gTLD requirements. No further registry services according to the definition in the gTLD Applicant Guidebook are offered.

The Shared Registry System (SRS) is the central coordinating instance in the overall system concept. It is the authoritative source of the domain, host and contact data, provides client⁄server-based access methods for the registrars and internal personnel to this data, is responsible for the zone generation, performs accounting and reporting, and feeds the Whois servers.

The SRS is responsible for managing the domain registrations by accepting requests for the creation, update and deletion of domains and related information from the registrars, who act on behalf of the registrants.

The TANGO Registration System of Knipp will be used for operating regiodot. Its developers have ample experience in designing, developing and operating shared registry systems. The TANGO Registration System is compliant with established standards like Internet Engineering Task Force (IETF) Requests for Comments (RFCs) and can be customised for the specific needs of a top level domain, ensuring Internet Corporation for Assigned Names and Numbers (ICANN) gTLD standards compliance.


2. Infrastructure Design


2.1 Goals

The design of the regiodot infrastructure achieves three goals:


2.1.1 High Availability

The resolution of domain names by the Domain Name System (DNS) infrastructure is the most critical part. If it fails, not only a large fraction of Internet users is affected, but other Internet infrastructure depends on the domain name resolution as well, causing a cascade of failures.

The shared registry system itself is also in the focus. While theoretically, a short outage would not have a direct and larger impact to the TLD users, a longer outage can become problematic, especially in the light of DNSSEC: If the registry is unable to re-sign the zone in time, the zone will become bogus and the effect will be similar to a failure of the whole DNS infrastructure.


2.1.2 Scalability

The aspects of scalability must be observed for two reasons: The infrastructure must grow with the demand; economic considerations let it seem unreasonable to launch with oversized hardware equipment. The software design must be able to cope with increasing demand, it must allow the long term upgrade of the infrastructure. Scalability must also be provided for unforeseeable load peaks. The infrastructure must be resilient and one step ahead; spare resources must be available.


2.1.3 Security

In an increasingly adverse environment, security is a cardinal goal. Various attack vectors need to be addressed. For example, the public infrastructure must be protected against pure (distributed) denial of service attacks and exploits of bugs in devices, operating systems and application software, and the SRS must be protected against intrusion by third parties with the intent of deletion or manipulation of data or stealing private keys used for DNSSEC.


2.2 Design Principles

The design principles that follow these goals are as follows:

* Shared Registry System (SRS)
** The SRS (actually all services except the name servers) is run on two sites, a primary and a secondary site. These sites are geographically separated for an event of force majeure that makes one of the sites unavailable.
** Fail-over strategies are used systematically, either by the software itself or by employing cluster technologies where applicable.
** Systematic data replication⁄backup⁄escrow is ensured.
** Modularisation of the software and avoidance of monolithic structures improves scalability and maintainability.
** Intrinsic support for multiple instances of software components to distribute load is guaranteed.
** State-of-the-art security technology reduces chances for attackers to a minimum.
** Some components like the Extensible Provisioning Protocol (EPP) interfaces may run in multiple instances. Incoming requests are distributed to these instances with the help of load balancers. Excluding instances one by one allows maintenance in respect to both hardware and software without interrupting the actual service.
* DNS Infrastructure
** Diversity in software and hardware increases security.
** Use of Anycast networks ensures high availability.


3. Features


3.1 Receipt of Data from Registrars

The SRS receives data from the registrars, writes the data into the database and passes on TLD zone files to the DNS services. The registry has a Whois function to make information about contacts and domain registrations available to the general public. DNS and Whois are updated dynamically. The registry TLD name servers receive DNSSEC-signed master zone data.

The .RUHR TLD will be operated as a so-called ʺthickʺ registry, i.e. the data for domain registrants, administrative contacts, technical contacts and billing contacts is stored in the registry repository. Registry policy mandates that each domain must be associated with exactly four contacts, one contact of each type. In contrast to a ʺthinʺ registry (which doesnʹt store contact information), this allows the registry Whois service to provide contact information itself, i.e. it doesnʹt rely on registrars to operate their own Whois services for the inquiry of domain contact data.

Registrars can provide the data necessary for the registration of domains, contacts and name servers (hosts) in two ways. Firstly, using the EPP interface of the TANGO Registration System, which allows completely automatic processing of requests. Secondly, there is the option of using a password-protected web interface (ʺControl Panelʺ). The Control Panel offers copious amounts of information and many tools for registrars and registry administrators. Registry objects can be inquired and modified, creating new objects is possible just as easily. In addition, automatically generated reports for registrars are made available for download. Each report contains detailed information about the registry objects of the respective registrar. The Control Panel also allows the administration of registrars. Such administrative functions are of course limited to users belonging to the registry. These can also - their privileges permitting - inspect the tariffs and make corrective entries in the billing system.


3.2 Internationalised Domain Names

The TANGO Registration System supports internationalised domain names (IDN, see RFC 3490, 5890-5894) in several ways.

In the extensible provisioning protocol (EPP), there are various XML elements that expect a domain name. The EPP implementation of the TANGO Registration System accepts domain names in A-label notation (punycode) as well as in U-label notation (unicode). The former notation is preferred; all EPP responses use A-labels, even if the respective request used U-labels.

For more information about IDN support, please refer to the answer to Question 44, Support for Registering IDN Domains.


3.3 DNSSEC

Support of the DNSSEC extension according to RFC 5910 allows to specify the DNSKEY data. The TANGO Registration System calculates the delegation signer (DS) records from the DNSKEY data and adds them to the zone file. Further information about the DNSSEC implementation can be found in the answer to Question 43, DNSSEC.


3.4 IPv6 Support

The regiodot infrastructure supports IPv6 on all levels: Firstly, the name servers use IPv6 addresses on the DNS protocol level (port 53), i.e. domain names can be resolved by using the IPv6 protocol. Secondly, the registry software is able to assign IPv6 addresses to in-zone hosts as provided in the EPP Host Mapping (RFC 5732) and to publish these addresses via AAAA records in the zone. Thirdly, registrars can connect to the registry by using the EPP transport protocol via IPv6. Fourthly, the Whois service (both port 43 and web interface) can be accessed via IPv6. Fifthly, the registrar web interface can be accessed via IPv6. Details about the IPv6 capabilities can be found in the answer to Question 36, IPv6 Reachability.


4. Zone Management

Whenever the authoritative data of a domain or host is altered, the change is forwarded to the DNS component and other components. Upon reception of this change, the DNS-specific database tables are updated. The structure of these tables directly corresponds to the structure of the zone file, so that the zone file can be generated with little effort.

The generated zone is then fed into the DNSSEC signing component. Since the zone changes only marginally between the runs, the signing component re-uses RRSIG signatures and NSEC3 name mappings from previous runs. This reduces the run time of the signing process by an order of magnitude on average.

In the next step, the zone is delivered to the ironDNS® system, which manages the distribution of the zone to the name servers independently. For more details about this process, please refer to the answer to Question 35, DNS Service.

The whole process is covered by integrity checks. The zone is inspected by heuristic rules, for example, the change in size between the previous and new zone is determined and checked against limits. If there is any evidence that the zone may contain problems, the deployment process is halted and manual inspection by the support team is requested. Where applicable, the distribution is accompanied by safeguards, like cryptographic digests, to allow the detection of changes or truncations.


5. Whois service

The TANGO Registration System contains a public service that can be used to inquire data of registry objects (i.e. domains, contacts, hosts and registrars), the Registration Data Directory Services (RDDS). At the moment, this is implemented as a Whois service. Details regarding the Whois service can be found in the answer to Question 26, Whois service. Abuse of this service is effectively prevented, for details refer to the answer to Question 28, Abuse Prevention and Mitigation.


6. Escrow and Reports

The SRS also handles the monthly reports to ICANN and the generation of escrow files according to ICANNʹs specifications. The reports and escrow files are automatically sent to ICANN and the escrow provider, respectively.

As a technical provider for CORE Internet Council of Registrars, Knipp designed, developed and still operates ICANN-compliant escrow services as part of COREʹs shared registry system, which is used to supply registry backend services for the .museum and .cat registries. In this function, Knipp has continuously provided (and still provides) reliable registry data escrow services for these registries, helping CORE to be in full compliance with the escrow specifications of the respective ICANN registry agreements.

In the same fashion, Knipp also developed and still operates a system that produces registrar escrow files for COREʹs registrar activities, in full compliance with ICANNʹs RDE requirements.

Fully automated daily processes are in place that create the full or incremental XML escrow files as required, then split, sign and encrypt them according to the requirements from ICANN and the escrow agent, and finally transfer the resulting data to the escrow agentʹs server. The escrow files contain the main SRS data, zone data and RDDS⁄Whois data. Knipp as a vendor for CORE also provides access to full zone data for the .museum and .cat TLDs to eligible parties upon sign-up to this service. Access is granted to authenticated users via an SSL⁄TLS-secured web interface.

All registry agreements with ICANN require the registry operator to submit a monthly report about the registryʹs activities, inventory and performance to ICANN. Knippʹs registry system is able to create such a report containing (among other things) data about: domain⁄host inventory statistics, domain transfer statistics and domain renewal⁄deletion⁄restore statistics per registrar; service availability, outage durations and response times for SRS, DNS and Whois; Whois request statistics.

In addition, the following reports may be created for each registrar: Inventory report: domain, contact and host objects sponsored by the registrar on a specific date; Transfer report: transfers in progress, completed or rejected on a specific date; Autorenewal report: domains being automatically renewed on a specific date; Billing report: detailed information about every single billing operation that has been performed on the registrarʹs account (including refunds).


7. Support for Sunrise and Landrush Phases

A common problem that arises during the initial launch of a new top level domain (and, potentially, subsequently when new features like IDNs are introduced) is to ensure that trademark owners or otherwise eligible parties can claim their names in an organised manner that can be audited in case of legal disputes. To this end, registries ususally offer a so-called ʺSunriseʺ phase, i.e. a certain period of time during which only eligible parties are allowed to register domain names. Eligibility has to be proved by providing information about a trademark related to the domain name, for example. Such additional information is provided by the registrars during registration of the domain name, with the help of a special EPP extension (see answer to Question 25, Extensible Provisioning Protocol, for details).

The validity of a Sunrise domain name application is checked by an external service provider, the so-called Trademark Clearinghouse. At the time of writing, ICANN has issued a request for information for providers to perform the Trademark Clearinghouse functions. It is envisaged that the TANGO Registration System will use a suitably defined interface of the Trademark Clearinghouse to submit requests according to the trademark data submitted by domain name applicants.

To facilitate the handling of Sunrise applications, the TANGO Registration System is equipped with a built-in issue system that offers registry personnel a convenient web interface to review domain name applications and to approve or reject them accordingly.

The issue system allows searching for applications by various criteria (e.g. domain name or current workflow⁄approval state). It offers a two-level review workflow that allows the delegation of pre-selection tasks to the first level support staff, after which a final decision - if still required - can be made by second level personnel. All application details, including registrant information and all supplied trademark information is conveniently displayed. The issue system fully tracks and documents application status and history, allowing for a complete audit in case of legal issues. Furthermore, it is fully integrated with the registry backend, i.e. it automatically notifies the SRS about the reviewersʹ decisions and immediately activates the respective domain in case of an approval.

The issue system was first used during puntCATʹs elaborate multi-phase Sunrise period in 2006 and proved to be an invaluable tool for efficiently organising a TLD roll-out process.

Another problem registries are facing, mostly during initial launch phases, is the unbiased allocation of domains in case of multiple competing valid applications for the same name. This is predominantly an issue during the so-called ʺLandrushʺ phase (i.e. the beginning of a TLDʹs general availability (GA) when anybody may register a domain), but it may also apply to Sunrise cases in which multiple applicants present valid trademarks or similar proof of eligibility.

In the past, many registries have chosen a simple first-come, first-served approach to handle these situations - the registrar who was able to submit the first registration request after the opening of the GA phase was awarded the name. However, this seemingly fair model not only puts an unnecessary load on the registryʹs server infrastructure, it also gives registrars an unfair advantage if their systems are located closer (in terms of network topology) to the registryʹs SRS. The system also encourages the creation of ʺpseudoʺ registrars just for the purpose of getting more parallel connections to the registry system for fast submission of as many requests as possible.

Consequently, Knipp suggests an alternative, auction-based approach for Landrush situations.

Knippʹs registry system provides the technical infrastructure required to conduct auctions for the assignment of domain names to the highest bidding registrant.

Its core component is an EPP extension that registrars may use to place a bid for a domain name and obtain information about the status of an auction they participate in (refer to the answer to Question 25, Extensible Provisioning Protocol, for more information).

The TANGO Registration System offers built-in support for Sunrise and Landrush phases. In the case of regiodot, both a Sunrise phase and a Landrush phase will be supported.


8. Domain Expiration and (Auto-)Renewal Policies

Domains are registered for a certain interval only. The possible intervals are multiples of a year. The system maintains a so-called ʺexpirationʺ date, which represents the date up to which the registrar has paid the fees for the respective domain. This date is also published on the public Whois servers and is included in reports generated for the registrars.

Domains must be registered at least for a year. The registration period can be extended at any time by issuing a ʺrenewʺ request to the registry. However, the resulting expiration date must be not beyond 10 full years in the future.

Since usually the registrars use the same intervals for their customers, there is always the problem that some customers make up their decisions whether to keep a domain or to delete it at the very end of the registration term. To accommodate the registrars with this problem, it is common practice among the registries to grant a so-called grace period, which starts at the expiration date. During this 45 day period, the registrar may delete the domain without paying any fees for the already started next term. If after 45 days the domain has neither been deleted nor renewed by the registrar, the registry itself automatically renews the domain by one year.


9. Billing

The registry maintains an account for each registrar. All registrations, transfers, renewals and other billable operations have to be prepaid, and corresponding fees are deducted from the registrarʹs account.

Whenever a billable operation is attempted, the registrarʹs account is first checked for sufficient funds. If the account is lacking the required funds, the operation is rejected. A corresponding result code is returned if the rejection affects a realtime EPP command, as opposed to e.g. an internal autorenew operation that was not directly triggered by a registrar command. However, the autorenewal of expired domains is treated differently; to avoid accidental domain deletions, autorenewals are continued even in case of insufficient registrar funds. Non-billable operations (like all read-only commands) and activities that trigger refunds are always executed, regardless of the registrarʹs account balance.

If sufficient funds are available, the operation is executed and the registrarʹs account is charged with the corresponding fee (if the operation was completed successfully).

Each registrar may provide an account balance threshold value. The billing subsystem will automatically send an e-mail containing a ʺlow account balance warningʺ to the registrar whenever the registrarʹs funds drop below the configured threshold value.

Some commands, like domain deletions or transfer cancellations, result in refunds if corresponding grace periods apply. The affected registrarʹs account is immediately credited for each refund.

The billing subsystem utilises its own database, containing tables for registrar accounts (including current balance and warning threshold), tariffs for billable operations along with their validity periods and book entries (each one representing a single credit or debit).

The SRS component responsible for actual registry operation communicates with the billing component. Any billable or refundable event (such as domain creation, domain deletion within grace period, request for domain transfer, domain renewal or autorenewal) results in the lookup of a suitable tariff in the tariff table, the creation of a corresponding record in the book entry table and the update of the registarʹs account.

The entire implementation is carefully designed to ensure billing accuracy. The checking for sufficient funds as well as the processing of book entries representing the billable events are always done within the same database transaction that performs the actual billable repository change, thus ensuring transactional integrity and account consistency.


10. OT+E and Staging Environment

In addition to the production registry system, Knipp provides an independent Operational Test and Evaluation (OT+E) system to give registrars the opportunity to develop and test their client software in a self-contained ʺsandboxʺ environment that does not interfere with production business.

The OT+E system emulates the behaviour of the production system as closely as possible to allow for realistic testing. It also includes a Whois server, as well as a name server fed from the sandbox data, which facilitates the testing of transfer policy and DNSSEC implementations on the registrar side, respectively.

The OT+E system differs, however, from the production system in some respects to further simplify development for the registrars: Firstly, each registrar is granted two independent identities on the OT+E system. This enables each registrar to test domain transfers easily by creating domains with the first identity and transferring them to the second identity (or vice versa). Secondly, to allow short turnaround times for registrars during their tests, most of the periods and deadlines used by the production system are significantly shortened (or entirely disabled) on the OT+E system. For example, the OT+E system – contrary to the production SRS – uses an Add Grace Period shorter than 5 days to allow registrars to test domain name redemption more easily.

Apart from the mentioned differences, the OT+E system will always run the exact same software as the production system. Both systems are updated at the same time whenever a new release is deployed.

To facilitate a smooth roll-out of major software upgrades, especially those that involve protocol or policy changes requiring changes to client systems, a separate so-called ʺStagingʺ system is operated, on which these new software versions are deployed with appropriate lead time before the same changes are applied to the production and OT+E systems. The actual lead time depends on the nature and the extent of the changes involved.

The SRS is routinely adapted to improved standards and to cope with new technical, capacity and organisational demands.

Knipp as a vendor for CORE has been entrusted with the technical operation of the .cat and .museum TLDs on behalf of the puntCAT and Musedoma registries. Therefore, Knipp has the knowledge and experience that are necessary to provide the mentioned registry services. Since the software development is handled exclusively in-house, the .RUHR Registry Services do not depend on any external companies or developers. Software development at Knipp is always based on principles like efficiency, scalability and security by design.