23 Provide name and full description of all the Registry Services to be provided
|gTLD||Full Legal Name||E-mail suffix||Detail|
All services below are hosted on duplicated infrastructure in separate networks for failover and data backup security.
1. An RFC-compliant EPP service
This service takes care of all host, contact and domain object registrations, alterations and deletions.
The EPP service is written entirely in Java 1.7 by the programming staff of our mother company H2 Services, and designed with stability, speed and security as basis of the code. The server will only accept connections coming from IP addresses that have been registered by the clients of the FRL registry. Any request coming from another IP address will be rejected. The service will be protected against DDOS attacks with a webbased DDOS scrubber or local applicance.
Every connection to the service is logged in the object administration; with every log a session time in milliseconds is also logged. Daily reporting from the server indicates if average session time is increasing or decreasing, giving the maintainers of the service a good indication if the service is performing within standards. These reports are also used as test for measuring compliance to internal and external Service Level Agreements (SLAs). The reporting module also reports numbers of sessions and session times per accredited registrar. Whenever a registrar crosses indicated thresholds, the registrar can be temporarily denied access to the EPP service. The thresholds can be set on a per-registrar basis, allowing larger registrars to have more and longer sessions than smaller ones.
The EPP service will accept host objects, but not host attributes. Host objects will be unique for the whole registry. When host objects are registered by any user that is not the owner of the associated domain object, the host objects are automatically assigned to the owner of the domain object in the same administration. Only the host-object (and thus the domain-) owner can change attributes on the host object.
The EPP service is connected to a MySQL database that is normalized to the third normal form, allowing all possibilities in naming and objects that are described in RFC5730, RFC5731, RFC5732, RFC5733 and RFC5734.
Every EPP command received by the server is checked against the xsd schemas using the Oracle JAXB (Java Architecture for XML Binding) technology. This forces the programmers to write proper xsd schemas for every extension that is made to the standard EPP implementation.
All connections to the EPP service are SSL encrypted. Every connection is monitored and logged for later inspection. Every command issued to the server is logged, with information about the type of command issues (info, create, modify, delete) and the amount of milliseconds it took to complete the command and answer to the registrar. These parameters are saved into a daily report of EPP operational statistics. The connected registries will also have access to their own statistical information.
2. Shared registration system
The registration system is a website where ICANN-accredited and FRL-approved registrars can administer the domain, contact and host objects they have created. They will have the possibility of creating and deleting objects, and viewing object status. The website will query the registry database on a read-only basis, and all object modifications submitted on the website are done via the EPP service. All connections to the website are SSL-encrypted.
Every registrar that has a contract with the .frl registry will be able to log in to this website, and see:
- The registrar’s current financial status. Registrations are done based on prepayment. Every registrar will have to pay in advance fee to be able to register domain names. Every registered domain name or transfer will be deducted from the prepayment. When prepayment levels are low, the registrar is warned that new payments must be done to get the prepayment level to an acceptable height. When there is no money left in the account, the registrar will not be able to register domain names.
In special cases, personnel of the FRL registry can assign a negative threshold to the prepayment levels, enabling the registrar to register domain names while payment is underway.
- The registrar’s invoices. Every month an invoice will be prepared for the registrar, for the totals of registered domain names and requested transfers that were completed. The addendum to the invoice will list all transactions that have a financial impact on that invoice.
- The registrar’s domain portfolio. The registrar will be able to list, search and maintain all domain names in its portfolio. A registrar can choose to create more then one account, and give each account specific access rights: some accounts can only view domain data (and for example no invoices), other accounts can see invoices or do payments, or maybe request a new domain name or a transfer.
All modifications of domain, host or contact objects that are requested via the website are done through the EPP server. The website itself is not allowed to do any modification to the domain administration, and has only viewing and listing rights to the database.
Like with the EPP service, all connections to the website are monitored and all actions on the website are logged. In case of EPP object modifications, the logging is done twice because the EPP service also logs the operation.
3. A DNSSEC enabled DNS service, based on NSD. All domain names that have nameserver information attached, will be automatically added to the zone database, which is published to a zone file every 5 minutes. Since the DNS servers have a huge amount of internal memory, almost all queried domain names remain in the cache, so the handout of ip addresses is very fast. The Infrastructure department that is used by the registry already has experience with the 500.000+ domain names that are maintained on our a Powerdns 2.x installation. These domain names are served without any problems, the uptime of the DNS services has been 100% over the past few years.
4. Port 43 and web-based whois services.
Both services take their data directly from a read-only slave configuration of the MySQL registration database that is used by the EPP service. To protect the consumer, and to comply with Dutch legislation, the publicly available whois server will only show a limited set of information when the domain name is registered by a consumer.
ICANN-accredited registrars or other organizations that need access to all domain and registrant data can register their ip addresses for a more detailed whois information overview.
The whois server will show non-ascii characters in Unicode format. The whois webservice will use Unicode html to show non-ascii characters.
The web-based whois service will be searchable on the fields as described in specification 4 of the draft registry agreement: partial matches will be possible on domain name, contact names, registrant name, address information like street, city or province. State is not applicable in the Netherlands.
5. Internationalized Domain Names
Since the Frisian language contains (and relies on) other characters then the Dutch language, IDN registrations will be accepted from the earliest phases.
6. RFC-based DNSSEC compliance
The DNS service is based on NSD, and fully DNSSEC compliant. Registrars can register their DS keys via the EPP service, or via the web interface, which will also use the EPP service.
7. Registry Data Escrow deposits and Registry Backup Provider
The registry will enter into a contract with a data escrow provider to perform weekly and daily deposits of the applicable fields in the registry database. The registry escrow provider will release the data to ICANN when the registry data is unrecoverable.
Also, the registry will enter in to a contract with a registry backup provider, and perform yearly tests on registry backup and failover.
8. Monthly reporting to ICANN. The registry will perform the monthly reporting as specified in specification 3 of the draft registry agreement. The parameters saved by the DNS, EPP and website will be used to create automated reporting to an ICANN-specified address or location.
Similar gTLD applications: (0)
|gTLD||Full Legal Name||E-mail suffix||z||Detail|