Amendment No. 2 to the .COOP Registry Agreement
The Internet Corporation for Assigned Names and Numbers and DotCooperation LLC agree, effective as of (“Amendment Effective Date”), that the modifications set forth below are now made to the 1 July 2007 Registry Agreement (“Agreement”).
Section 3.1 (c)(i) of the Agreement is deleted in its entirety and replaced as follows:
3.1 (c)(i) Data Escrow. Registry Operator shall comply with the registry data escrow procedures set forth in Appendix 1 attached hereto (“Appendix 1”).
Section 3.1 (c)(iii) of the Agreement is deleted in its entirety and replaced as follows:
3.1 (c)(iii) Bulk Zone File Access. Registry Operator shall comply with the registry bulk zone file access procedures set forth in Appendix 3 attached hereto (“Appendix 3”).
Section 3.1 (c)(v) of the Agreement is deleted in its entirety and replaced as follows:
3.1 (c)(v) Publication of Registration Data. Registry Operator shall provide public access to registration data in accordance with Appendix 5 attached hereto.
Section 3.1 (d)(ii) of the Agreement is deleted in its entirety and replaced as follows:
[Old Text]
Functional and Performance Specifications. Functional and Performance Specifications for operation of the TLD shall be as set forth in Appendix 7 hereto, and shall address without limitation minimum requirements for DNS services; operation of the shared registration system; and nameserver operations. Sponsor shall keep and ensure Registry Operator shall keep technical and operational records sufficient to evidence compliance with such specifications for at least one year, which records ICANN may audit from time to time upon reasonable advance written notice, provided that such audits shall not exceed one per quarter. Any such audit shall be at ICANN's cost.
[New Text]
provided that Registry Operator pays all reasonable costs incurred (i) by ICANN as a result of the designation of the Emergency Operator and (ii) by the Emergency Operator in connection with the operation of the registry for the TLD, which costs shall be documented in reasonable detail in records that shall be made available to Registry Operator. In the event ICANN designates an Emergency Operator pursuant to this Section 3.1 (d)(ii) and the Registry Transition Process, Registry Operator shall provide ICANN or any such Emergency Operator with all data (including the data escrowed in accordance with Section 3.1 (c)(i)) regarding operations of the registry for the TLD necessary to maintain operations and registry functions that may be reasonably requested by ICANN or such Emergency Operator. Registry Operator agrees that ICANN may make any changes it deems necessary to the IANA database for DNS and WHOIS records with respect to the TLD in the event that an Emergency Operator is designated pursuant to this Section 3.1 (d)(ii).
Appendix 1 is deleted in its entirety and replaced in the form attached to this Amendment.
Appendix 2, subject to the provisions of clause XII of this Amendment set forth below, will be deleted in its entirety and hereinafter forever labeled as “RESERVED.”
Appendix 3 is deleted in its entirety and replaced in the form attached to this Amendment.
Appendix 4 is deleted in its entirety and replaced in the form attached to this Amendment.
Appendix 5 is deleted in its entirety and replaced in the form attached to this Amendment.
Appendix 7 is deleted in its entirety and replaced in the form attached to this Amendment.
Part V of Appendix S is deleted in its entirety.
Registry Operator will have ninety (90) days from the Amendment Effective Date to comply with the terms of the Agreement as modified by this Amendment, during which time Registry Operator remains obligated to comply with the provisions of the Agreement as they existed prior to the Amendment Effective Date. On or prior to expiration of this period, Registry Operator must procure and provide to ICANN a Registry Data Escrow Agreement that meets compliance with the terms of Appendix 1 of the Agreement as modified by this Amendment.
The parties agree that, except as set forth in this Amendment, the terms of the Agreement will remain in full force and effect. All capitalized terms not defined will have the meaning given to them in the Agreement.
AGREED:
INTERNET CORPORATION FOR ASSIGNED NAMES AND NUMBERS
By:
Akram Atallah
President, Global Domains Division
DOTCOOPERATION, LLC
By:
Patricia Brownell Sterner
Chief Operating Officer, National Cooperative Business Association
APPENDIX 1
Data Escrow Requirements
Registry Operator will engage an independent entity to act as data escrow agent (“Escrow Agent”) for the provision of data escrow services related to the Registry Agreement. The following Technical Specifications set forth in Part A, and Legal Requirements set forth in Part B, will be included in any data escrow agreement between Registry Operator and the Escrow Agent, under which ICANN must be named a third-‐party beneficiary. In addition to the following requirements, the data escrow agreement may contain other provisions that are not contradictory or intended to subvert the required terms provided below.
Deposits. There will be two types of Deposits: Full and Differential. For both types, the universe of Registry objects to be considered for data escrow are those objects necessary in order to offer all of the approved Registry Services.
“Full Deposit” will consist of data that reflects the state of the registry as of 00:00:00 UTC (Coordinated Universal Time) on the day that such Full Deposit is submitted to Escrow Agent.
“Differential Deposit” means data that reflects all transactions that were not reflected in the last previous Full or Differential Deposit, as the case may be. Each Differential Deposit will contain all database transactions since the previous Deposit was completed as of 00:00:00 UTC of each day, but Sunday. Differential Deposits must include complete Escrow Records as specified below that were not included or changed since the most recent full or Differential Deposit (i.e., newly added or modified domain names).
Schedule for Deposits. Registry Operator will submit a set of escrow files on a daily basis as follows:
Each Sunday, a Full Deposit must be submitted to the Escrow Agent by 23:59 UTC.
The other six (6) days of the week, a Full Deposit or the corresponding Differential Deposit must be submitted to Escrow Agent by 23:59 UTC.
Escrow Format Specification.
Specification”). The DNDE Specification describes some elements as optional; Registry Operator will include those elements in the Deposits if they are available. If not already an RFC, Registry Operator will use the most recent draft version of the DNDE Specification available at the Effective Date. Registry Operator may at its election use newer versions of the DNDE Specification after the Effective Date. Once the DNDE Specification is published as an RFC, Registry Operator will implement that version of the DNDE Specification, no later than one hundred eighty (180) calendar days after. UTF-‐8 character encoding will be used.
Processing of Deposit files. The use of compression is recommended in order to reduce electronic data transfer times, and storage capacity requirements. Data encryption will be used to ensure the privacy of registry escrow data. Files processed for compression and encryption will be in the binary OpenPGP format as per OpenPGP Message Format -‐ RFC 4880, see Part A, Section 9, reference 3 of this Appendix. Acceptable algorithms for Public-‐key cryptography, Symmetric-‐key cryptography, Hash and Compression are those enumerated in RFC 4880, not marked as deprecated in OpenPGP IANA Registry, see Part A, Section 9, reference 4 of this Appendix, that are also royalty-‐free. The process to follow for the data file in original text format is:
The XML file of the deposit as described in Part A, Section 9, reference 1 of this Appendix must be named as the containing file as specified in Section 5 but with the extension xml.
The data file(s) are aggregated in a tarball file named the same as (1) but with extension tar.
A compressed and encrypted OpenPGP Message is created using the tarball file as sole input. The suggested algorithm for compression is ZIP as per RFC 4880. The compressed data will be encrypted using the escrow agent’s public key. The suggested algorithms for Public-‐key encryption are Elgamal and RSA as per RFC 4880. The suggested algorithms for Symmetric-‐key encryption are TripleDES, AES128 and CAST5 as per RFC 4880.
The file may be split as necessary if, once compressed and encrypted, it is larger than the file size limit agreed with the escrow agent. Every part of a split file, or the whole file if not split, will be called a processed file in this section.
A digital signature file will be generated for every processed file using the Registry Operator’s private key. The digital signature file will be in binary OpenPGP format as per RFC 4880 Section 9, reference 3, and will not be compressed or encrypted. The suggested algorithms for Digital signatures are DSA and RSA as per RFC 4880. The suggested algorithm for Hashes in Digital signatures is SHA256.
The processed files and digital signature files will then be transferred to the Escrow Agent through secure electronic mechanisms, such as, SFTP, SCP, HTTPS file upload, etc. as agreed between the Escrow Agent and the Registry Operator. Non-‐electronic delivery through a physical medium such as CD-‐ROMs, DVD-‐ROMs, or USB storage devices may be used if authorized by ICANN.
The Escrow Agent will then validate every (processed) transferred data file using the procedure described in Part A, Section 8 of this Appendix.
File Naming Conventions. Files will be named according to the following convention: {gTLD}_{YYYY-‐MM-‐DD}_{type}_S{#}_R{rev}.{ext} where:
{gTLD} is replaced with the gTLD name; in case of an IDN-‐TLD, the ASCII-‐ compatible form (A-‐Label) must be used;
{YYYY-‐MM-‐DD} is replaced by the date corresponding to the time used as a timeline watermark for the transactions; i.e. for the Full Deposit corresponding to 2009-‐08-‐02T00:00Z, the string to be used would be “2009-‐08-‐02”;
{type} is replaced by:
“full”, if the data represents a Full Deposit;
“diff”, if the data represents a Differential Deposit;
“thin”, if the data represents a Bulk Registration Data Access file, as specified in Section 2 of Appendix 5;
{#} is replaced by the position of the file in a series of files, beginning with “1”; in case of a lone file, this must be replaced by “1”.
{rev} is replaced by the number of revision (or resend) of the file beginning with “0”:
{ext} is replaced by “sig” if it is a digital signature file of the quasi-‐ homonymous file. Otherwise it is replaced by “ryde”.
Distribution of Public Keys. Each of Registry Operator and Escrow Agent will distribute its public key to the other party (Registry Operator or Escrow Agent, as the case may be) via email to an email address to be specified. Each party will confirm receipt of the other party’s public key with a reply email, and the distributing party will subsequently reconfirm the authenticity of the key transmitted via offline methods, like in person meeting, telephone, etc. In this way, public key transmission is authenticated to a user able to send and receive mail via a mail server operated by the distributing party. Escrow Agent, Registry Operator and ICANN will exchange public keys by the same procedure.
Notification of Deposits. Along with the delivery of each Deposit, Registry Operator will deliver to Escrow Agent and to ICANN (using the API described in draft-‐lozano-‐icann-‐registry-‐interfaces, see Part A, Section 9, reference 5 of this Appendix (the “Interface Specification”)) a written statement (which may be by authenticated e-‐mail) that includes a copy of the report generated upon creation of the Deposit and states that the Deposit has been inspected by Registry Operator and is complete and accurate. Registry Operator will include the Deposit’s “id” and “resend” attributes in its statement. The attributes are explained in Part A, Section 9, reference 1 of this Appendix.
If not already an RFC, Registry Operator will use the most recent draft version of the Interface Specification at the Effective Date. Registry Operator may at its election use newer versions of the Interface Specification after the Effective Date. Once the Interface Specification is published as an RFC, Registry Operator will implement that version of the Interface Specification, no later than one hundred eighty (180) calendar days after such publishing.
Verification Procedure.
The signature file of each processed file is validated.
If processed files are pieces of a bigger file, the latter is put together.
Each file obtained in the previous step is then decrypted and uncompressed.
Each data file contained in the previous step is then validated against the format defined in Part A, Section 9, reference 1 of this Appendix.
If Part A, Section 9, reference 1 of this Appendix includes a verification process, that will be applied at this step.
If any discrepancy is found in any of the steps, the Deposit will be considered incomplete.
References.
Domain Name Data Escrow Specification (work in progress), http://tools.ietf.org/html/draft-‐arias-‐noguchi-‐registry-‐data-‐escrow
Domain Name Registration Data (DNRD) Objects Mapping, http://tools.ietf.org/html/draft-‐arias-‐noguchi-‐dnrd-‐objects-‐mapping
OpenPGP Message Format, http://www.rfc-‐editor.org/rfc/rfc4880.txt
OpenPGP parameters,
http://www.iana.org/assignments/pgp-‐parameters/pgp-‐parameters.xhtml
ICANN interfaces for registries and data escrow agents, http://tools.ietf.org/html/draft-‐lozano-‐icann-‐registry-‐interfaces
Escrow Agent. Prior to entering into an escrow agreement, the Registry Operator must provide notice to ICANN as to the identity of the Escrow Agent, and provide ICANN with contact information and a copy of the relevant escrow agreement, and all amendments thereto. In addition, prior to entering into an escrow agreement, Registry Operator must obtain the consent of ICANN to (a) use the specified Escrow Agent, and (b) enter into the form of escrow agreement provided. ICANN must be expressly designated as a third-‐party beneficiary of the escrow agreement. ICANN reserves the right to withhold its consent to any Escrow Agent, escrow agreement, or any amendment thereto, all in its sole discretion.
Fees. Registry Operator must pay, or have paid on its behalf, fees to the Escrow Agent directly. If Registry Operator fails to pay any fee by the due date(s), the Escrow Agent will give ICANN written notice of such non-‐payment and ICANN may pay the past-‐due fee(s) within fifteen (15) calendar days after receipt of the written notice from Escrow Agent. Upon payment of the past-‐due fees by ICANN, ICANN shall have a claim for such amount against Registry Operator, which Registry Operator shall be required to submit to ICANN together with the next fee payment due under the Registry Agreement.
Ownership. Ownership of the Deposits during the effective term of the Registry Agreement shall remain with Registry Operator at all times. Thereafter, Registry Operator shall assign any such ownership rights (including intellectual property
rights, as the case may be) in such Deposits to ICANN. In the event that during the term of the Registry Agreement any Deposit is released from escrow to ICANN, any intellectual property rights held by Registry Operator in the Deposits will automatically be licensed to ICANN or to a party designated in writing by ICANN on a non-‐exclusive, perpetual, irrevocable, royalty-‐free, paid-‐up basis, for any use related to the operation, maintenance or transition of the TLD.
Integrity and Confidentiality. Escrow Agent will be required to (i) hold and maintain the Deposits in a secure, locked, and environmentally safe facility, which is accessible only to authorized representatives of Escrow Agent, (ii) protect the integrity and confidentiality of the Deposits using commercially reasonable measures and (iii) keep and safeguard each Deposit for one (1) year. ICANN and Registry Operator will be provided the right to inspect Escrow Agent’s applicable records upon reasonable prior notice and during normal business hours. Registry Operator and ICANN will be provided with the right to designate a third-‐party auditor to audit Escrow Agent’s compliance with the technical specifications and maintenance requirements of this Appendix 1 from time to time.
If Escrow Agent receives a subpoena or any other order from a court or other judicial tribunal pertaining to the disclosure or release of the Deposits, Escrow Agent will promptly notify the Registry Operator and ICANN unless prohibited by law. After notifying the Registry Operator and ICANN, Escrow Agent shall allow sufficient time for Registry Operator or ICANN to challenge any such order, which shall be the responsibility of Registry Operator or ICANN; provided, however, that Escrow Agent does not waive its rights to present its position with respect to any such order. Escrow Agent will cooperate with the Registry Operator or ICANN to support efforts to quash or limit any subpoena, at such party’s expense. Any party requesting additional assistance shall pay Escrow Agent’s standard charges or as quoted upon submission of a detailed request.
Copies. Escrow Agent may be permitted to duplicate any Deposit, in order to comply with the terms and provisions of the escrow agreement.
Release of Deposits. Escrow Agent will make available for electronic download (unless otherwise requested) to ICANN or its designee, within twenty-‐four (24) hours, at the Registry Operator’s expense, all Deposits in Escrow Agent’s possession in the event that the Escrow Agent receives a request from Registry Operator to effect such delivery to ICANN, or receives one of the following written notices by ICANN stating that:
the Registry Agreement has expired without renewal, or been terminated; or
ICANN has not received a notification as described in Part B, Sections 7.1 and 7.2 of this Appendix from Escrow Agent within five (5) calendar days
after the Deposit’s scheduled delivery date; (a) ICANN gave notice to Escrow Agent and Registry Operator of that failure; and (b) ICANN has not, within seven (7) calendar days after such notice, received the notification from Escrow Agent; or
ICANN has received notification as described in Part B, Sections 7.1 and 7.2 of this Appendix from Escrow Agent of failed verification of the latest escrow deposit for a specific date or a notification of a missing deposit, and the notification is for a deposit that should have been made on Sunday (i.e., a Full Deposit); (a) ICANN gave notice to Registry Operator of that receipt; and (b) ICANN has not, within seven (7) calendar days after such notice, received notification as described in Part B, Sections 7.1 and 7.2 of this Appendix from Escrow Agent of verification of a remediated version of such Full Deposit; or
ICANN has received five notifications from Escrow Agent within the last thirty (30) calendar days notifying ICANN of either missing or failed escrow deposits that should have been made Monday through Saturday (i.e., a Differential Deposit), and (x) ICANN provided notice to Registry Operator of the receipt of such notifications; and (y) ICANN has not, within seven (7) calendar days after delivery of such notice to Registry Operator, received notification from Escrow Agent of verification of a remediated version of such Differential Deposit; or
Registry Operator has: (i) ceased to conduct its business in the ordinary course; or (ii) filed for bankruptcy, become insolvent or anything analogous to any of the foregoing under the laws of any jurisdiction anywhere in the world; or
Registry Operator has experienced a failure of critical registry functions; or
a competent court, arbitral, legislative, or government agency mandates the release of the Deposits to ICANN; or
pursuant to contractual and operational compliance audits as specified.
Unless Escrow Agent has previously released the Registry Operator’s Deposits to ICANN or its designee, Escrow Agent will deliver all Deposits to ICANN upon expiration or termination of the Registry Agreement or the Escrow Agreement.
Verification of Deposits.
Within twenty-‐four (24) hours after receiving each Deposit or corrected Deposit, Escrow Agent must verify the format and completeness of each Deposit and deliver to ICANN a notification generated for each
Deposit. Reports will be delivered electronically using the API described in draft-‐lozano-‐icann-‐registry-‐interfaces, see Part A, Section 9, reference 5 of this Appendix.
If Escrow Agent discovers that any Deposit fails the verification procedures or if Escrow Agent does not receive any scheduled Deposit, Escrow Agent must notify Registry Operator either by email, fax or phone and ICANN (using the API described in draft-‐lozano-‐icann-‐registry-‐interfaces, see Part A, Section 9, reference 5 of this Appendix) of such nonconformity or non-‐ receipt within twenty-‐four (24) hours after receiving the non-‐conformant Deposit or the deadline for such Deposit, as applicable. Upon notification of such verification or delivery failure, Registry Operator must begin developing modifications, updates, corrections, and other fixes of the Deposit necessary for the Deposit to be delivered and pass the verification procedures and deliver such fixes to Escrow Agent as promptly as possible.
Amendments. Escrow Agent and Registry Operator shall amend the terms of the Escrow Agreement to conform to this Appendix 1 within ten (10) calendar days of any amendment or modification to this Appendix 1. In the event of a conflict between this Appendix 1 and the Escrow Agreement, this Appendix 1 shall control.
Indemnity. Escrow Agent shall indemnify and hold harmless Registry Operator and ICANN, and each of their respective directors, officers, agents, employees, members, and stockholders (“Indemnitees”) absolutely and forever from and against any and all claims, actions, damages, suits, liabilities, obligations, costs, fees, charges, and any other expenses whatsoever, including reasonable attorneys’ fees and costs, that may be asserted by a third party against any Indemnitee in connection with the misrepresentation, negligence or misconduct of Escrow Agent, its directors, officers, agents, employees and contractors.
user. Such user information will include, without limitation, company name, contact name, address, telephone number, facsimile number, email address and IP address.
with <zone>.zone.gz.md5 and <zone>.zone.gz.sig to verify downloads. If the Registry Operator (or the CZDA Provider) also provides historical data, it will use the naming pattern <zone>-‐ yyyymmdd.zone.gz, etc.
Each record must include all fields in one line as: <domain-‐ name> <TTL> <class> <type> <RDATA>.
Class and Type must use the standard mnemonics and must be in lower case.
TTL must be present as a decimal integer.
Use of /X and /DDD inside domain names is allowed.
All domain names must be in lower case.
Must use exactly one tab as separator of fields inside a record.
All domain names must be fully qualified.
No $ORIGIN directives.
No use of “@” to denote current origin.
No use of “blank domain names” at the beginning of a record to continue the use of the domain name in the previous record.
No $INCLUDE directives.
No $TTL directives.
No use of parentheses, e.g., to continue the list of fields in a record across a line boundary.
No use of comments.
No blank lines.
The SOA record should be present at the top and (duplicated at) the end of the zone file.
With the exception of the SOA record, all the records in a file must be in alphabetical order.
One zone per file. If a TLD divides its DNS data into multiple zones, each goes into a separate file named as above, with all the files combined using tar into a file called <tld>.zone.tar.
Registry Operator shall provide one set of monthly reports per gTLD, using the API described in draft-‐lozano-‐icann-‐registry-‐interfaces, see Appendix 1, Part A, Section 9, reference 5, with the following content.
ICANN may request in the future that the reports be delivered by other means and using other formats. ICANN will use reasonable commercial efforts to preserve the confidentiality of the information reported until three (3) months after the end of the month to which the reports relate. Unless set forth in this Appendix 4, any reference to a specific time refers to Coordinated Universal Time (UTC). Monthly reports shall consist of data that reflects the state of the registry at the end of the month (UTC).
Field # | Field name | Description |
01 | registrar-‐name | Registrar’s full corporate name as registered with IANA |
02 | iana-‐id | |
03 | total-‐domains | total domain names under sponsorship in any EPP status but pendingCreate that have not been purged |
04 | total-‐nameservers | total name servers (either host objects or name server hosts as domain name attributes) associated with domain names registered for the TLD in any EPP status but pendingCreate that have not been purged |
05 | net-‐adds-‐1-‐yr | number of domains successfully registered (i.e., not in EPP pendingCreate status) with an initial term of one (1) year (and not deleted within the add grace period). A transaction must be reported in the month the add grace period ends. |
06 | net-‐adds-‐2-‐yr | number of domains successfully registered (i.e., not in EPP pendingCreate status) with an initial term of two(2) |
years (and not deleted within the add grace period). A transaction must be reported in the month the add grace period ends. | ||
07 | net-‐adds-‐3-‐yr | number of domains successfully registered (i.e., not in EPP pendingCreate status) with an initial term of three (3) years (and not deleted within the add grace period). A transaction must be reported in the month the add grace period ends. |
08 | net-‐adds-‐4-‐yr | number of domains successfully registered (i.e., not in EPP pendingCreate status) with an initial term of four (4) years (and not deleted within the add grace period). A transaction must be reported in the month the add grace period ends. |
09 | net-‐adds-‐5-‐yr | number of domains successfully registered (i.e., not in EPP pendingCreate status) with an initial term of five (5) years (and not deleted within the add grace period). A transaction must be reported in the month the add grace period ends. |
10 | net-‐adds-‐6-‐yr | number of domains successfully registered (i.e., not in EPP pendingCreate status) with an initial term of six (6) years (and not deleted within the add grace period). A transaction must be reported in the month the add grace period ends. |
11 | net-‐adds-‐7-‐yr | number of domains successfully registered (i.e., not in EPP pendingCreate status) with an initial term of seven (7) years (and not deleted within the add grace period). A transaction must be reported in the month the add grace period ends. |
12 | net-‐adds-‐8-‐yr | number of domains successfully registered (i.e., not in EPP pendingCreate status) with an initial term of eight (8) years (and not deleted within the add grace period). A transaction must be reported in the month the add grace period ends. |
13 | net-‐adds-‐9-‐yr | number of domains successfully registered (i.e., not in EPP pendingCreate status) with an initial term of nine (9) years (and not deleted within the add grace period). A transaction must be reported in the month the add grace period ends. |
14 | net-‐adds-‐10-‐yr | number of domains successfully registered (i.e., not in EPP pendingCreate status) with an initial term of ten (10) years (and not deleted within the add grace |
period). A transaction must be reported in the month the add grace period ends. | ||
15 | net-‐renews-‐1-‐yr | number of domains successfully renewed (i.e., not in EPP pendingRenew status) either automatically or by command with a new renewal period of one (1) year (and not deleted within the renew or auto-‐renew grace period). A transaction must be reported in the month the renew or auto-‐renew grace period ends. |
16 | net-‐renews-‐2-‐yr | number of domains successfully renewed (i.e., not in EPP pendingRenew status) either automatically or by command with a new renewal period of two (2) years (and not deleted within the renew or auto-‐renew grace period). A transaction must be reported in the month the renew or auto-‐renew grace period ends. |
17 | net-‐renews-‐3-‐yr | number of domains successfully renewed (i.e., not in EPP pendingRenew status) either automatically or by command with a new renewal period of three (3) years (and not deleted within the renew or auto-‐renew grace period). A transaction must be reported in the month the renew or auto-‐renew grace period ends. |
18 | net-‐renews-‐4-‐yr | number of domains successfully renewed (i.e., not in EPP pendingRenew status) either automatically or by command with a new renewal period of four (4) years (and not deleted within the renew or auto-‐renew grace period). A transaction must be reported in the month the renew or auto-‐renew grace period ends. |
19 | net-‐renews-‐5-‐yr | number of domains successfully renewed (i.e., not in EPP pendingRenew status) either automatically or by command with a new renewal period of five (5) years (and not deleted within the renew or auto-‐renew grace period). A transaction must be reported in the month the renew or auto-‐renew grace period ends. |
20 | net-‐renews-‐6-‐yr | number of domains successfully renewed (i.e., not in EPP pendingRenew status) either automatically or by command with a new renewal period of six (6) years (and not deleted within the renew or auto-‐renew grace period). A transaction must be reported in the month the renew or auto-‐renew grace period ends. |
21 | net-‐renews-‐7-‐yr | number of domains successfully renewed (i.e., not in EPP pendingRenew status) either automatically or by command with a new renewal period of seven (7) |
years (and not deleted within the renew or auto-‐renew grace period). A transaction must be reported in the month the renew or auto-‐renew grace period ends. | ||
22 | net-‐renews-‐8-‐yr | number of domains successfully renewed (i.e., not in EPP pendingRenew status) either automatically or by command with a new renewal period of eight (8) years (and not deleted within the renew or auto-‐renew grace period). A transaction must be reported in the month the renew or auto-‐renew grace period ends. |
23 | net-‐renews-‐9-‐yr | number of domains successfully renewed (i.e., not in EPP pendingRenew status) either automatically or by command with a new renewal period of nine (9) years (and not deleted within the renew or auto-‐renew grace period). A transaction must be reported in the month the renew or auto-‐renew grace period ends. |
24 | net-‐renews-‐10-‐yr | number of domains successfully renewed (i.e., not in EPP pendingRenew status) either automatically or by command with a new renewal period of ten (10) years (and not deleted within the renew or auto-‐renew grace period). A transaction must be reported in the month the renew or auto-‐renew grace period ends. |
25 | transfer-‐gaining-‐successful | number of domain transfers initiated by this registrar that were successfully completed (either explicitly or automatically approved) and not deleted within the transfer grace period. A transaction must be reported in the month the transfer grace period ends. |
26 | transfer-‐gaining-‐nacked | number of domain transfers initiated by this registrar that were rejected (e.g., EPP transfer op="reject") by the other registrar |
27 | transfer-‐losing-‐successfully | number of domain transfers initiated by another registrar that were successfully completed (either explicitly or automatically approved) |
28 | transfer-‐losing-‐nacked | number of domain transfers initiated by another registrar that this registrar rejected (e.g., EPP transfer op="reject") |
29 | transfer-‐disputed-‐won | number of transfer disputes in which this registrar prevailed (reported in the month where the determination happened) |
30 | transfer-‐disputed-‐lost | number of transfer disputes this registrar lost (reported in the month where the determination happened) |
31 | transfer-‐disputed-‐ nodecision | number of transfer disputes involving this registrar with a split or no decision (reported in the month where the determination happened) |
32 | deleted-‐domains-‐grace | domains deleted within the add grace period (does not include names deleted while in EPP pendingCreate status). A deletion must be reported in the month the name is purged. |
33 | deleted-‐domains-‐nograce | domains deleted outside the add grace period (does not include names deleted while in EPP pendingCreate status). A deletion must be reported in the month the name is purged. |
34 | restored-‐domains | domain names restored from redemption period |
35 | restored-‐noreport | total number of restored names for which the registrar failed to submit a restore report |
36 | agp-‐exemption-‐requests | total number of AGP (add grace period) exemption requests |
37 | agp-‐exemptions-‐granted | total number of AGP (add grace period) exemption requests granted |
38 | agp-‐exempted-‐domains | total number of names affected by granted AGP (add grace period) exemption requests |
39 | attempted-‐adds | number of attempted (both successful and failed) domain name create commands |
The first line shall include the field names exactly as described in the table above as a “header line” as described in section 2 of RFC 4180. The last line of each report shall include totals for each column across all registrars; the first field of this line shall read “Totals” while the second field shall be left empty in that line. No other lines besides the ones described above shall be included. Line breaks shall be <U+000D, U+000A> as described in RFC 4180.
reported. The file shall contain the following fields:
Field # | Field Name | Description |
01 | operational-‐registrars | number of operational registrars at the end of the reporting period |
02 | ramp-‐up-‐registrars | number of registrars that have received a |
Field # | Field Name | Description |
password for access to OT&E at the end of the reporting period | ||
03 | pre-‐ramp-‐up-‐registrars | number of registrars that have requested access, but have not yet entered the ramp-‐up period at the end of the reporting period |
04 | zfa-‐passwords | number of active zone file access passwords at the end of the reporting period |
05 | whois-‐43-‐queries | number of WHOIS (port-‐43) queries responded during the reporting period |
06 | web-‐whois-‐queries | number of Web-‐based Whois queries responded during the reporting period, not including searchable Whois |
07 | searchable-‐whois-‐ queries | number of searchable Whois queries responded during the reporting period, if offered |
08 | dns-‐udp-‐queries-‐ received | number of DNS queries received over UDP transport during the reporting period |
09 | dns-‐udp-‐queries-‐ responded | number of DNS queries received over UDP transport that were responded during the reporting period |
10 | dns-‐tcp-‐queries-‐received | number of DNS queries received over TCP transport during the reporting period |
11 | dns-‐tcp-‐queries-‐ responded | number of DNS queries received over TCP transport that were responded during the reporting period |
12 | srs-‐dom-‐check | number of SRS (EPP and any other interface) domain name “check” requests responded during the reporting period |
13 | srs-‐dom-‐create | number of SRS (EPP and any other interface) domain name “create” requests responded during the reporting period |
14 | srs-‐dom-‐delete | number of SRS (EPP and any other interface) domain name “delete” requests responded during the reporting period |
15 | srs-‐dom-‐info | number of SRS (EPP and any other interface) domain name “info” requests responded during the reporting period |
16 | srs-‐dom-‐renew | number of SRS (EPP and any other interface) |
Field # | Field Name | Description |
domain name “renew” requests responded during the reporting period | ||
17 | srs-‐dom-‐rgp-‐restore-‐ report | number of SRS (EPP and any other interface) domain name RGP “restore” requests delivering a restore report responded during the reporting period |
18 | srs-‐dom-‐rgp-‐restore-‐ request | number of SRS (EPP and any other interface) domain name RGP “restore” requests responded during the reporting period |
19 | srs-‐dom-‐transfer-‐ approve | number of SRS (EPP and any other interface) domain name “transfer” requests to approve transfers responded during the reporting period |
20 | srs-‐dom-‐transfer-‐cancel | number of SRS (EPP and any other interface) domain name “transfer” requests to cancel transfers responded during the reporting period |
21 | srs-‐dom-‐transfer-‐query | number of SRS (EPP and any other interface) domain name “transfer” requests to query about a transfer responded during the reporting period |
22 | srs-‐dom-‐transfer-‐reject | number of SRS (EPP and any other interface) domain name “transfer” requests to reject transfers responded during the reporting period |
23 | srs-‐dom-‐transfer-‐ request | number of SRS (EPP and any other interface) domain name “transfer” requests to request transfers responded during the reporting period |
24 | srs-‐dom-‐update | number of SRS (EPP and any other interface) domain name “update” requests (not including RGP restore requests) responded during the reporting period |
25 | srs-‐host-‐check | number of SRS (EPP and any other interface) host “check” requests responded during the reporting period |
26 | srs-‐host-‐create | number of SRS (EPP and any other interface) host “create” requests responded during the reporting period |
27 | srs-‐host-‐delete | number of SRS (EPP and any other interface) host “delete” requests responded during the reporting period |
28 | srs-‐host-‐info | number of SRS (EPP and any other interface) host |
Field # | Field Name | Description |
“info” requests responded during the reporting period | ||
29 | srs-‐host-‐update | number of SRS (EPP and any other interface) host “update” requests responded during the reporting period |
30 | srs-‐cont-‐check | number of SRS (EPP and any other interface) contact “check” requests responded during the reporting period |
31 | srs-‐cont-‐create | number of SRS (EPP and any other interface) contact “create” requests responded during the reporting period |
32 | srs-‐cont-‐delete | number of SRS (EPP and any other interface) contact “delete” requests responded during the reporting period |
33 | srs-‐cont-‐info | number of SRS (EPP and any other interface) contact “info” requests responded during the reporting period |
34 | srs-‐cont-‐transfer-‐ approve | number of SRS (EPP and any other interface) contact “transfer” requests to approve transfers responded during the reporting period |
35 | srs-‐cont-‐transfer-‐cancel | number of SRS (EPP and any other interface) contact “transfer” requests to cancel transfers responded during the reporting period |
36 | srs-‐cont-‐transfer-‐query | number of SRS (EPP and any other interface) contact “transfer” requests to query about a transfer responded during the reporting period |
37 | srs-‐cont-‐transfer-‐reject | number of SRS (EPP and any other interface) contact “transfer” requests to reject transfers responded during the reporting period |
38 | srs-‐cont-‐transfer-‐request | number of SRS (EPP and any other interface) contact “transfer” requests to request transfers responded during the reporting period |
39 | srs-‐cont-‐update | number of SRS (EPP and any other interface) contact “update” requests responded during the reporting period |
The first line shall include the field names exactly as described in the table above as a “header line” as described in section 2 of RFC 4180. No other lines besides the ones
described above shall be included. Line breaks shall be <U+000D, U+000A> as described in RFC 4180.
For gTLDs that are part of a single-‐instance Shared Registry System, the Registry Functions Activity Report may include the total contact or host transactions for all the gTLDs in the system.
Registration Data Directory Services. Until ICANN requires a different protocol, Registry Operator will operate a WHOIS service available via port 43 in accordance with RFC 3912, and a web-‐based Directory Service at <whois.nic.TLD> providing free public query-‐based access to at least the following elements in the following format. ICANN reserves the right to specify alternative formats and protocols, and upon such specification, the Registry Operator will implement such alternative specification as soon as reasonably practicable.
Registry Operator shall implement a new standard supporting access to domain name registration data (SAC 051) no later than one hundred thirty-‐five (135) days after it is requested by ICANN if: 1) the IETF produces a standard (i.e., it is published, at least, as a Proposed Standard RFC as specified in RFC 2026); and 2) its implementation is commercially reasonable in the context of the overall operation of the registry.
The format of responses shall follow a semi-‐free text format outline below, followed by a blank line and a legal disclaimer specifying the rights of Registry Operator, and of the user querying the database.
Each data object shall be represented as a set of key/value pairs, with lines beginning with keys, followed by a colon and a space as delimiters, followed by the value.
For fields where more than one value exists, multiple key/value pairs with the same key shall be allowed (for example to list multiple name servers). The first key/value pair after a blank line should be considered the start of a new record, and should be considered as identifying that record, and is used to group data, such as hostnames and IP addresses, or a domain name and registrant information, together.
The fields specified below set forth the minimum output requirements. Registry Operator may output data fields in addition to those specified below, subject to approval by ICANN, which approval shall not be unreasonably withheld.
Domain Name: EXAMPLE.TLD Domain ID: D1234567-‐TLD
WHOIS Server: whois.example.tld Referral URL: http://www.example.tld Updated Date: 2009-‐05-‐29T20:13:00Z Creation Date: 2000-‐10-‐08T00:45:00Z
Registry Expiry Date: 2010-‐10-‐08T00:44:59Z Sponsoring Registrar: EXAMPLE REGISTRAR LLC Sponsoring Registrar IANA ID: 5555555 Domain Status: clientDeleteProhibited
Domain Status: clientRenewProhibited Domain Status: clientTransferProhibited Domain Status: serverUpdateProhibited Registrant ID: 5372808-‐ERL
Registrant Name: EXAMPLE REGISTRANT Registrant Organization: EXAMPLE ORGANIZATION Registrant Street: 123 EXAMPLE STREET
Registrant City: ANYTOWN Registrant State/Province: AP Registrant Postal Code: A1A1A1 Registrant Country: EX
Registrant Phone: +1.5555551212 Registrant Phone Ext: 1234 Registrant Fax: +1.5555551213 Registrant Fax Ext: 4321
Registrant Email: EMAIL@EXAMPLE.TLD Admin ID: 5372809-‐ERL
Admin Name: EXAMPLE REGISTRANT ADMINISTRATIVE
Admin Organization: EXAMPLE REGISTRANT ORGANIZATION Admin Street: 123 EXAMPLE STREET
Admin City: ANYTOWN Admin State/Province: AP Admin Postal Code: A1A1A1 Admin Country: EX
Admin Phone: +1.5555551212 Admin Phone Ext: 1234 Admin Fax: +1.5555551213
Admin Fax Ext:
Admin Email: EMAIL@EXAMPLE.TLD Tech ID: 5372811-‐ERL
Tech Name: EXAMPLE REGISTRAR TECHNICAL
Tech Organization: EXAMPLE REGISTRAR LLC Tech Street: 123 EXAMPLE STREET
Tech City: ANYTOWN Tech State/Province: AP Tech Postal Code: A1A1A1
Tech Country: EX
Tech Phone: +1.1235551234 Tech Phone Ext: 1234
Tech Fax: +1.5555551213
Tech Fax Ext: 93
Name Server: NS01.EXAMPLEREGISTRAR.TLD Name Server: NS02.EXAMPLEREGISTRAR.TLD
DNSSEC: signedDelegation DNSSEC: unsigned
>>> Last update of WHOIS database: 2009-‐05-‐29T20:15:00Z <<<
Registrar Name: Example Registrar, Inc. Street: 1234 Admiralty Way
City: Marina del Rey State/Province: CA Postal Code: 90292 Country: US
Phone Number: +1.3105551212
Fax Number: +1.3105551213 Email: registrar@example.tld
WHOIS Server: whois.example-‐registrar.tld Referral URL: http://www.example-‐registrar.tld Admin Contact: Joe Registrar
Phone Number: +1.3105551213
Fax Number: +1.3105551213
Email: joeregistrar@example-‐registrar.tld Admin Contact: Jane Registrar
Phone Number: +1.3105551214
Fax Number: +1.3105551213
Email: janeregistrar@example-‐registrar.tld Technical Contact: John Geek
Phone Number: +1.3105551215
Fax Number: +1.3105551216
Email: johngeek@example-‐registrar.tld
>>> Last update of WHOIS database: 2009-‐05-‐29T20:15:00Z <<<
Server Name: NS1.EXAMPLE.TLD IP Address: 192.0.2.123
IP Address: 2001:0DB8::1
Registrar: Example Registrar, Inc.
WHOIS Server: whois.example-‐registrar.tld Referral URL: http://www.example-‐registrar.tld
>>> Last update of WHOIS database: 2009-‐05-‐29T20:15:00Z <<<
Contact ID: 5372808-‐ERL Name: EXAMPLE REGISTRANT
Organization: EXAMPLE ORGANIZATION Street: 123 EXAMPLE STREET
City: ANYTOWN
State/Province: AP Postal Code: A1A1A1 Country: EX
Phone: +1.5555551212
Phone Ext: 1234
Fax: +1.5555551213
Fax Ext: 4321
>>> Last update of WHOIS database: 2009-‐05-‐29T20:15:00Z <<<
The format of the following data fields: domain status, individual and organizational names, address, street, city, state/province, postal code, country, telephone and fax numbers (the extension will be provided as a separate field as shown above), email addresses, date and times should conform to the mappings specified in EPP RFCs 5730-‐5734 so that the display of this information (or values return in WHOIS responses) can be uniformly processed and understood.
In order to be compatible with ICANN’s common interface for WHOIS (InterNIC), WHOIS output shall be in the format outline above.
Registry Operator will offer searchability on the web-‐based Directory Service.
Registry Operator will offer partial match capabilities, at least, on the following fields: domain name, contacts and registrant’s name, and contact and registrant’s postal address, including all the sub-‐ fields described in EPP (e.g., street, city, state or province, etc.).
Registry Operator will offer exact-‐match capabilities, at least, on the following fields: registrar id, name server name, and name server’s IP address (only applies to IP addresses stored by the registry, i.e., glue records).
Registry Operator will offer Boolean search capabilities supporting, at least, the following logical operators to join a set of search criteria: AND, OR, NOT.
Search results will include domain names matching the search criteria.
Registry Operator will: 1) implement appropriate measures to avoid abuse of this feature (e.g., permitting access only to legitimate authorized users); and 2) ensure the feature is in compliance with any applicable privacy laws or policies.
Registry Operator shall provide a link on the primary website for the TLD (i.e., the website provided to ICANN for publishing on the ICANN website) to a web page designated by ICANN containing WHOIS policy and educational materials.
2.1.3 of this Appendix 5 and do so using the file format described in Section 2.1.4 of this Appendix 5. Notwithstanding the foregoing, (a) the CZDA Provider may reject the request for access of any user that does not satisfy the credentialing requirements in Section 2.1.2 below; (b) Registry Operator may reject the request for access of any user that does not provide correct or legitimate credentials under Section 2.1.2 below or where Registry Operator reasonably believes will violate the terms of Section 2.1.5. below; and, (c) Registry Operator may revoke access of any user if Registry Operator has evidence to support that the user has violated the terms of Section 2.1.5 below.
Each record must include all fields in one line as: <domain-‐name> <TTL>
<class> <type> <RDATA>.
Class and Type must use the standard mnemonics and must be in lower case.
TTL must be present as a decimal integer.
Use of /X and /DDD inside domain names is allowed.
All domain names must be in lower case.
Must use exactly one tab as separator of fields inside a record.
All domain names must be fully qualified.
No $ORIGIN directives.
No use of “@” to denote current origin.
No use of “blank domain names” at the beginning of a record to continue the use of the domain name in the previous record.
No $INCLUDE directives.
No $TTL directives.
No use of parentheses, e.g., to continue the list of fields in a record across a line boundary.
No use of comments.
No blank lines.
The SOA record should be present at the top and (duplicated at) the end of the zone file.
With the exception of the SOA record, all the records in a file must be in alphabetical order.
One zone per file. If a TLD divides its DNS data into multiple zones, each goes into a separate file named as above, with all the files combined using tar into a file called <tld>.zone.tar.
and disclosure of the data and (b) under no circumstances will Registry Operator be required or permitted to allow user to use the data to, (i) allow, enable, or otherwise support the transmission by email, telephone, or facsimile of mass unsolicited, commercial advertising or solicitations to entities other than user’s own existing customers, or (ii) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator or any ICANN-‐accredited registrar.
Definitions
Service Level Agreement Matrix
Parameter | SLR (monthly basis) | |
DNS | DNS service availability | 0 min downtime = 100% availability |
DNS name server availability | 432 min of downtime ( 99%) | |
TCP DNS resolution RTT | 1500 ms, for at least 95% of the queries | |
UDP DNS resolution RTT | 500 ms, for at least 95% of the queries | |
DNS update time | 60 min, for at least 95% of the probes |
RDDS | RDDS availability | 864 min of downtime ( 98%) |
RDDS query RTT | 2000 ms, for at least 95% of the queries | |
RDDS update time | 60 min, for at least 95% of the probes | |
EPP | EPP service availability | 864 min of downtime ( 98%) |
EPP session-‐command RTT | 4000 ms, for at least 90% of the commands | |
EPP query-‐command RTT | 2000 ms, for at least 90% of the commands | |
EPP transform-‐command RTT | 4000 ms, for at least 90% of the commands |
Registry Operator is encouraged to do maintenance for the different services at the times and dates of statistically lower traffic for each service. However, note that there is no provision for planned outages or similar periods of unavailable or slow service; any downtime, be it for maintenance or due to system failures, will be noted simply as downtime and counted for SLA purposes.
DNS
than the time specified in the relevant SLR, the RTT will be considered undefined.
will be considered inconclusive; during this situation no fault will be flagged against the SLRs.
EPP
2.9.3 of EPP RFC 5730. If the RTT is 5 times or more the corresponding SLR, the RTT will be considered undefined.
Emergency Thresholds
The following matrix presents the emergency thresholds that, if reached by any of the services mentioned above for a TLD, would cause the emergency transition of the Registry for the TLD as specified in Section 3.1(d)(ii) of this Agreement.
Critical Function | Emergency Threshold |
DNS Service (all servers) | 4-‐hour total downtime / week |
DNSSEC proper resolution | 4-‐hour total downtime / week |
EPP | 24-‐hour total downtime / week |
RDDS (WHOIS/Web-‐based WHOIS) | 24-‐hour total downtime / week |
Data Escrow | Breach of the Registry Agreement as described in Appendix 2, Part B, Section 6. |
Emergency Escalation
Escalation is strictly for purposes of notifying and investigating possible or potential issues in relation to monitored services. The initiation of any escalation and the subsequent cooperative investigations do not in themselves imply that a monitored service has failed its performance requirements.
Escalations shall be carried out between ICANN and Registry Operators, Registrars and Registry Operator, and Registrars and ICANN. Registry Operators and ICANN must provide said emergency operations departments. Current contacts must be maintained between ICANN and Registry Operators and published to Registrars, where relevant to their role in escalations, prior to any processing of an Emergency Escalation by all related parties, and kept current at all times.
Upon reaching 10% of the Emergency thresholds as described in Section 6 of this Appendix, ICANN’s emergency operations will initiate an Emergency Escalation with the relevant Registry Operator. An Emergency Escalation consists of the following minimum elements: electronic (i.e., email or SMS) and/or voice contact notification to the Registry Operator’s emergency operations department with detailed information concerning the issue being escalated, including evidence of monitoring failures, cooperative trouble-‐ shooting of the monitoring failure between ICANN staff and the Registry Operator, and the commitment to begin the process of rectifying issues with either the monitoring service or the service being monitoring.
Registry Operator will maintain an emergency operations department prepared to handle emergency requests from registrars. In the event that a registrar is unable to conduct EPP transactions with the registry for the TLD because of a fault with the Registry Service and is unable to either contact (through ICANN mandated methods of communication) the Registry Operator, or the Registry Operator is unable or unwilling to address the fault, the registrar may initiate an emergency escalation to the emergency operations department of ICANN. ICANN then may initiate an emergency escalation with the Registry Operator as explained above.
In the event that a Registry Operator plans maintenance, it will provide notice to the ICANN emergency operations department, at least, twenty-‐four (24) hours ahead of that maintenance. ICANN’s emergency operations department will note planned maintenance times, and suspend Emergency Escalation services for the monitored services during the expected maintenance outage period.
If Registry Operator declares an outage, as per its contractual obligations with ICANN, on services under a service level agreement and performance requirements, it will notify the ICANN emergency operations department. During that declared outage, ICANN’s emergency operations department will note and suspend emergency escalation services for the monitored services involved.
Covenants of Performance Measurement
DNSSEC
Registry Operator shall sign its TLD zone files implementing Domain Name System Security Extensions (“DNSSEC”). During the Term, Registry Operator shall comply with RFCs 4033, 4034, 4035, 4509 and their successors, and follow the best practices described in RFC 4641 and its successors. If Registry Operator implements Hashed Authenticated Denial of Existence for DNS Security Extensions, it shall comply with RFC 5155 and its
successors. Registry Operator shall accept public-‐key material from child domain names in a secure manner according to industry best practices. Registry shall also publish in its website the DNSSEC Practice Statements (DPS) describing critical security controls and procedures for key material storage, access and usage for its own keys and secure acceptance of registrants’ public-‐key material. Registry Operator shall publish its DPS following the format described in RFC 6841.