|
.NET Application Form |
RFP Part 1: General Applicant Information
1. Name and Address fields
The full legal name, principal address, telephone and fax numbers, and e-mail address of the applicant, and the URL of its principal World Wide Web site. Additionally, each applicant must provide the Application Deposit Receipt Number issued to the applicant upon ICANN's receipt of the wired funds for the application deposit.
| Organization Name: |
| |
| Address: |
| |
| Telephone: |
| |
| Fax: |
| |
| Email: |
| |
| Confirm Email: |
| |
| URL: |
| |
| Application Deposit Receipt Number: |
| |
2. Applicant's Business and Other Associated Activities
Provide a general description of the applicant's business and other activities currently or expected to be associated with the services described in this RFP.
| ||
3. Directors, Officers and other Key Staff
Provide the full names, positions and the qualification and experience of each of the following persons:
|
(i) the person or persons who will have direct
responsibility for the business operations of the registry, | ||
| ||
|
(ii) each person in the chain of command with decision
making authority from that person or persons to the principal executive
officer of the applicant, | ||
| ||
|
(iii) the top two financial officers of the
applicant, | ||
| ||
|
(iv) the person with the principal technical
responsibility for the operation of the registry, | ||
| ||
|
(v) each other executive or management person of the
applicant who will have significant policy making or operational influence
regarding the registry operations, | ||
| ||
|
(vi) all directors or persons with equivalent positions
for non-corporate entities, and | ||
| ||
|
(vii) identify any persons or entities who own or will own
or otherwise control, directly or indirectly, 5% or more of the
outstanding voting power held by all persons or entities entitled to
participate in the election (or other selection) of the applicant’s board
of directors or other governing body. | ||
| ||
|
The independent evaluators may seek additional information from applicants regarding the qualifications of personnel if deemed necessary. | ||
4. Applicant Organization Type
Provide the applicant's type of entity (e.g., corporation, partnership, etc.) and law (e.g., Denmark) under which it is or will be organized. Please state whether the applicant is for-profit or non-profit. If it is non-profit, please provide a detailed statement of its mission. Applicants should be prepared to submit articles of incorporation, or other similar organizational documents later in the evaluation process.
| ||
5. Number of Employees
Provide the number of employees currently employed by the applicant or to be employed concurrently with a selection as the successor registry operator.
| ||
6. Contact Person
Provide the name, telephone and fax number, and e-mail address of person to contact for additional information regarding this application. If there are multiple contacts, please list all their names, telephone and fax numbers, and e-mail addresses and describe the areas as to which each should be contacted.
| ||
RFP Part 2: Technical and Financial Information
The criteria by which the applicants will be evaluated are set forth below. Each criterion is labeled as either absolute or relative. Diagrams, charts and other similar material may be submitted in response to specific provisions where so indicated in the RFP as posted.
1. ICANN Policy Compliance
Criteria: The successor .NET registry operator must comply with all existing consensus policies of ICANN and must agree to comply with all future consensus policies of ICANN. This is an absolute criterion.
Describe in detail your method for implementing ICANN's Inter-Registrar Transfer Policy.
| ||
2. Equivalent Access for Registrars
Criteria: All ICANN-accredited registrars must be allowed to qualify to register names in .NET. The registry operator must treat all registrars that have qualified to operate as .NET registrars equivalently. This is an absolute criterion (except as described below regarding languages).
(a) Describe in detail your methods of providing registry services on an equivalent basis to all accredited registrars having registry-registrar agreements in effect. Your description should include any measures intended to make registration, technical assistance, and other services available to ICANN-accredited registrars in multiple time zones and multiple languages. Please include in your description the languages that you agree to support if you are selected as the .NET registry operator. Support in English is an absolute criterion. Support in additional languages is a relative criterion. In addition, describe the Registry Code of Conduct and other commitments you propose to make to ensure that all such registrars receive equivalent access to registry services. In preparing your response to this item, you may wish to refer to Appendices H and I of the registry agreements ICANN has entered into for other unsponsored TLDs (e.g., .biz, .com, .info, .name, .org and .pro).
|
(b) VeriSign, Inc., the current operator of the .NET registry uses a registry-registrar protocol (RRP) documented in RFC 2832. At the time of the transition, the selected successor operator will be required to continue to support the RRP (unless a migration of registrars in .NET to another protocol has already been completed by that time). In addition, the selected successor operator will be required to implement support for Version 1.0 of the Extensible Provisioning Protocol as specified in RFC's 3730, 3731, 3732, 3733, 3734, and 3735. Provide a detailed description of your plan for supporting RRP at the time of transition, for supporting EPP 1.0, and for providing registrars with a smooth, low-cost migration path from RRP to EPP.
| ||
The applicant's response to Part 2, Section 3 will remain confidential to ICANN and the independent evaluators. ICANN will use reasonable efforts to avoid publication or release of this information, but in no circumstance will ICANN's liability for any release of this information exceed the amount of the application fee.
3. Registry Operations
Criteria: The successor .NET registry operator must provide name registration within the time specified in the Appendix D to the existing .NET registry operator agreement. This is an absolute criterion. The ability to provide additional registry services and/or the ability to provide name registration faster than the specifications on Appendix D are relative criteria. An assessment of this ability will include the evaluators’ assessment of the factors described below.
(a) Provide a full description of all registry services you propose to provide and demonstrate your technical and legal ability to provide them, including your prior experience offering these or similar services. If you propose to offer any registry services that you believe are not now offered, include for such services your assessment of the benefits and burdens associated with such new services, as those benefits and burdens apply to registrants and registrars. In addition, describe the technical components and aspects of the planned registry services, and how you will support the same.
|
(b) To enable the evaluators to assess your capability (both technical and financial) to deliver the registry services you propose to provide, please include the following information:
|
(i) A detailed description of your current business
operations, including (A) core capabilities in registry/database and
Internet related operations and (B) the services and products you
currently offer, with data on how long you have offered them on the
current scale. To the extent this description does not fully capture your
ability to provide the registry services you propose to offer, add the
appropriate supplementary information to fully describe that
ability. | ||
| ||
|
(ii) Whether you currently provide any domain name
registration services and describe such services. | ||
| ||
|
(iii) A description (including location) of facilities
(including available network capacity) available to house staff and
equipment necessary to operate the registry. | ||
| ||
4. Revenue and Pricing Model; Financial Strength and Stability
Criteria: Each applicant must demonstrate sufficient financial strength and stability, based upon its existing financial condition and its proposed business model for operation of the registry, to provide reasonable certainty that it will be able to fulfill its obligations over the life of the .NET registry agreement. This is an absolute criterion. In building their financial and pricing models, applicants should assume that the following fees will be payable: (i) an annual fee to ICANN of US$132,000 for the first year, increasing by no more than 15% each year thereafter and (ii) registry-level transaction fees totaling non-refundable amounts of US$0.75 for each annual increment of an initial domain name registration and US$0.75 for each annual increment of a domain name re-registration registered by a registrar (in addition to preexisting fee obligations payable annually by registrars to ICANN), to be allocated equally to the following three purposes: (a) a special restricted fund for developing country Internet communities to enable further participation in the ICANN mission by developing country stakeholders, (b) a special restricted fund to enhance and facilitate the security and stability of the global Internet’s system of unique identifiers, and (c) general operating funds to support ICANN's mission to ensure the stable and secure operation of the global Internet's systems of unique identifiers. The per-name price charged to registrars is a relative criterion, with lower committed prices being preferable to higher prices.
All applicants should note that registration fees paid to VeriSign prior to the actual transfer of operational responsibility will not be transferred to a subsequent registry operator.
(a) Provide the following financial statements for the applicant (or, if the applicant is a wholly owed subsidiary of another entity, for the applicant and such other entity on a consolidated basis): three years of financial statements (including balance sheet, income statement, cash flow statement and statement of stockholders’ equity), audited by an independent accounting firm and prepared in accordance with either U.S. generally accepted accounting principles or the International Accounting Standards. Applicants who do not have such audited financial statements may substitute such other information and statements about their operations that are reasonably equivalent to such financial statements. The independent evaluators will be responsible for determining whether such information and statements are sufficiently equivalent to allow the evaluators to conduct an evaluation of the applicant’s financial strength comparable to the evaluation conducted on those applicants who do submit the requested financial statements.
|
(b) Provide the applicant's business plan for the operation of the registry, including:
|
(i) a detailed description of all revenue or commercial
benefit to be derived from or related to your operation of the registry,
including but not limited to details of the expected or anticipated
revenue and the assumptions about prices charged for services to be
offered, and anticipated demand for those services at high, medium and low
levels; | ||
| ||
|
(ii) staffing model, showing the number and types of
employees needed at the various levels of demand and the expenses
associated with that staff. Include information on (A) applicant’s hiring
policy and training programs (for both new and continuing staff), (B)
staffing level to handle both expected and unexpected volume levels, and
react to unplanned outages, infrastructure vulnerabilities and security
breaches and (C) customer service staff to support on a 24 hour basis in
multiple languages; | ||
| ||
|
(iii) expense model, incorporating both the staffing
expenses described above and all other anticipated expenses of the
operating the registry; | ||
| ||
|
(iv) property, plant and equipment
budget; | ||
| ||
|
(v) a projection for the sources and uses of cash, showing
the applicant's current cash available and the sources of cash available
to applicant in the future to fund operating and capital
expenditures. | ||
| ||
5. Technical Competence
Criteria: The .NET registry operator must meet the specifications of the current .NET registry contained in the following sections of the current .NET registry agreement listed below (if a “thick registry” model is being proposed by applicant, the specifications for the current .org agreement, rather than the current .NET agreement, shall apply in the case of Appendices O, P and Q). This is an absolute criterion. The degree to which applicant’s proposal commits applicant to exceed these specifications shall be relative criteria:
Appendix C.4, Name server Functional Specifications
Afilias meets the absolute specifications for Appendix C.4 in Name Server Functional Specifications. In addition, itand exceeds the specifications absolute and relative criteria for Appendix C.4 in the following manner: Details the exact specifications by which it will comply to operate the DNS services for the .NET domain including descriptions and locations of facilities, systems. · Implementation of a Agrees to comply with a more expansive set of RFCs thean in the current .NET registry agreement · Discusses the iImplementation ofation of IPv4 and IPv6 records for the .NET TLD · Significantly improvement on current SLAs (Commits to SLAs provided in .NET Appendix D), guaranteeing which guarantee 99.999% network availability ----------------- Zone file generation involves the creation of DNS zone information using the registry database as the authoritative source of domain names and their associated hosts (name servers). Updates to the zone information will be generated continuously in near real-time and published to the name servers. These updates will reflect any DNS-related modifications, additions or deletions to the registry, that have been made by the registrars during that time period. Only changes that have been committed to the database will be reflected in the zone information update. Incomplete units of work will be ignored. The master zone file will include the following resource records: · A single SOA record. · A number of NS and A records, up to a maximum of 13 of each, for the TLD DNS servers for .NET. · One NS record, up to a maximum of 13, for each unique domain/nameserver combination. Domain objects with status values of clientHold, serverHold, or inactive will not be included in the zone file. In the case of IPv4, one A record for each required glue record, up to a maximum of 13 per domain name. The registry will implement, on a rational schedule, glue generation and pruning criteria as specified by ICANN from time to time. In the case of IPv6, one AAAA record for each required glue record will be supported. Additional glue records may also be published, if symbolic domain name servers included as part of a domain name's AAAA record are also subordinate to the .NET TLD. The .NET registry will provide bulk access to the TLD zone file for qualified third parties. The service will operate according to the prevailing policies of ICANN and Afilias. The DNS services comply fully with the following RFCs: 1034, 1035, 1101, 2181, and 2182, as well as (to the extent applicable) 1771, 1812, 2080, 2236, 2328, 2373, 2453, 2460, 2463, and 2464. The registry operator shall provide domain name services via multiple meshes of core servers located around the world, in accordance with the provisions of Appendices D and E. Some of the domain name server sites are listed below, and illustrated in Figure 2. Additional sites may be added as the need arises. Locations of Nameservers UltraDNS servers are distributed strategically, and will grow to meet scalability demands and geographic coverage in line with the growth of network traffic of .NET: · Switch and Data, CA, USA · Switch and Data, VA, USA · Equinix Inc, CA, USA · Equinix Inc, VA, USA · Equinix Inc, Chicago, USA · Equinix Inc, Hong Kong · Metromedia Fiber Network Inc (AboveNet): UK · USC Information Sciences Institute (ISI): CA, USA · JINX, Johannesburg, South Africa UltraDNS has established geographically dispersed peering in the following locations: · Switch and Data (formerly PAIX), East and West · Equinix East, West and Chicago · LAAP Los Angeles · ExchangePoint, London Autonomica has DNSNODEs in producation at seventeen locations: · Stockholm, Sweden · Oslo, Norway · Helsinki, Finland · Brussels, Belgium · Bucharest, Romania · Ankara, Turkey · Amsterdam, The Netherlands · London, United Kingdom · Frankfurt, Germany · Geneva, Switzerland · Milano, Italy · Kuala Lumpur, Malaysia · Tokyo, Japan · Bangkok, Thailand · Hong Kong, China · Washington, MD, USA · Chicago, IL, USA At most of these locations the DNSNODE peers at the local Internet Exchange Point. |
Appendix C.5, Patch, Update, and Upgrade Policy
Afilias meets the absolute criteria specifications for Appendix C.5 in its
Patch, Update and Upgrade Policy. In addition it exceeds the specifications
relative criteria in the following manner:
· Afilias will commit to producing changes in the OT&E system that affect
registrar clients at least 60 days ahead of a new promotion
Afilias may issue periodic patches, updates or upgrades to the Software, RRP,
EPP or APIs ("Licensed Product") licensed under the Registry-Registrar
Agreement (the "Agreement") that will enhance functionality or otherwise
improve the Shared Registration System under the Agreement. For the purposes
of this Part 13 of Appendix C, the following terms have the associated
meanings set forth herein.
(1) A "Patch" means minor modifications to the Licensed Product made by
Afilias during the performance of error correction services. A Patch does not
constitute a Version.
(2) An "Update" means a new release of the Licensed Product which may contain
error corrections, minor enhancements, and, in certain circumstances, major
enhancements, and which is indicated by a change in the digit to right of the
decimal point in the version number of the Licensed Product.
(3) An "Upgrade" means a new release of the Licensed Product which involves
the addition of substantial or substantially enhanced functionality and which
is indicated by a change in the digit to the left of the decimal point in the
version of the Licensed Product.
(4) A "Version" means the Licensed Product identified by any single version
number. Each Update and Upgrade causes a change in Version. Patches do not
require corresponding changes to client applications developed, implemented,
and maintained by each registrar. Updates may require changes to client
applications by each registrar in order to take advantage of the new features
and/or capabilities and continue to have access to the Shared Registration
System. Upgrades require changes to client applications by each registrar in
order to take advantage of the new features and/or capabilities and continue
to have access to the Shared Registration System.
Afilias in its sole discretion will deploy Patches during scheduled and
announced Shared Registration System maintenance periods.
For Updates and Upgrades, Afilias will give each registrar notice prior to
deploying the Updates and Upgrades into the production environment. The notice
shall be at least ninety (90) days. Such notice will include an initial thirty
(30) days' notice before deploying the Update that requires changes to client
applications or the Upgrade into the Operational Test and Evaluation ("OT&E")
environment to which all registrars have access. Afilias will maintain the
Update or Upgrade in the OT&E environment for at least thirty (60) days, to
allow each registrar the opportunity to modify its client applications and
complete testing, before implementing the new code in the production
environment.
|
Appendix D, Performance Specifications
Afilias exceeds absolute and relative criteria:
· Adds 21 service metrics (including DNS and Whois)
· Reduces monthly planned outage from 8 hours per month to 4 hours
· Reduced yearly major outages from two 12-hour periods, to one 8-hour period
· Improve SRS query performance to 400 milliseconds or less, from 3000
milliseconds)
· Improves write command performance to 800 milliseconds or less (from 5000
milliseconds)
Note: Exhibit A (Sampling and Testing) will not fit in this form, but is
substantially the same as Appendix D in the ORG contract
Registry Performance Specifications
Registry Operator shall use commercially reasonable efforts to provide
Registry Services for the .NET TLD. The Performance Specifications, defined
below, provide a means to measure Registry Operator's delivery of Registry
Services under Subsection 3.3 of the Registry Agreement between Registry
Operator and ICANN and, when applicable, allow for calculation of the SLA
Credit payable to Registrar pursuant to Appendix E of the Registry Agreement.
1. Conventions.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in IETF RFC 2119.
2. Definitions. Capitalized terms used herein and not otherwise defined shall
have the meaning ascribed to them in the Registry Agreement.
2.1 "Core Internet Service Failure" refers to an extraordinary and
identifiable event beyond the control of Registry Operator affecting the
Internet services to be measured pursuant to Section 2 of Nameserver
Availability and Performance Measurements in Exhibit A of this Appendix D.
Such events include but are not limited to congestion, collapse, partitioning,
power grid failures, and routing failures.
2.2 "Current Pricing Level" refers to prices charged for Registry Services as
provided in Appendix G of the Registry Agreement as adjusted pursuant to
Subsections 3.14.5 and 4.4 of the Registry Agreement.
2.3 "C1" means Category 1, a mission critical service.
2.4 "C2" means Category 2, a mission important service.
2.5 "C3" means Category 3, a mission beneficial service.
2.6 "Degraded Performance" means a service not meeting the performance
requirement set forth in this document. Round-trip time is used as the basis
of this metric for all services except nameservice; for nameservice packet
loss and Round-trip time are used as metrics.
2.7 "Monthly Timeframe" shall mean each single calendar month beginning and
ending at 0000 Coordinated Universal Time (UTC).
2.8 "Monthly Unplanned Outage Time" shall be the sum of minutes of all
Unplanned Outage Time during the Monthly Timeframe. Each minute of Unplanned
Outage Time subtracts from the available Monthly Planned Outage Time up to
four (4) hours.
2.9 "Not Responding" means a service will be deemed as "Not Responding" in the
event that the Registry Component Ping (rcPing), as described in Exhibit A
attached hereto, responds with a negative or degraded service response.
2.10 "Planned Outage" means the periodic pre-announced occurrences during the
Service Term when the System is taken out of service for maintenance or care.
Planned Outages will only be scheduled during the following window period of
time each week, 1500 to 2300 UTC on Saturday (the "Planned Outage Period").
The Planned Outage Period may be changed from time to time by the Registry
Operator, in its sole discretion, upon prior notice to each Registrar. Planned
Outages will not exceed four (4) hours/per calendar week beginning at 0000 UTC
Monday nor total more than eight (8) hours/per Monthly Timeframe. Planned
Outage for a nameserver shall not coincide with or overlap Planned Outage for
any other nameserver. Not withstanding the foregoing, in each calendar year
Registry Operator may incur one (1) additional Planned Outage of up to eight
(8) hrs in duration during the Planned Outage Period for major systems or
software upgrades (an "Extended Planned Outage"). An Extended Planned Outage
represents the total allowed Planned Outages for the month.
2.11 "Round-trip" means the amount of measured time, usually measured in
milliseconds, that it takes for a reference query to make a complete trip from
the sampling agent to the system or process being tested and back again.
2.12 "Service Availability" means when the System is operational and
predictably responding in a commercially reasonable manner. By definition,
neither Planned Outages nor Extended Planned Outages shall be considered or
included in determining Service Availability.
2.13 "Service Unavailability" means when, as a result of a failure of systems
(with respect to systems that are within the Registry Operator's control):
2.13.1 With respect to services other than Whois Service and nameservice,
Registrar is unable to establish a session with the System gateway which shall
be defined as:
2.13.1.1 successfully complete a TCP session start,
2.13.1.2 successfully complete the SSL authentication handshake, and
2.13.1.3 successfully complete the Extensible Provisioning Protocol ("EPP")
<login> or RRP login command.
2.13.2 With respect to all services, system monitoring tools register three
(3) consecutive monitoring failures on any of the components listed in Section
3-System Services.
2.13.3 Neither Planned Outages nor Extended Planned Outages shall be
considered or included in determining Service Unavailability.
2.14 "SLA" means the service level agreement between Registry Operator and
Registrar attached as Appendix E to the Registry Agreement.
2.15 "SLA Credit" means those credits available to the Registrar pursuant to
the SLA.
2.16 "System" shall mean the list of components listed in Section 3-System
Services.
2.17 "Transaction" shall mean chargeable Registry Services, which includes
initial and renewal registrations.
2.18 "Unplanned Outage Time" shall mean all of the following:
2.18.1 With respect to services other than Whois Service and nameserver
resolution, the amount of time recorded between a trouble ticket first being
opened by the Registry Operator in response to a Service Unavailability
experienced by a Registrar through the time when the Service Unavailability
has been resolved with a final fix or a temporary work around. This will be
considered Service Unavailability only for those individual Registrars
impacted by the Service Unavailability;
2.18.2 With respect to services other than Whois Service and nameserver
resolution, the amount of time recorded between a trouble ticket first being
opened by the Registry Operator in the event of Service Unavailability that
affects all Registrars through the time when the Registry Operator resolves
the problem with a final fix or a temporary work around;
2.18.3 With respect to all services, the amount of time that Planned Outage
time exceeds the limits established in Section 2.10 above; or
2.18.4 With respect to all services, the amount of time that Planned Outage
time occurs outside the window of time established in Section 2.10 above.
2.19 "Whois Service" means the Registry Operator Whois Services described in
Appendix O of the Registry Agreement.
2.20 With respect to the use of ".NET nameservers" (Appendix D, Exhibit A) for
definition of described testing, ".NET nameservers" will refer to those
hostnames and IP addresses associated for operation of the .NET zone file
delegation as listed within the root zone, and published by the Internet
Assigned Numbers Authority.
3. System Services.
The following table lists, by category (C1, C2, or C3), the Registry System
services for which availability and performance requirements are established.
Services shall meet availability requirements according to their category, as
listed in the "Cat." column below. In addition, various services must meet the
performance requirements listed in the "Perf." column below. These
availability and performance requirements are the subject of the Service Level
Agreement (SLA) between Registry Operator and registrars (SLA) or the
requirements of Subsection 3.3 of the Registry Agreement between Registry
Operator and ICANN, as noted by the × marks below.
Component/Service Cat. Perf. SLA ICANN
----------------- ---- ---- --- -----
DNS
*****
AXFR/IXFR Updates C3 P5 × ×
Resolution of queries within C1 P4 ×
the .net TLD, each nameserver
Whois
********
Singular query/response C2 P3 ×
Billing
**********
Account balance check/modify C2 ×
Manual balance adjust C3 ×
Admin
********
Update Registrar profile C3 × ×
Update Registrar status C3 × ×
Protocol Interface
********************
Add/Renew/Delete/ Update C2 P1 × ×
Transfer C2 P6 × ×
Check C2 P2 × ×
4. Service Levels (Availability and Performance)
4.1 Service Level Matrix
-----------------------------------------------------------------------
C1 Total duration of Unplanned Outage Time of C1 class services must not
exceed 20 seconds per Monthly Timeframe. This represents a Service
Availability percentage of 99.999%.
Total duration of Service Unavailability of C1 class services must
not exceed 15 minutes per Monthly Timeframe. This represents a Service
Availability percentage of 99.997%.
-----------------------------------------------------------------------
C2 Total duration of Unplanned Outage Time of C2 class services must not
exceed 240 minutes per monthly Timeframe. This represents a Service
Availability percentage of 99.45%.
Total duration of all Service Unavailability of C2 class services
must not exceed 240 minutes per Monthly Timeframe. This represents a Service
Availability percentage of 99.45%.
-----------------------------------------------------------------------
C3 Total duration of Unplanned Outage Time of C3 class services must not
exceed 300 minutes per Monthly Timeframe. This represents a Service
Availability percentage of 99.31%.
Total duration of all Service Unavailability of C3 class services
not to exceed 480 minutes per Monthly Timeframe. This represents a Service
Availability percentage of 98.90%.
-----------------------------------------------------------------------
P1 For a single-entity payload, Round-trip time should not exceed 800ms
as measured by the system monitoring tools that simulates a representative
registrar. A request with a multiple entity payload should materially perform
consistent with the behavior of multiple, single entity payload operation.
P2 For a single-entity payload, Round-trip time should not exceed 400ms
as measured by the system monitoring tools that simulates a representative
registrar. A request with a multiple-entity payload should materially perform
consistent with the behavior of multiple, single entity payload operation.
-----------------------------------------------------------------------
P3 For a singular query/response, Round-trip time should not exceed
800ms as measured by the system monitoring tools.
P4 Each nameserver achieves a measured Round-trip time of under 300ms
and measured packet loss of under 10%. See Exhibit A for the measurement
methodology.
-----------------------------------------------------------------------
P5 See Section 6.3 below.
P6 For a single-entity payload, Round-trip time should not exceed
1600ms as measured by the system monitoring tools that simulates a
representative registrar. A request with a multiple-entity payload should
materially perform consistent with the behavior of multiple, single entity
payload operation.
-----------------------------------------------------------------------
4.2 Service Definition and Service Level Requirement
Service Attribute Unit of Measure
Commitment
---------------------- --------------------
DNS service availability
percentage uptime 99.93%
from each nameserver,
minimum
DNS service availability
percentage uptime 99.999%
from any nameserver
(i.e. at least one
nameserver available),
minimum
DNS query response rate
queries/sec minimum 10,000/sec
for all nameservers
combined,
minimum absolute
DNS query response rate
% of measured load 300%
for each nameserver, (busiest hour averaged (see
RFC 2780,
minimum over one month) on
sec. 2.3) most loaded server
Cross-network nameserver
milliseconds 300
round-trip time, maximum
Cross-network nameserver
percentage <10%
packet loss, maximum
DNS update interval, maximum
minutes 15
SRS service availability,
percentage uptime 99.45%
minimum
SRS processing time,
milliseconds 400ms
maximum for query operations
SRS processing time,
milliseconds 800ms
maximum for write operations
SRS service planned outage
hours/month 8 hrs/month
duration,
maximum
(includes Whois)
SRS service planned outage
days and hours 15:00-23:00 UTC
Saturday
timeframe
SRS service planned outage
days 7 days
notification, minimum
SRS service extended planned
hours/quarter 1 8 hour extended outage per year
outage duration, maximum which constitutes the entire outage
for Time
can be used the month in which it is
taken
as Extended
Planned
Outage Time;
the
total planned
outage
time per period is the
sum
of Planned Outage
and
Extended
Planned
Outage.)
SRS service extended
days and hours 15:00-23:00 UTC Saturday
planned outage timeframe
Whois service availability,
percentage uptime 99.45%
minimum
Whois query processing time,
milliseconds 800 ms
maximum
Whois update interval,
minutes 15
maximum
Whois service planned
hours/month 8 hrs/month (includes SRS)
outage duration,
maximum
Whois service planned
days and hours 15:00-23:00 UTC Saturday
outage timeframe
Whois service planned outage
days 7 days
notification, minimum
5. Measurement.
Except for nameserver performance measurements (P4), Registry Operator will
monitor the System in accordance with the following principles.
5.1 System/Component Monitoring:
The services defined in this Appendix will be sampled and tested as to
availability pursuant to the schedule attached hereto as Exhibit A.
5.2 Performance Monitoring:
The services defined in this Appendix will be sampled and tested as to their
performance pursuant to the schedule attached hereto as Exhibit A. Services
Not Responding within the Round-trip response times listed in Section 4 -
Service Levels will be deemed suffering from Degraded Performance for the
purposes of this Appendix.
Nameserver performance measurements will be conducted by ICANN according to
Exhibit A.
6. Responsibilities of the Parties.
6.1 Except in the case of nameserver performance measurements, Registry
Operator will perform monitoring from internally located systems as a means to
verify that the availability and performance measurements of this document are
being met.
6.2 The Registry Operator will update the Whois Service on a near real-time
basis. During normal operation, all registration and information updates sent
from a Registrar to the Registry are stored in the primary database (database
A). The information in database A is replicated to a backup database (database
B) at regular intervals, normally within five (5) minutes. The Whois Service
uses database B as its source of information. The time lag in the Whois
information update is determined by the database replication interval. Whois
may be serviced by multiple backup replicated databases (database B, C, D
etc). The Registry Operator will notify Registrars in advance when changes to
the Whois Service update schedule occur.
6.3 The Registry Operator will initiate the addition, deletion, or other
modification of DNS zone information to the master DNS server within 5 minutes
after a Transaction. The Registry Operator will notify Registrar in advance
when changes to the schedule occur. The Registry Operator will notify
Registrars regarding any scheduled maintenance and unavailability of the TLD
nameservers.
6.4 The Registry Operator will use commercially reasonable efforts to restore
the critical systems of the System within 24 hours in the event of a force
majeure and restore full system functionality within 48 hours. Outages due to
a force majeure will not be considered Service Unavailability.
6.5 Beginning no later than 60 days post Commencement-of-Service Date, the
Registry Operator will publish preliminary weekly system performance and
availability reports. Registry Operator will use best efforts to finalize
these reports no later than 30 days after the preliminary reports are provided.
6.6 The Registry Operator will provide Service Availability percentages during
each Monthly Timeframe as listed in Section 4.1 - Service Level Matrix.
7. Miscellaneous.
7.1 This Appendix is not intended to replace any term or condition in the
Registry Agreement.
7.2 Dispute Resolution will be handled pursuant to the terms of Subsection 5.9
of the Registry Agreement.
|
Appendix E, Service-Level Agreement
Afilias meets the absolute specifications for Appendix E. In addition, it
exceeds the specifications Afilias meets and exceeds the absolute and relative
criterion for Appendix E in the following manner:
· Does not set a maximum credit of 5% of a registrar's monthly volume due to
Add and Check functionality not meeting SLAs
· Does not set a maximum credit of 10% of registrar's monthly volume for
exceeding unplanned monthly outages
1. Definitions. Capitalized terms used herein and not otherwise defined shall
have the definitions ascribed to them in Appendix D, to the Registry Agreement.
2. Credits.
2.1 C1 - If availability of C1 class services does not meet C1 Service Levels
in any given calendar month, Registry Operator will credit Registrar according
to this calculation;
C = (amv/t)*sle
Where:
C = number of Transactions to be credited to Registrar for the calendar
month.
amv = average month's volume (previous four calendar months total
Transaction volume/4 months).
T = time period, number of minutes per month averaged over number of
days in previous four calendar months (for example, if previous
four months had 30, 31, 30, 31 days, these time period = (30 + 31 +
30 + 31)/4 * 24 hours * 60 minutes = 43,920 minutes).
sle = service level exception. The number of Unavailable minutes minus
the number of SLA acceptable Unavailable minutes.
Example:
Registry Operator records 15 minutes of service level exception beyond the
time periods contemplated by the SLA. The current amv is 30,000 total names
registered and time period was 43,920 minutes. As such, Registry Operator will
credit Registrar for 10.25 Transactions at the then Current Pricing Level.
2.2 C2 - If availability of C2 class services does not meet C2 Service Levels
in any given calendar month, Registry Operator will credit Registrar according
to this calculation;
C = (amv/t)*sle * 60%
Where:
C = number of Transactions to be credited to Registrar for the calendar
month.
mv = average month's volume (previous four calendar months total
Transaction volume/4 months)
t = time period, number of minutes per month averaged over number of
days in previous four calendar months (see example in Subsection
2.1).
sle = service level exception. The number of Unavailable minutes minus
the number of SLA acceptable Unavailable minutes.
60% = priority adjustment.
Example:
Registry Operator records 15 minutes of service level exception beyond the
time periods contemplated by the SLA. The current amv is 30,000 total names
registered and time period was 43,920 minutes. s such, Registry Operator will
credit Registrar for 6.15 Transactions at the then Current Pricing Level.
2.3 C3 - If availability of C3 services does not meet C3 Service Levels in any
given calendar month, Registry Operator will credit Registrar according to
this calculation;
C = (amv/t)*sle * 30%
2.3 C 3 - If availability of C3 services does not meet C3 Service Levels in
any given calendar month, Registry Operator will credit Registrar according to
this calculation;
C = (amv/t)*sle * 30%
Where:
C = number of Transactions to be credited to Registrar for the calendar
month.
amv = average month's volume (previous four calendar months total
Transaction volume/4 months)
t = time period, number of minutes per month averaged over number of
days in previous four calendar months (see example in Subsection
2.1).
sle = service level exception. The number of Unavailable minutes minus
the number of SLA acceptable Unavailable minutes.
30% = priority adjustment.
Example:
Registry Operator records 15 minutes of service level exception beyond the
time periods contemplated by the SLA. The current amv is 30,000 total names
registered and the time period was 43,920 minutes. As such, Registry Operator
will credit Registrar for 3.07 Transactions at the then Current Pricing Level.
2.4 Degraded Performance - If the performance of the transactive systems
(OpenXRS API, Whois) does not meet the performance expectations outlined in
Service Levels over the calendar month in question, Registry Operator will
credit Registrar according to this calculation;
C = (amv/t)*sle * 7.5%
Where:
C = number of Transactions to be credited to Registrar for the
calendar month.
amv = average month's volume (previous four calendar months total
Transaction volume/4months)
t = time period, number of minutes per month averaged over number of
days in previous four calendar months (see example in Subsection
2.1).
sle = service level exception. The number of Degraded Performance
minutes.
7.5% = priority adjustment.
Example:
Registry Operator records 15 minutes of service level exception beyond the
time periods contemplated by the SLA. The current amv is 30,000 total names
registered and time period was 43,920 minutes. As such, Registry Operator will
credit Registrar for 0.77 Transactions at the then Current Pricing Level.
2.5 Receipt of Credits - In order for Registrars to claim credits, the
following procedure must be followed:
2.5.1 Issue a Request for SLA Credits.
The claiming Registrar must make a request for credits to Registry Operator
within 7 days of the SLA violation claiming that it experienced downtime or
degraded performance in excess of what is outlined in Appendix D.
2.5.2 Provide documentation to indicate SLA violation.
A Registrar may provide documentation in the form of either:
2.5.2.1 Registrar initiated notification(s) to the Registry Operator of a down
time that exceeded SLA limits, including the trouble ticket number issued by
the Registry Operator. The closing ticket(s) should be included as well in
order to determine the total downtime (unless the closing ticket includes
this); or
2.5.2.2 Notification from the Registry Operator (with trouble ticket number
attached) of down time or degraded performance. The closing ticket(s) should
be included as well in order to determine the total downtime (unless the
closing ticket includes this).
2.5.2.3 Confirmation of SLA violation:
Upon the request of the Registry Operator, the claiming Registrar must provide
reasonably available server and/or application logs demonstrating a violation
of the SLA limits. The Registrar is expected to demonstrate response times
from point of entry into the registry server complex to point of exit from the
registry server complex. This will exclude any time taken by establishing a
TCP connection, the SSL handshake and EPP/RRP logon to the registry.
2.5.3 Justification of Volume.
In order to calculate credits, the Registrar should include volume figures for
the past four (4) calendar months, and a certification that these numbers
accurately reflect the LEAST registration activity that would be covered
during the affected SLA outage.
2.5.4 Receipt of Credit.
When the above steps have been completed to the Registry Operator's
satisfaction, the Registry Operator shall provide notification of the number
of credits that will be entered in the Registrar's account balance and that
can be used immediately toward registrations in the Registry. Under no
circumstances shall credits be applied when the availability problems are
caused by network providers and/or the systems of individual Registrars (See
Section 2.13, Appendix D)
3. Responsibilities of the Parties.
3.1 The affected ICANN-Accredited Registrar will assist Registry Operator by
reporting each occurrence of alleged Service Unavailability to Registry
Operator customer service help desk in the manner required by Registry
Operator (i.e., e-mail, fax or telephone) in order for an occurrence to be
treated as Service Unavailability for purposes of this SLA. Registry Operator
will treat all system performance problems in order of decreasing severity and
fix them within a commercially reasonable period of time. Incidents flagged by
the measurement system will also qualify as ticketed events and will be
classed as Unavailability.
3.2 Registry Operator will perform monitoring from internally located systems
as a means to verify that the conditions of the SLA are being met(see Exhibit
A Appendix D).
3.2.1 Registry Operator will perform external monitoring from at least two
external locations to verify that the conditions of the SLA are being met (see
Exhibit A Appendix D).
3.2.2 Registry Operator will allow external monitoring of the SRS via an
acceptable means to both parties.
3.3 The SLA will be reconciled on a quarterly basis.
3.4 The Registrar will have the option to choose which of the credit
calculations described in Section 2 of the SLA will apply where service level
credit overlaps occur. There can be several types of credits over the same
calendar month, but the Registrar can only claim one type of refund for each
event.
3.5 Registry Operator will not attempt to discern what discount levels were in
effect at the specific time of a service level exception, but rather use the
discount level in effect at the time the credits issue. All service level
credits will be paid out using the appropriate discounts and rate levels
reflected by the then current rate schedule.
3.6 The Registrar may, under reasonable terms and conditions, audit the
reconciliation records for the purposes of verifying service level
performance. The frequency of these audits will be no more than once every six-
month period during the term of the Registry-Registrar Agreement between
Registry Operator and the Registrar.
3.7 Registry Operator's obligations under this SLA are waived during the first
120 days after the Commencement-of-Service Date.
3.8 Incident trouble tickets must be opened within a commercially reasonable
period of time.
3.9 In the event that Service Unavailability affects all Registrars, the
Registry Operator is responsible for opening a blanket trouble ticket and
immediately notifying all Registrars of the trouble ticket number and details.
3.10 Both Registrar and the Registry Operator agree to use reasonable
commercial good faith efforts to establish the cause of any alleged Service
Unavailability. If it is mutually determined to be a Registry Operator
problem, the issue will become part of the Unplanned Outage Time.
3.11 Registrars must inform the Registry Operator any time their estimated
volume of transactions (excluding check domain commands), will exceed their
previous calendar month's volume by more than 25%. In the event that a
Registrar fails to inform Registry Operator of a forecasted increase of volume
of transactions of 25% or more and the Registrar's volume increases 25% or
more over the previous month, and should the total volume of transactions
added by the Registry Operator for all Registrars for that month exceed the
Registry Operator's actual volume of the previous month's transactions by more
than 20%, then the Registrar(s) failing to give such notice will not be
eligible for any SLA Credits in that Monthly Timeframe. Registrars shall
provide their forecasts at least 30 days prior to the first day of the next
calendar month. In addition, the Registry Operator agrees to provide monthly
transaction summary reports starting no later than 60 days after the
Commencement-of-Service Date.
3.12 The Registry Operator will notify Registrar of Planned Outages outside
the Planned Outage Period at least 7 days in advance of such Planned Outage.
In addition, Registry Operator will use reasonable commercial good faith
efforts to maintain an accurate 30 day advance schedule of possible upcoming
Planned Outages.
3.13 The Registry Operator will update the Whois Service on a near real-time
basis. During normal operation, all registration and information updates sent
from a Registrar to the Registry are stored in the primary database (database
A). The information in database A is replicated to a backup database (database
B) at regular intervals, normally within five (5) minutes. The Whois Service
uses database B as its source of information. The time lag in the Whois
information update is determined by the database replication interval. The
Registry Operator will notify Registrars in advance when changes to the Whois
Service update schedule occur.
3.14 The Registry Operator will initiate the addition, deletion or other
modification of DNS zone information to the master DNS server within 5 minutes
after a Transaction. The Registry Operator will notify Registrar in advance
when changes to the schedule occur. The Registry Operator will notify
Registrars regarding any scheduled maintenance and unavailability of the TLD
nameservers.
3.15 The Registry Operator will use commercially reasonable efforts to restore
the critical systems of the System within 24 hours in the event of a force
majeure and restore full system functionality within 48 hours. Outages due to
a force majeure will not be considered Service Unavailability.
3.16 Beginning no later than 60 days after the Commencement-of-Service Date,
the Registry Operator will publish preliminary weekly system performance and
availability reports. Registry Operator will use best efforts to finalize
these reports no later than 30 days after the preliminary reports are provided.
3.17 The Registry Operator will provide Service Availability percentages
during each Monthly Timeframe as listed in Section 4.1 - Service Level Matrix
of Appendix D.
4. Miscellaneous.
4.1 This Appendix is not intended to replace any term or condition in the
Registry-Registrar Agreement.
4.2 Dispute Resolution will be handled pursuant to the arbitration provisions
of the Registry-Registrar Agreement.
|
Appendix O*, Whois Specification – Public Whois
Afilias meets the absolute specifications for Appendix O. In addition, it exceeds the specifications Afilias meets and exceeds the absolute and relative criterion for Appendix O (as based on the .ORG registry agreement) in the following manner: · Support for IDNs including the language tag, as well as the Punycode representation of the IDN name in addition to Unicode Hex and Unicode HTLM formats · Enhanced support for privacy protection using the DCP element contained in EPP 1.0 · Emulates the thin Whois response as required, without need of dummy contacts · Enables registrars operating under thin EPP the optional ability to display associated contacts NOTE: As registry services provider to the Public Interest Registry for the .ORG domain, Afilias continually meets the requirements of the .ORG Whois specification under ICANN's supervision today. Overview The Whois service is compliant with RFC 954. The primary Whois services consist of: · Port 43 Whois services (thick registry) · Port 43 Whois services (thin registry) · Web-based Whois services (thin and thick registry) Afilias reserves the right to offer other, enhanced Whois services, some of which are described in this document. Afilias Whois service is the authoritative Whois service for all second-level Internet domain names registered in the .NET top-level domain and for all hosts registered using these names. This service is available to anyone. It is accessible via port 43 and through the Afilias wWeb site. Afilias will initially operate the .NET registry Whois in a manner consistent with both a "thin" registry and a "thick" registry. This is to facilitate legacy RRP domains, thin EPP domains as well as new thick EPP registrations. Upon conclusion of the Transition Process (as detailed in Section 8), the .NET Whois service will provide a central, openly accessible system for information regarding a particular second level domain name registration in the .NET TLD. The Registry Whois system has been designed for robustness, availability, and performance. Provisions for detection of abusive usage, like excessive numbers of queries from one source, have been taken into account, and other countermeasures against abuse will be activated if necessary. Afilias will initially provide at least two operational Whois databases running simultaneously at two different locations. The Whois databases will be situated on a high-availability system at both locations. The Whois will be updated in near real-time by a specialized application. For Whois servers at the main data center, the update application will only be accessible from the internal network. External Whois sites, including the Disaster Recovery site Whois server, will utilize a secure communication channel for updates. The Whois servers shall provide results in ASCII for standard and IDN .NET domains. The status values reported will be those stated in http://www.ietf.org/rfc/rfc3731.txt except that domains in PendingDelete status will be reported as either PENDING-DELETE (Restorable) or PENDING- DELETE (Scheduled for release) as appropriate. This Appendix is subject to change by agreement of Afilias and ICANN during the design process as well as during the IETF standards process. 1. Port 43 Whois service (thick registry) 1. The format of responses will follow a semi-free text format outline below, preceded by a mandatory disclaimer specifying the rights of Afilias, and of the user querying the database. 2. Each data object shall be represented as a set of key/value pairs, with lines beginning with keys, followed by the colon as a delimiter, followed by the value. 3. All Whois data will be in the ASCII character set, which has encoding compatible with UTF-8 for easy transition to including internationalized data, and as per the IETF's recommendations on i18n in Internet protocols. For fields where more than one value exists, multiple key/value pairs with the same key shall be allowed (for example to list multiple name servers). The first key/value pair after a blank line should be considered the start of a new record, and should be considered as identifying that record, and is used to group data, such as hostnames and IP addresses, or a domain name and registrant information, together. 4. All record and key types shall be specified in a publicly available description on the Afilias website. The key names and record types should change as infrequently as possible, and only upon the agreement of ICANN and Afilias. 2. Port 43 Whois service (thin registry) 1. The format of responses for thin registry output will be similar to the guidelines listed above for thick-registry Whois, however it may include optional contact information. The optional contact information will only be provided in a "thin" EPP response. 2. The Whois response will indicate that the Whois information for this domain is not authoritative and indicate an URL to the Whois server of the registrar responsible for providing the contact Whois information. 3. Web-based Whois service (thick and thin registry) Afilias will make available a Whois interface on its Web site which can also be linked to by each ICANN-Accredited Registrar that is a party to a Registry- Registrar Agreement. The information available in the Whois database will be returned as a results page on the Web site. The only purpose of this web interface is to provide a user-friendly interface for Whois queries. It does not provide any additional features beyond what is described in the port 43 section of this appendix. 4. Minimum Data Update Frequency The update frequency of Whois data is specified in Section 4.2 of Appendix D. 5. Protocols Through Which Access is Provided Access to the Whois data is provided through a subset of the Whois protocol, supporting exact queries for domain names, contact IDs, registrar name, nameserver, hostname and nameserver ip-address. Bulk access to the Whois data will be made available as specified in Appendix P and Appendix Q. 6. Security General security measures such as password aging policy, firewalls, Intrusion Detection Systems (IDS) and network traffic monitoring systems will be provided for the Whois services, as further described in the Security section of Appendix C. The Whois output in the thick registry model, which will be the only supported model at the completion of the Transition Plan, will be returned with all respective key/value pairs, which will eliminate the need for registrars to store additional information in their own local database. The proposed capability will also ensure that end users will view the same information no matter which registrar they use to retrieve Whois data. 7. Query and Output for Reports Delivered by Web Page and Port 43 7.1 Whois Queries For all Whois queries, the client provides a character string for which information is desired and optionally, the object type and interpretation control parameters to limit the search. Several interpretation controls are defined below to limit searches. If the object type and interpretation control parameters are not specified, Whois searches for the character string in the Name fields of the Domain object. Queries can be made as either an "exact search" or as a "partial search", both of which are insensitive to the case of the input string. By default, if multiple matches are found for a query, then a summary of all the matching results is presented. A second query is required to retrieve the specific details of one of the matching records. If only a single match is found, then full details will be provided. Full detail consists of the data in the matching object as well as the data in any associated objects. Additional information and samples of the various types of Whois result records are available in the section below. 7.2 Query Controls Whois query controls fall into two categories: those that specify the type of field and those that modify the interpretation of the input or determine the type of output to provide. Object Type Control The following keywords restrict a search to a specific object type: DOomain: Search only domain objects. The input string is searched in the Name field. Host: Search only name server objects. The input string is searched in the Name field and the IP Address field. Contact: Search only contact objects. The input string is searched in the ID field. Registrar: Search only registrar objects. The input string is searched in the Name field. By default, if no object type control is specified, then the Name field of the Domain object is searched. Interpretation Control The following keywords modify the interpretation of the input or determine the level of output to provide: ID: Search on ID field of an object. This applies to Contact IDs and Registrar IDs. Full or '=': Always show detailed results, even for multiple matches Summary or SUM: Always show summary results, even for single matches '%': Used as a suffix on the input, will produce all records that start with that input string '_': Used as a suffix on the input, will produce all records that start with that input string and have one and only one additional character By default, if no interpretation control keywords are used, the output will include full details if a single record is found and a summary if multiple matches are found. 7.3 Query Examples 7.3.1 Domain Record A Whois query that results in domain information will return the following example fields from the Domain object and the associated data from host and contact objects. This set of data is also referred to as the Domain Record. Thick Registry Whois Outputs The following output is an example of a Whois response for a domain that is stored in the registry as an EPP-based domain however it is a thick IDN domain name. Input: XN--EXAMPLEDOMAIN-VOB.NET -or- domain XN--EXAMPLEDOMAIN-VOB.NET Domain ID:D5353345-LRNT Domain Name:XN--EXAMPLEDOMAIN-VOB.NET Created On:01-Jan-2005 04:00:00 UTC Last Updated On:10-Jan-2005 20:25:23 UTC Expiration Date:01-Jan-2007 04:00:00 UTC Sponsoring Registrar:EXAMPLE REGISTRAR LLC (R63-LRNT) Status:DELETE PROHIBITED Status:RENEW PROHIBITED Status:TRANSFER PROHIBITED Status:UPDATE PROHIBITED Registrant ID:5372808-ERL Registrant Name:EXAMPLE REGISTRAR REGISTRANT Registrant Organization:EXAMPLE REGISTRANT ORGANIZATION Registrant Street1:123 EXAMPLE STREET Registrant City:ANYTOWN Registrant State/Province:AP Registrant Postal Code:A1A1A1 Registrant Country:EX Registrant Phone:+1.1235551234 Registrant Email:EMAIL@EXAMPLE.COM Admin ID:5372809-ERL Admin Name:EXAMPLE REGISTRAR ADMINISTRATIVE Admin Organization:EXAMPLE REGISTRANT ORGANIZATION Admin Street1:123 EXAMPLE STREET Admin City:ANYTOWN Admin State/Province:AP Admin Postal Code:A1A1A1 Admin Country:EX Admin Phone:+1.1235551234 Admin Email:EMAIL@EXAMPLE.COM Billing ID:5372810-ERL Billing Name:EXAMPLE REGISTRAR BILLING Billing Organization:EXAMPLE REGISTRANT ORGANIZATION Billing Street1:123 EXAMPLE STREET Billing City:ANYTOWN Billing State/Province:AP Billing Postal Code:A1A1A1 Billing Country:EX Billing Phone:+1.1235551234 Billing Email:EMAIL@EXAMPLE.COM Tech ID:5372811-ERL Tech Name:EXAMPLE REGISTRAR TECHNICAL Tech Organization:EXAMPLE REGISTRAR LLC Tech Street1:123 EXAMPLE STREET Tech City:ANYTOWN Tech State/Province:AP Tech Postal Code:A1A1A1 Tech Country:EX Tech Phone:+1.1235551234 Tech Email:EMAIL@EXAMPLE.COM Name Server:NS01.EXAMPLEREGISTRAR.NET Name Server:NS02.EXAMPLEREGISTRAR.NET IDN Script:de Unicode Hex:U+00FC U+0065 U+0078 U+0061 U+006D U+0070 U+006C U+0065 U+0064 U+006F U+006D U+0061 U+0069 U+006E Unicode HTML:üexampledomain The following output is an example of a Whois response for a domain that is stored in the registry as an EPP-based domain however certain information is not disclosed because of DCP considerations. Input: WHOISDOMAIN.NET -or- domain WHOISDOMAIN.NET Domain ID:D5353344-LRNT Domain Name:WHOISDOMAIN.NET Created On:01-Jan-2005 04:00:00 UTC Last Updated On:10-Jan-2005 20:25:23 UTC Expiration Date:01-Jan-2007 04:00:00 UTC Sponsoring Registrar:EXAMPLE REGISTRAR LLC (R63-LRNT) Status:DELETE PROHIBITED Status:RENEW PROHIBITED Status:TRANSFER PROHIBITED Status:UPDATE PROHIBITED Registrant ID:5372808-ERL Registrant Name:EXAMPLE REGISTRAR REGISTRANT Registrant Organization:EXAMPLE REGISTRANT ORGANIZATION Registrant Street1:DATA PROTECTION ENABLED Registrant City:DATA PROTECTION ENABLED Registrant State/Province:DATA PROTECTION ENABLED Registrant Postal Code:DATA PROTECTION ENABLED Registrant Country:DATA PROTECTION ENABLED Registrant Phone:DATA PROTECTION ENABLED Registrant Email:DATA PROTECTION ENABLED Admin ID:5372809-ERL Admin Name:EXAMPLE REGISTRAR ADMINISTRATIVE Admin Organization:EXAMPLE REGISTRANT ORGANIZATION Admin Street1:DATA PROTECTION ENABLED Admin City:DATA PROTECTION ENABLED Admin State/Province:DATA PROTECTION ENABLED Admin Postal Code:DATA PROTECTION ENABLED Admin Country:DATA PROTECTION ENABLED Admin Phone:DATA PROTECTION ENABLED Admin Email:DATA PROTECTION ENABLED Billing ID:5372810-ERL Billing Name:EXAMPLE REGISTRAR BILLING Billing Organization:EXAMPLE REGISTRANT ORGANIZATION Billing Street1:DATA PROTECTION ENABLED Billing City:DATA PROTECTION ENABLED Billing State/Province:DATA PROTECTION ENABLED Billing Postal Code:DATA PROTECTION ENABLED Billing Country:DATA PROTECTION ENABLED Billing Phone:DATA PROTECTION ENABLED Billing Email:DATA PROTECTION ENABLED Tech ID:5372811-ERL Tech Name:EXAMPLE REGISTRAR TECHNICAL Tech Organization:EXAMPLE REGISTRAR LLC Tech Street1:DATA PROTECTION ENABLED Tech City:DATA PROTECTION ENABLED Tech State/Province:DATA PROTECTION ENABLED Tech Postal Code:DATA PROTECTION ENABLED Tech Country:DATA PROTECTION ENABLED Tech Phone:DATA PROTECTION ENABLED Tech Email:DATA PROTECTION ENABLED Name Server:NS01.EXAMPLEREGISTRAR.NET Name Server:NS02.EXAMPLEREGISTRAR.NET Thin Registry Outputs The following output is an example of a response from the Whois server for a domain that is RRP-based and, thus, emulates a thin registry response. In this way the response will be inclusive of a thin registry Whois server but will contain extra information to indicate that the contact information is not authoritative. Input: WHOISDOMAIN.NET -or- domain WHOISDOMAIN.NET Output: Domain ID:D5353343-LRNT Domain Name:WHOISDOMAIN.NET Created On:01-Jan-2005 04:00:00 UTC Last Updated On:10-Jan-2005 20:25:23 UTC Expiration Date:01-Jan-2007 04:00:00 UTC Sponsoring Registrar:EXAMPLE REGISTRAR LLC (R63-LRNT) Status:DELETE PROHIBITED Status:RENEW PROHIBITED Status:TRANSFER PROHIBITED Status:UPDATE PROHIBITED Authoritative Whois Referral Url:WHOIS.EXAMPLEREGISTRAR.NET Name Server:NS01.EXAMPLEREGISTRAR.NET Name Server:NS02.EXAMPLEREGISTRAR.NET The following output is an example of a response from the Whois server for a domain that is EPP-based however it emulates a thin registry response. In this way the response will reflect a thin registry Whois server but will indicate that the information is not authoritative. The thin EPP response may also contain one or more contacts that have been added by the registrar during the process of bringing the domain into compliance with a "thick" registry model. Input: WHOISDOMAIN.NET -or- domain WHOISDOMAIN.NET Domain ID:D5353344-LRNT Domain Name:WHOISDOMAIN.NET Created On:01-Jan-2005 04:00:00 UTC Last Updated On:10-Jan-2005 20:25:23 UTC Expiration Date:01-Jan-2007 04:00:00 UTC Sponsoring Registrar:EXAMPLE REGISTRAR LLC (R63-LRNT) Status:DELETE PROHIBITED Status:RENEW PROHIBITED Status:TRANSFER PROHIBITED Status:UPDATE PROHIBITED Authoritative Whois Referral Url:WHOIS.EXAMPLEREGISTRAR.NET Tech ID:5372807-ERL Tech Name:EXAMPLE REGISTRAR TECHNICAL Tech Organization:EXAMPLE REGISTRAR LLC Tech Street1:123 EXAMPLE STREET Tech City:ANYTOWN Tech State/Province:AP Tech Postal Code:A1A1A1 Tech Country:EX Tech Phone:+1.1235551234 Tech Email:EMAIL@EXAMPLE.COM Name Server:NS01.EXAMPLEREGISTRAR.NET Name Server:NS02.EXAMPLEREGISTRAR.NET 7.3.2 Nameserver Record A Whois query that results in Nameserver information will return the following. This set of information is referred to as the Nameserver Record. Input: host ns01.exampleregistrar.net -or- host 192.168.0.100 Output: Host ID:H123456-LRNT Host Name:NS01.EXAMPLEREGISTRAR.NET Sponsoring Registrar:R123-LRNT Created On:01-Jan-2005 20:21:50 UTC Last Updated On:01-Jan-2005 20:22:58 UTC IP Address:192.168.0.100 7.3.3 Contact Record A Whois query that results in contact information will return the following. This set of information is referred to as the Contact Record. Input: contact CNT-2222 Output: Contact ID:CNT-2222 Sponsoring Registrar:R1234-LRNT Name:EXAMPLE CONTACT Organization:EXAMPLE ORGANIZATION LLC Street1:123 EXAMPLE STREET City:ANYTOWN Postal Code:A1A1A1 Country:EX Phone:+1.4443331234 Email:EMAIL@EXAMPLE.COM Created On:01-Jan-2005 14:33:12 UTC 7.3.4 Registrar Record A Whois query that results in Registrar information will return the following. This set of information is referred to as the Registrar Record. Input: Whois registrar EXAMPLE REGISTRAR LLC Output: Registrar ID:FDRD-DRE Registrar GUID:99 Registrar Organization:EXAMPLE REGISTRAR LLC Street1:123 EXAMPLE STREET City:ANYTOWN Postal Code:A1A1A1 Country:EX Phone:+1.4443331234 Email:EMAIL@EXAMPLE.COM Created On:01-Jan-2005 16:50:58 UTC Last Updated On:10-Jan-2005 15:34:36 UTC Status:OK 8. Extended Whois (xWhois) Afilias reserves the right to develop and implement an extended Whois (xWhois) service. This subscription-based service would be intended to provide: An interface to the Whois database that will permit interested third parties to conduct enhanced Whois searches using Boolean and character string technologies. Enhanced search functions will include the ability to identify Registered domain names that incorporate a certain character string, or All domain names registered by a certain registrant. Support for a new lookup key, "list_registrars" which will generate a list of all accredited registrars pursuant to a query. This service would be intentionally separated from the standard Whois service due to the high transaction loads that will be placed on the standard service due to the thick-registry model, and the requirements to meet service level agreements. While the RFC954-conformant Whois service will be updated in near real-time, there is no need for the enhanced service to have this requirement due to the nature of its usage The maximum update latency of the enhanced service would be 48 hours after updates to the core registry database are received. 9. Extensible-Field Capability Afilias reserves the right to introduce the ability for registrars to use XRP, to add customized fields to a record in the registry database. These fields would appear in an "additional information" section of the Whois data. The maximum number of custom fields allowed per record is yet to be determined. |
Appendix P*, Whois Data Specification – Independent Whois Provider
Afilias meets the absolute specifications for Appendix P. In addition, it exceeds the specifications Afilias meets and exceeds the absolute and relative criterion for Appendix P in the same manner as it does for the Whois requirements in Appendix O. NOTE: As registry services provider to the Public Interest Registry for the .ORG domain, Afilias continually meets the requirements of the .ORG Whois specification under ICANN's supervision today. Afilias will provide bulk access to up-to-date data concerning domain name and nameserver registrations maintained by Afilias in connection with the .net TLD on a daily schedule. This is only for purposes of providing free public query- based access to up-to-date data concerning domain name and nameserver registrations in multiple TLDs, to a party designated from time to time in writing by ICANN (the "Designated Recipient"). The procedures for providing access, and the specification of the content and format of this data, will be as stated below, until changed according to the Registry Agreement. This Appendix is subject to change by agreement of Afilias and ICANN during the design process as well as during the IETF standards process. The target architecture and functionality specified in this Appendix conforms to RFC 3730 and related object mappings(RFC 3731, 3732, 3733, 3734, 3735). Afilias also agrees to work with ICANN to implement changes to this Appendix in order to provide services based on RFC 3981 and RFC 3982. A. Procedures for Providing Access Afilias will prepare (i) full data sets for one day of each week (the day to be designated by ICANN) and (ii) incremental data sets for all seven days of each week. Full and incremental data sets shall be up-to-date and coherent as of 12:00 UTC on the day to which they relate. Until a different day is designated by ICANN, the full data sets will be prepared for Sundays. (Note that on the ICANN-designated day both an incremental and a full data set are prepared.) 1. Preparation of Files Containing Data Sets. Each full and incremental data set consists of an XML document meeting the content and format requirements of Parts B and C of this document. Once the XML document is generated, the following preparation steps will be performed: a. The XML document will be placed in a file names according to the following convention: For full data sets: "wfYYMMDD" where "YYMMDD" is replaced with the date (YY=last two digits of year; MM=number of month; DD=day; in all cases a single- digit number should be left-padded with a zero). For incremental data sets: "wiYYMMDD" where "YYMMDD" follows the same format. b. The Registry Operator may optionally split the document using the Unix SPLIT command (or equivalent) to produce files no less than 1GB each (except the final file). If files are split, a .MD5 file (produced with MD5SUM or equivalent) must be included with the escrow files to isolate errors in case of transfer fault. c. The file(s) will then be encrypted and signed using PGP, version 6.5.1 or above, with a key of DH/DSS type and 2048/1024-byte length. (Note that PGP compresses the escrow file in addition to encrypting it.) The Data Recipient's public key will be used for the encryption and the Registry Operator's private key will be used for the signature. Public keys will be exchanged between the Registry Operator and the Designated Recipient by physical delivery of floppy diskettes or other agreed means. 2. Transmission of Full Data Sets. Once prepared, full data sets will be provided either by the procedures for incremental data sets described in item A (3) below or, at the option of either Afilias or the Designated Recipient, by writing the full data set to DAT tape (or other media mutually agreed by Afilias and the Designated Recipient) and sending it to the Designated Recipient by expedited delivery service (such as FedEx or DHL). If sent by expedited delivery service, the full data set will be scheduled for arrival no later than the second calendar day following the day to which the full backup relates. 3. Transmission of Incremental Data Sets. To permit the transmission of incremental data sets, Afilias will make them available for download by the Designated Recipient by Internet file transfer protocol. Incremental data sets will be made available for download no later than 20:00 UTC on the day to which they relate. B. Content The data sets (whether full or incremental) will consist of four types of objects: 1. Registrar objects. The first type of object corresponds to a single registrar. It includes the following data: Registrar ID (conforming to the IANA registrar-ids registry) Contact ID of Registrar Registrar Administrative Contacts Registrar Technical Contacts Registrar Billing Contacts Registrar URL Registrar Creation Date Registrar Last Updated Date 2. Contact objects. A second type of object is the contact object, which corresponds to a single contact (whether registrant, administrative, technical or billing contact). The contact object includes the following data: Contact ID Contact Name Contact Organization Contact Address, City, State/Province, Country Contact Postal Code Contact Phone, Fax, E-mail 3. Nameserver objects. A third type of object is the nameserver object, which corresponds to a single registered nameserver. The nameserver object includes the following data: Name Server ID Name Server Host Name Name Server IP Addresses if applicable Current Registrar Name Server Creation Date Name Server Last Updated Date 4. Domain objects. The final type of object is the domain object, which corresponds to a single Registered Name. Each domain object includes the following data: Domain ID Domain Name Sponsoring Registrar Domain Status All contact information (including all details) with at least one each of: * Registrant * Administrative * Technical * Billing All nameservers associated with this domain Domain Registration Date Domain Expiration Date Domain Last Updated Date 5. Objects Contained in Full and Incremental Data Sets. Full data sets include one domain object for each Registered Name within the Registry TLD; and nameserver, contact, and registrar objects for each nameserver, contact, and registrar referred to in any domain object. Incremental data sets consist of (a) those of the objects constituting a full data set that have been added or updated since the last incremental data set and (b) notations of deletion of any objects since the last incremental data set. C. Format Full and incremental data sets will be XML version 1.0, UTF-8 encoded documents conforming to the following document type definition: <!DOCTYPE whois-data [ <!ELEMENT whois-data (domain*, del-domain*, nameserver*, del-nameserver*, contact*, del-contact*, registrar*, del-registrar*) > <!-- del-domain, del-nameserver, del-contact, and del-registrar child elements are only meaningful where the attribute type="Full" | "Incremental" --> <!ATTLIST whois-data tld NMTOKEN #FIXED "net" date CDATA #REQUIRED type (Full | Incremental) version CDATA #FIXED "1.0" > <!ELEMENT domain (name)> <!ATTLIST domain dom-id ID #REQUIRED registrar-id IDREF #REQUIRED registrant-id IDREF #REQUIRED admin-id IDREF #REQUIRED tech-id IDREF #REQUIRED billing-id IDREF #REQUIRED nameserver-id IDREFS #IMPLIED status (Ok | serverHOLD | serverTransferProhibited | serverRenewProhibited | serverDeleteProhibited | serverUpdateProhibited | clientTransferProhibited | clientRenewProhibited | clientDeleteProhibited | clientUpdateProhibited | pendingTransfer | pendingDelete) cre-date CDATA #REQUIRED exp-date CDATA #REQUIRED upd-date CDATA #REQUIRED> <!ELEMENT del-domain EMPTY > <!-the presence of this element in an incremental data set indicates that the domain has been deleted since the last incremental data set --> <!ATTLIST del-domain dom-id ID #REQUIRED > <!ELEMENT nameserver (name, ip, ip+) > <!ATTLIST nameserver nameserver-id ID #REQUIRED registrar-id IDREF #REQUIRED cre-date CDATA #REQUIRED upd-date CDATA #REQUIRED> <!ELEMENT del-nameserver EMPTY > <!-the presence of this element in an incremental data set indicates that the nameserver has been deleted since the last incremental data set --> <!ATTLIST del-nameserver nameserver-id ID #REQUIRED > <!ELEMENT contact (name, org, address, post-code, country, phone, fax-, e- mail) > <!ATTLIST contact contact-id ID #REQUIRED registrar-id IDREF #REQUIRED cre-date CDATA #REQUIRED upd-date CDATA #REQUIRED> <!ELEMENT del-contact EMPTY > <!-the presence of this element in an incremental data set indicates that the contact has been deleted since the last incremental data set --> <!ATTLIST del-contact contact-id ID #REQUIRED > <!ELEMENT registrar (reg-status, url) > <!ATTLIST registrar registrar-id ID #REQUIRED contact-id IDREF #REQUIRED admin-id IDREFS #REQUIRED tech-id IDREFS #REQUIRED billing-id IDREFS #REQUIRED cre-date CDATA #REQUIRED upd-date CDATA #REQUIRED> <!ELEMENT del-registrar EMPTY > <!-the presence of this element in an incremental data set indicates that the registrar has been deleted since the last incremental data set --> <!ATTLIST del-registrar registrar-id ID #REQUIRED > <!ELEMENT name (#PCDATA) > <!ELEMENT ip (#PCDATA) > <!ELEMENT org (#PCDATA) > <!ELEMENT address (#PCDATA) > <!ELEMENT post-code (#PCDATA) > <!ELEMENT country EMPTY > <!ATTLIST country cc (AF | AL | DZ | AS | AD | AO | AI | AQ | AG | AR | AM | AW | AU | AT | AZ | BS | BH | BD | BB | BY | BE | BZ | BJ | BM | BT | BO | BA | BW | BV | BR | IO | BN | BG | BF | BI | KH | CM | CA | CV | KY | CF | TD | CL | CN | CX | CC | CO | KM | CG | CD | CK | CR | CI | HR | CU | CY | CZ | DK | DJ | DM | DO | AX | EC | EG | SV | GQ | ER | EE | ET | FK | FO | FJ | FI | FR | GF | PF | TF | GA | GM | GE | DE | GH | GI | GR | GL | GD | GP | GU | GT | GN | GW | GY | HT | HM | VA | HN | HK | HU | IS | IN | ID | IR | IQ | IE | IL | IT | JM | JP | JO | KZ | KE | KI | KP | KR | KW | KG | LA | LV | LB | LS | LR | LY | LI | LT | LU | MO | MK | MG | MW | MY | MV | ML | MT | MH | MQ | MR | MU | YT | MX | FM | MD | MC | MN | MS | MA | MZ | MM | NA | NR | NP | NL | AN | NC | NZ | NI | NE | NG | NU | NF | MP | NO | OM | PK | PW | PS | PA | PG | PY | PE | PH | PN | PL | PT | PR | QA | RE | RO | RU | RW | SH | KN | LC | PM | VC | WS | SM | ST | SA | SN | SC | SL | SG | SK | SI | SB | SO | ZA | GS | ES | LK | SD | SR | SJ | SZ | SE | CH | SY | TW | TJ | TZ | TH | TG | TK | TO | TT | TN | TR | TM | TC | TV | UG | UA | AE | GB | US | UM | UY | UZ | VU | VE | VN | VG | VI | WF | EH | YE | CS | ZM | ZW | TL) > <!ELEMENT phone (#PCDATA) > <!ELEMENT fax (#PCDATA) > <!ELEMENT e-mail (#PCDATA) > <!ELEMENT reg-status (#PCDATA) > <!ELEMENT url (#PCDATA) > <!ELEMENT date (#PCDATA) > <!ELEMENT number (#PCDATA) > ]> |
Appendix Q*, Whois Data Specification – ICANN
Afilias meets all absolute criterion for Appendix Q. NOTE: As registry services provider to the Public Interest Registry for the .ORG domain, Afilias continually meets the requirements of the .ORG Whois specification under ICANN's supervision today. There is no substantive reason to exceed this specification and therefore relative criterion should not apply in this case. Afilias will provide bulk access by ICANN to up-to-date data concerning domain name and nameserver registrations maintained by Afilias in connection with the .net TLD on a daily schedule, only for purposes of verifying and ensuring the operational stability of Registry Services, the DNS, and the Internet. The procedures for providing access, and the specification of the content and format of this data, will be as stated below, until changed according to the Registry Agreement. This Appendix is subject to change by agreement of Afilias and ICANN during the design process as well as during the IETF standards process. The target architecture and functionality specified in this Appendix conforms to RFC 3730 and related object mappings(RFC 3731, 3732, 3733, 3734, 3735). Afilias also agrees to work with ICANN to implement changes to this Appendix in order to provide services based on RFC 3981 and RFC 3982. A. Procedures for Providing Access Afilias will prepare a full data set once each week (the day to be designated by ICANN). Full data sets shall be up-to-date and coherent as of 1200 UTC on the day to which they relate. Until a different day is designated by ICANN, the full data sets will be prepared for Sundays. 1. Preparation of Files Containing Data Sets. Each full data set consists of an XML document meeting the content and format requirements of Parts B and C of this document. Once the XML document is generated, the following preparation steps will be performed: a. The XML document will be placed in a file named according to the following convention: "wfYYMMDD" where "YYMMDD" is replaced with the date (YY=last two digits of year; MM=number of month; DD=day; in all cases a single-digit number should be left-padded with a zero). b. Afilias may optionally split the document using the Unix SPLIT command (or equivalent) to produce files no less than 1GB each (except the final file). If files are split, an MD5 file (produced with MD5SUM or equivalent) must be included with the resulting files to isolate errors. Afilias may optionally compress the document using the Unix GZIP command (or equivalent) to reduce the filesize. c. The file(s) will then be encrypted and signed using PGP, version 6.5.1 or above, with a key of DH/DSS type and 2048/1024-byte length. (Note that PGP compresses the escrow file in addition to encrypting it.) An ICANN public key will be used for the encryption and the Registry Operator's private key will be used for the signature. Public keys will be exchanged between Afilias and ICANN by e-mail, physical delivery of floppy diskettes, or other agreed means. 2. Transmission of Full Data Sets. Once prepared, full data sets will be provided according to paragraph a below or, at Afilias' option, according to paragraph b below: a. Afilias will make full data sets available for download by ICANN by secure and authenticated methods, including, but not limited to, Secure FTP (sftp) or HTTPS protocols. The data sets will be made available for download beginning no later than 2000 UTC on the day to which they relate and until the next full data set becomes available for download. b. Afilias will write the full data set to DAT (DDS-4) tape (or other media specified by ICANN) and send it to ICANN by expedited delivery service (such as FedEx or DHL). The full data set will be scheduled for arrival at ICANN no later than the fourth calendar day following the day to which the data set relates. B. Content The full data sets will consist of the objects and contents described for full data sets in Part B of Appendix P. C. Format Full data sets will be XML version 1.0, UTF-8 encoded documents conforming to the schema/document type declaration set forth in Part C of Appendix P. |
Appendix R, Data Escrow Specification
Afilias meets the absolute specifications for Appendix R. In addition, it
exceeds the specifications Afilias meets and exceeds the absolute and relative
criterion for Appendix R in the following manner:
· Afilias enables ICANN to participate in the verification process of the
escrowed data dumps
· Afilias offers to provide ICANN not only with the required XML report
containing the registry data, but also with a true native format registry
database backup
This Appendix R to the Registry Agreement consists of four of the five
exhibits to the Service Level Agreement that constitutes Appendix S to the
Registry Agreement:
Exhibit A-Schedule for Escrow Deposits
Exhibit B-Escrow Deposit Format Specification
Exhibit C-Escrow Transfer Process
Exhibit D-Escrow Verification Procedures
--- Exhibit A-Schedule for Escrow Deposits ---
Full Deposit Schedule
Full Deposits shall consist of data that reflects the state of the registry as
of 00:00 UTC on each Sunday. Pending transactions at that time (i.e.
transactions that have not been committed to the Registry Database) shall not
be reflected in the Full Deposit.
Full Deposits shall be made, according to the transfer process described in
Exhibit C below, within a four-hour window beginning at 04:00 UTC on the same
Sunday.
Incremental Deposit Schedule
Incremental Deposits shall reflect database transactions made since the most
recent Full or Incremental Deposit. Incremental Deposits for Monday shall
include transactions completed through 00:00 UTC on that day that had not been
committed to the registry database at the time the last Full Deposit was
taken. Incremental Deposits on Tuesday through Saturday shall include
transactions completed through 00:00 UTC on the day of the deposit that were
not reflected in the immediately prior Incremental Deposit.
Incremental Deposits shall be made, according to the transfer process
described in Exhibit C below, within a four-hour window beginning at 04:00 UTC
on the day to which the Incremental Deposit relates.
--- Exhibit B-Escrow Deposit Format Specification ---
This Appendix is subject to change by agreement of Registry Operator and ICANN
during the design process as well as during the IETF standards process. In
addition, Registry Operator agrees to implement changes to this Appendix
specified by ICANN to conform to the IETF provreg working group's protocol
specification no later than 135 days after the IETF specification is adopted
as a Proposed Standard [RFC 2026, section 4.1.1].
Each Full Deposit includes a series of reports that are concatenated in the
Escrow Process. Each Full Deposit may further include a full backup of the
operating database in native format.
Each Incremental Deposit includes a series of reports that are concatenated in
the Escrow Process. Each Incremental Deposit may further include a full
backup of the operating database in native format.
Each Incremental Deposit consists of a series of reports that are concatenated
in the Escrow Process.
Full Deposit Contents. The reports involved in a Full Deposit are:
Domain Object Report-This reports on the contents of all domain objects in the
registry database.
Host Object Report-This reports on the contents of all host objects in the
registry database.
Contact Object Report-This reports on the contents of all contact objects in
the registry database.
Registrar Object Report-This reports on the contents of all registrar objects
in the registry database.
Incremental Deposit Contents. The report involved in an Incremental Deposit is:
Transaction Report-This reports on the contents of all transaction records
included in the Incremental Deposit.
Format of Reports. All reports are to be formatted in XML format. In
compliance with the XML 1.0 specification, certain characters in the data must
be escaped, as described in item 1 below. Each Report shall then be prepared
according to the general XML format described in items 2 to 7 below. Item 2
describes the report container that is common to all reports. Items 3 to 7
describe the structure of the contents of the report container for each of the
specific reports. Report formats may be modified (with at least 90 days
notification to participating parties) in respect of relevant changes to the
Registry and all dependent specifications including but not limited to
relevant RFCs.
1. Escape-Character Requirements. In compliance with the XML 1.0
specification, data escrowed using the XML format the following characters in
any data elements must be replaced with the corresponding escape sequences
listed here:
Character Escape Sequence
------------- -----------------------
" "
& &
` '
< <
> &qt
2. The Report Container. At its highest level, the XML format consists of an
escrow container with header attributes followed by escrow data. The header
attributes are required and include the version of escrow (1.0), the Registry
TLD ("org"), the report type (domain, host, contact, registrar, or
transaction), and database-committed date and time as to which the escrow
relates. The date and time of the escrow will be specified in UTC. The general
format of the report container is as follows:
<?xml version="1.0" encoding='UTF-8' ?>
<!DOCTYPE escrow SYSTEM "whois-export.dtd" >
<escrow version="1.0" tld="org" report="domain" date="15-Jan-2003 3:15:00AM">
{Here the report contains the actual data being escrowed. It contains one
element for each object of the type (domain, host, contact, registrar, or
transaction) covered by the report. The specific format for each report is
described in items 3 to 7 below.}
</escrow>
3. The Domain Element. The domain element has the attribute "fqdn" (the fully
qualified name of the domain) and is a container consisting of the following
elements:
a. status: The domain status code. Possible values are: NEW, ACTIVE, INACTIVE,
HOLD, LOCK, CLIENT-HOLD, CLIENT-LOCK, PENDING-TRANSFER, PENDING-DELETE
b. period: The registration period in years.
c. owned-by: An identification (the "id" attribute of the registrar element)
of the sponsoring registrar of the domain.
d. created-code: A reference to the transaction that created the domain object.
e. created-on: The date/time the domain object was originally created.
f. renewed-on: The date/time the domain was last renewed.
g. updated-by: An identification (the "id" attribute of the registrar element)
of the registrar that last updated the domain object.
h. updated-on: The date/time the domain object was last updated.
i. transferred-by: An identification (the "id" attribute of the registrar
element) of the registrar that last transferred the domain object.
j. transferred-on: The date/time when the domain object was last transferred.
k. transferred-code: A reference to the transaction that last transferred the
domain object.
l. host: Up to thirteen (13) host names that are nameservers for the domain to
which the domain object relates.
m. contact-id: Up to four (4) contact-ids that reference the contact records
for this domain. Contact-id has the attribute "type" to denote the type of
contact. "Type" can be one of: Registrant, Administrative, Technical or
Billing.
An example domain container appears below:
<domain fqdn="example.org">
<status>ACTIVE</status>
<period>1</period>
<owned-by>42</owned-by>
<created-code>12345678</created-code>
<created-on>14-Jan-2003 12:34:56AM</created-on>
<renewed-on></renewed-on>
<updated-by>42</updated-by>
<updated-on>14-Jan-2003 12:34:56AM</updated-on>
<transferred-by></transferred-by>
<transferred-on></transferred-on>
<transferred-code></transferred-code>
<host>dns1.example.org</host>
<host>dns2.example.org</host>
<contact-id type="Registrant">1</contact-id>
<contact-id type="Administrative">2</contact-id>
<contact-id type="Technical">3</contact-id>
<contact-id type="Billing">4</contact-id>
</domain>
4. The Host Element. The host element has the attribute "fqdn" (the fully
qualified name of the host) and is a container consisting of the following
elements:
a. owned-by: An identification (the "id" attribute of the registrar element)
of the sponsoring registrar of the host.
b. created-code: A reference to the transaction that created the host object.
c. created-on: The date/time the host object was originally created.
d. updated-by: An identification (the "id" attribute of the registrar element)
of the registrar that last updated the host object.
e. updated-on: The date/time the host object was last updated.
f. ip-address: Any number of IP addresses associated with this host.
An example host container appears below:
<host fqdn="dns1.example.org">
<owned-by>42</owned-by>
<created-code>12345679</created-code>
<created-on>14-Jan-2003 12:40:32AM</created-on>
<updated-by>42</updated-by>
<updated-on>14-Jan-2003 12:40:32AM</updated-on>
<ip-address>192.168.1.1</ip-address>
</host>
5. The Contact Element. The contact element has the attribute "id" and is a
container consisting of the following elements:
a. name: The name of the contact.
b. organization: The organization for the contact.
c. Within the "contact" container is a sub-container named "address" with the
following elements:
i. street1: The first part of the street address of the contact.
ii. street2: The second part of the street address of the contact.
iii. city: The name of the city of the contact.
iv. state-province: The name of the state/province of the contact.
v. postal-code: The postal/zip code of the contact.
vi. country: The two-letter ISO 3166 code for the contact's country.
d. voice: The voice phone number of the contact in E164a format.
e. fax: The fax number of the contact in E164a format.
f. email: The e-mail address of the contact.
g. owned-by: An identification (the "id" attribute of the registrar element)
of the sponsoring registrar of the contact.
h. created-code: A reference to the transaction that created the contact
object.
i. created-on: The date/time the contact object was originally created.
j. updated-by: An identification (the "id" attribute of the registrar element)
of the registrar that last updated the contact object.
k. updated-on: The date/time the contact object was last updated.
l. transferred-by: An identification (the "id" attribute of the registrar
element) of the registrar that last transferred the contact object.
m. transferred-on: The date/time when the contact object was last transferred.
n. transferred-code: A reference to the transaction that last transferred the
contact object.
An example contact container appears below:
<contact id="1">
<name>John Doe</name>
<organization>aol</organization>
<address>
<street1>1234 East 11th Street</street1>
<street2></street2>
<city>New York</city>
<state-province>NY</state-province>
<postal-code>12345</postal-code>
<country>US</country>
</address>
<voice>+212.1234567</voice>
<fax>+212.1234568</fax>
<email>jdoe@example.org</email>
<owned-by>42</owned-by>
<created-code>12345680</created-code>
<created-on>14-Jan-2003 12:42:22AM</created-on>
<updated-by>42</updated-by>
<updated-on>14-Jan-2003 12:42:22AM</updated-on>
<transferred-by></transferred-by>
<transferred-on></transferred-on>
<transferred-code></transferred-code>
</contact>
6. The Registrar Element. The registrar element has the attribute "id", which
is a unique identifier assigned by the IANA. The registrar element is a
container consisting of the following elements:
a. password: The password for the registrar.
b. name: The name of the registrar.
c. status: The registrar status code.
d. contact-id: Any number of contact-id associated with this registrar.
Contact-id has the attribute "type" to denote the type of contact. "Type" can
be one of: Administrative, Technical or Billing.
An example registrar container appears below:
<registrar id="42">
<password>registrarrus</password>
<name>Registrar R Us</name>
<status>ACTIVE</status>
<contact-id type="Administrative">10</contact-id>
<contact-id type="Administrative">11</contact-id>
<contact-id type="Technical">12</contact-id>
<contact-id type="Technical">13</contact-id>
<contact-id type="Billing">14</contact-id>
</registrar>
7. The Transaction Element. The transaction element has the
properties "operation" and "type". "Operation" can be one of: add, modify or
delete. "Type" can be one of: domain, host, contact or registrar. The
transaction element is a container consisting of elements from the
corresponding "type" element. For example, a transaction element with a "type"
of "registrar" will have the same set of elements as a Registrar element. For
a "delete" operation, only the object ID is included in the transaction
element.
An example transaction container appears below:
<transaction operation="modify" type="registrar">
<password>new password</password>
<name>Registrar R Us</name>
<status>ACTIVE</status>
<contact-id type="Administrative">10</contact-id>
<contact-id type="Administrative">11</contact-id>
<contact-id type="Technical">12</contact-id>
<contact-id type="Technical">13</contact-id>
<contact-id type="Billing">14</contact-id>
</transaction>
--- Exhibit C-Escrow Transfer Process ---
Deposit Transfer Process.
Registry Operator shall prepare and transfer the Deposit file by the following
steps, in sequence:
1. The Reports making up the Deposit will first be created according to the
format specification. (See Exhibit B above, "Escrow Deposit Format
Specification").
2. The Reports making up the Deposit will be concatenated. The resulting file
shall be named according to the following format: "orgSEQN", where "SEQN" is a
four digit decimal number that is incremented as each report is prepared.
3. Next, the Deposit file will be processed by a program (provided by ICANN or
a mutually designated third party) that will verify that it complies with the
format specification and contains reports of the same date/time (for a Full
Deposit), count the number of objects of the various types in the Deposit, and
append to the file a report of the program's results.
4. Registry Operator may optionally split the resulting file using the Unix
SPLIT command (or equivalent) to produce files no less than 1 GB each (except
the final file). If Deposit files are split, a .MD5 file (produced with MD5SUM
or equivalent) must be included with the split files to isolate errors in case
of transfer fault.
5. The Deposit file(s) will then be encrypted using Escrow Agent's public key
for PGP and signed using Registry Operator's private key for PGP, both version
6.5.1 or above, with a key of DH/DSS type and 2048/1024-byte length. (Note
that PGP compresses the Deposit file(s) in addition to encrypting it (them).)
The formatted, encrypted and signed Deposit file(s) will be sent, by anonymous
file transfer, to Escrow Agent's ftp server within the specified time window.
--- Exhibit D-Escrow Verification Procedures ---
Verification Procedures. Escrow Agent will verify the format and completeness
of each Deposit by the following steps:
1. At the conclusion of the deposit window, all Deposit files will be moved to
a not-publicly-accessible directory and the existence and size of each will be
noted.
2. Each Deposit file will be decrypted using Escrow Agent's private key for
PGP and authenticated using Registry Operator's public key for PGP. (In this
step, PGP will also automatically decompress the escrow file).
3. If there are multiple files, they will be concatenated in sequence.
4. Escrow Agent will run a program on the Deposit file (without report) that
will split it in to its constituent reports (including the format report
prepared by the Registry Operator and appended to the Deposit) check its
format, count the number of objects of each type, and verify that the data set
is internally consistent. This program will compare its results with the
results of the Registry-generated format report, and will generate a Deposit
format and completeness report. The program will encrypt the report using
ICANN's public key for PGP and signed using Escrow Agent's private key for
PGP, both versions 6.5.1 or above, with a key of DH/DSS type and 2048/1024-
byte length. (Note that PGP compresses the Deposit file(s) in addition to
encrypting it (them).)
5. The decrypted Deposit file will be destroyed to reduce likelihood of data
loss to intruders in case of partial security failure.
Distribution Of Public Keys. Each of Registry Operator and Escrow Agent will
distribute its public key to the other party (Registry Operator or Escrow
Agent, as the case may be) via email to an email address to be specified. Each
party will confirm receipt of the other party's public key with a reply email,
and the distributing party will subsequently reconfirm the authenticity of the
key transmitted. In this way, public key transmission is authenticated to a
user able to send and receive mail via a mail server operated by the
distributing party. Escrow Agent and ICANN shall exchange keys by the same
procedure.
|
Along with providing the information requested below, the applicant should include its own proposed versions of appendices C, D, E, O, P, Q, and R based on the current .NET registry agreement <http://www.icann.org/tlds/agreements/verisign/net-index.htm> which the applicant would be willing to have included in the subsequent .NET registry agreement. Applicants should ensure that their proposed versions of these appendices include any relevant subsequent updates to the RFCs referenced in these appendices. For example, RFC1035 as listed in Appendix C4 has been updated by RFC2845 and RFC3645, among other updates.
(a) Outline your technical capabilities. Provide a description of your technical capabilities, including information about key technical personnel (qualifications and experience), size of technical workforce and access to systems development tools. Outline any significant prior technical achievements.
|
(b) Technical plan and capabilities for the proposed registry operations. In certain sections of the web-based form, applicants are permitted to make non-textual submissions together with, and as part of, their application (e.g., graphs, flowcharts, models and diagrams). Present a technical plan and capabilities outline for the proposed registry operations. The technical plan should address the following factors:
|
(i) General description of proposed facilities and
systems. Describe all system locations. Identify the specific types of
systems being used, their capacity and interoperability, general
availability and level of security of technical environment. Describe in
appropriate detail buildings, hardware, software systems, environmental
equipment and Internet connectivity. | ||
 | ||
|
(ii) Stability of resolution and performance capabilities, including: response times and packet loss targets; availability of authoritative name servers; processes, tools and automated monitoring to ensure accuracy of zone data for resolution; diversity of DNS infrastructure; diversity and redundancy of network and DNS infrastructure to handle bandwidth congestion and network failures of ISPs and host providers. | ||
| ||
|
(iii) Operational scalability sufficient to handle existing registry database and projected growth; DNS queries including peak periods and projected growth; DDoS attacks, viruses, worms and spam; and restart capabilities. | ||
| ||
|
(iv) Describe the registry-registrar model and protocol; availability of a shared registration system, including processing times for standard queries (add, modify, delete); and duration of any planned or unplanned outages. | ||
| ||
|
(v) Database capabilities including database software, size, throughput, scalability, procedures for object creation, editing, and deletion, change notifications, registrar transfer procedures, grace period implementation , availability of system with respect to unplanned outage time, response time performance; ability to handle current volumes and expected growth and reporting capabilities. | ||
| ||
|
(vi) Geographic network coverage, including physically diverse sites and support of growing and emerging markets. | ||
| ||
|
(vii) Zone file generation including procedures for changes, editing by registrars and updates. Address frequency, security, process, interface, user authentication, logging and data back-up. | ||
| ||
|
(viii) Zone file distribution and publication. Locations of name servers, procedures for and means of distributing zone files to them. | ||
| ||
|
(ix) Billing and collection systems. Technical characteristics, system security, accessibility. | ||
| ||
|
(x) Backup. Describe frequency and procedures for backup of data. Describe hardware and systems used, data format, identity of suggested escrow agent(s) and procedures for retrieval of data/rebuild of database. | ||
| ||
|
(xi) Escrow. Describe arrangements for data escrow, or equivalent data backup security, data formats, insurance arrangements and backup plans for data recovery. | ||
| ||
|
(xii) Publicly accessible WHOIS service. Address software and hardware, connection speed, search capabilities and coordination with other WHOIS systems. Frequency of WHOIS updates, availability and processing times. Identify whether you propose to use a “thick” registry model or “thin” registry model, and explain why you believe your choice is preferable. | ||
| ||
|
(xiii) System security and physical security. Technical and physical capabilities and procedures to prevent system hacks, break-ins, data tampering and other disruptions to operations. The applicant's response to Part 2, Section 5, Subsection b, Question xiii will remain confidential to ICANN and the independent evaluators. ICANN will use reasonable efforts to avoid publication or release of this information, but in no circumstance will ICANN's liability for any release of this information exceed the amount of the application fee. | ||
|
||
|
(xiv) Peak capacities. Technical capability for handling a
larger-than-projected demand for registration or load. Effects on load on
servers, databases, back-up systems, support systems, escrow systems,
maintenance and personnel. | ||
| ||
|
(xv) System reliability. Define, analyze and quantify quality of service. | ||
| ||
|
(xvi) System outage prevention. Procedures for problem detection, redundancy of all systems, backup power supply, facility security and technical security. Outline the availability of backup software, operating system and hardware. Outline system monitoring, technical maintenance staff and server locations. | ||
| ||
|
(xvii) Ability to support current feature functionality of .NET (to the extent publicly or otherwise available to the applicant, including IDNs, support of IPv6, DNSSEC. | ||
| ||
|
(xviii) System recovery procedures. Procedures for restoring the system to operation in the event of a system outage, both expected and unexpected. Identify redundant/diverse systems for providing service in the event of an outage and describe the process for recovery from various types of failures. Describe the training of technical staff that will perform these tasks, the availability and backup of software and operating systems needed to restore the system to operation and the availability of the hardware needed to restore and run the system. Describe backup electrical power systems and the projected time for system restoration. Describe procedures for testing the process of restoring the system to operation in the event of an outage, the documentation kept on system outages and on potential system problems that could result in outages. | ||
| ||
|
(xix) Technical and other support. Support for registrars and for Internet users and registrants. Describe technical help systems, personnel accessibility, web-based, telephone and other support services to be offered, time availability of support and language-availability of support. Ability to support new and emerging technologies. | ||
| ||
6. Security and Stability
Criteria: The entity chosen to operate the .NET registry must: (i) maintain .NET registry functions efficiently and reliably, (ii) demonstrate disaster recovery capability and (iii) deliver high quality of service for all .NET users worldwide. Providing documentation for procedures insuring a very high level of security and stability is an absolute criterion.
(a) Provision for Registry Failure. Describe in detail how you would assure continuity of operations in the event of operational failure of the registry and make provision for contingencies and a failsafe back-up plan. A commitment to provide ICANN with escrowed data, in and of itself, will not satisfy the absolute criterion.
|
(b) Provision for Business Failure. Describe in detail what advance arrangements you will implement to ensure that, if your operation of the .NET registry becomes financially non-viable, the registry operations will be quickly, smoothly and efficiently transferred to another operator so as to minimize disruption of the registry functions.
|
(c) Describe in detail your arrangements to provide a secure environment in which the registry infrastructure is to be operated.
The applicant's response to Part 2, Section 6, Question c will remain confidential to ICANN and the independent evaluators. ICANN will use reasonable efforts to avoid publication or release of this information, but in no circumstance will ICANN's liability for any release of this information exceed the amount of the application fee.
| ||
7. Additional Relative Criteria
The following are additional relative criteria: (i) the degree to which the applicant’s proposal promotes competition in the registration of domain names, (ii) the degree to which an applicant’s business model relies on multiple, rather than sole source, suppliers, to reduce the impact of failure by any one supplier, and (iii) the degree to which an applicant’s proposal results in improved implementation of, and support for, GNSO policies, such as transfers and deletes.
Provide a detailed explanation of the manner and degree to which your proposal accomplishes the three relative criteria described above.
| ||
8. Transition and Migration Plans
Criteria: Applicants should document their plan for (i) migrating .NET from the current registry operator (if applicable) with specific attention paid to maintaining existing functional capabilities as defined at the time of the RFP, including the existing RRP and (ii) for implementing support for Version 1.0 of EPP.
Present a detailed plan for the transition of the registry function from the current facilities and services provided by VeriSign, Inc., to the facilities and services you propose. Issues that should be discussed in this detailed plan include:
| ||
Provide a detailed description of your plan for supporting RRP at the time of transition, for supporting EPP 1.0, and for providing registrars with a smooth, low-cost migration path from RRP to EPP.
| ||
Please check that you have completed all the following steps to ensure you have fulfilled the requirements of the Request for Proposals:
When you complete this application and finalize it for sending to ICANN, you will need to confirm the following:
| Signature: | ___________________________________________________________________________ |
| Title: | ___________________________________________________________________________ |
| Organization: | ___________________________________________________________________________ |
| Date: | ___________________________________________________________________________ |
Please report any problems with this application to
net-rfp@icann.org
© 2005 The Internet Corporation for Assigned Names and Numbers