The Internet Corporation for Assigned Names and Numbers and ICM Registry LLC agree, effective as of (“Amendment Effective Date”), that the modifications set forth below are now made to the 30 March 2011Registry Agreement (“Agreement”).
Section 3.1 (c)(i) of the Agreement is deleted in its entirety and replaced as follows:
3.1 (c)(i) Data Escrow. Registry Operator shall comply with the registry data escrow procedures set forth in Appendix 1 attached hereto (“Appendix 1”).
Section 3.1 (c)(iii) of the Agreement is deleted in its entirety and replaced as follows:
3.1 (c)(iii) Bulk Zone File Access. Registry Operator shall comply with the registry bulk zone file access procedures set forth in Appendix 3 attached hereto (“Appendix 3”).
Appendix 1 is deleted in its entirety and replaced in the form attached to this Amendment.
Appendix 2, subject to the provisions of clause IX of this Amendment set forth below, will be deleted in its entirety and hereinafter forever labeled as “RESERVED.”
Appendix 3 is deleted in its entirety and replaced in the form attached to this Amendment.
Appendix 4 is deleted in its entirety and replaced in the form attached to this Amendment.
The subsection in Appendix 5 (“Whois Specification”) entitled "Whois Provider Data Specification" is deleted in its entirety and replaced as follows:
Bulk Registration Data Access to ICANN
Periodic Access to Thin Registration Data. In order to verify and ensure the operational stability of Registry Services as well as to facilitate compliance checks on accredited registrars, Registry Operator will provide ICANN on a weekly basis (the day to be designated by ICANN) with up-to-date Registration Data as specified below. Data will include data committed as of 00:00:00 UTC on the day previous to the one designated for retrieval by ICANN.
Contents. Registry Operator will provide, at least, the following data for all registered domain names: domain name, domain name repository object id (roid), registrar id (IANA ID), statuses, last updated date, creation date, expiration date, and name server names. For sponsoring registrars, at least, it will provide: registrar name, registrar repository object id (roid), hostname of registrar Whois server, and URL of registrar.
Format. The data will be provided in the format specified in Appendix 1 for Data Escrow (including encryption, signing, etc.) but including only the fields mentioned in the previous section, i.e., the file will only contain Domain and Registrar objects with the fields mentioned above. Registry Operator has the option to provide a full deposit file instead as specified in Appendix 1.
Access. Registry Operator will have the file(s) ready for download as of 00:00:00 UTC on the day designated for retrieval by ICANN. The file(s) will be made available for download by SFTP, though ICANN may request other means in the future.
Exceptional Access to Thick Registration Data. In case of a registrar failure, de-accreditation, court order, etc. that prompts the temporary or definitive transfer of its domain names to another registrar, at the request of ICANN, Registry Operator will provide ICANN with up-to- date data for the domain names of the losing registrar. The data will be provided in the format specified in Appendix 1 for Data Escrow. The file will only contain data related to the domain names of the losing registrar. Registry Operator will provide the data as soon as commercially practicable, but in no event later than five (5) calendar days following ICANN’s request. Unless otherwise agreed by Registry Operator and ICANN, the file will be made available for download by ICANN in the same manner as the data specified in Section 1 of this section above.
Part 6 of Appendix S is deleted in its entirety and replaced as follows:
Provision of a WHOIS database for the sTLD will assist registrants and appointed contact persons for associated registrations to protect their rights to use the registered domain names.
Registry Operator shall implement a new standard supporting access to domain name registration data (SAC 051) no later than one hundred thirty-five (135) days after it is requested by ICANN if: 1) the IETF produces a standard (i.e., it is published, at least, as a Proposed Standard RFC as specified in RFC 2026); and 2) its implementation is commercially reasonable in the context of the overall operation of the registry.
Subject to any future policy regarding WHOIS data adopted by ICANN, domain name registrants will be required to provide correct contact information and, as permitted by applicable law, consent to selected information being made public for legitimate purposes.
A participating registrar, at the registrar's expense, will be required to provide those wishing to query the WHOIS database (other than for marketing purposes or other purposes contrary to sTLD policy) with access to complete and up-to-date data for each registered domain name record (subject to applicable privacy policies) including, but not limited to the following:
Domain name and the TLD in which the domain name is registered;
Status of the domain name, e.g., "on hold" or "pending delete";
Registrant's name and postal address;
Administrative/technical contacts' name, postal address, e-mail address, telephone number and (if any) facsimile number;
Original Create Date, expiration date and date on which the database was last updated;
Internet Protocol addresses and corresponding names of primary and secondary
Name servers for the domain name; and
Registrar's identification information.
In order to assist complainants under the UDRP to determine whether a pattern of "bad faith" has been demonstrated by a particular registrant, the information set forth above will be available on a publicly accessible database, subject to applicable privacy policies, which will be searchable by domain name, registrant's name, registrant's postal address, contacts' names, Registrars Contact IDs and Internet Protocol address without arbitrary limit. In order to provide an effective WHOIS database, Boolean search capabilities may be offered.
Registrars will be required to participate in the operation of a cross-registry WHOIS database, which will provide searching capabilities and access to all information concerning domain name registrations regardless of which TLD the domain name is registered in or which registrar processed the domain name application.
Registry Operator will require the registrars to adhere to a compliance review policy. As part of that policy, each registrar will be required to designate a contact point to which evidence of false or fraudulent contact data may be reported. Registrars will institute procedures for investigating claims that registrations may contain false information, and for registrations found to contain false information, requiring their speedy and efficient correction, or otherwise cancellation.
Interested third parties may invoke these procedures.
Registry Operator will provide RFC3912-conformant WHOIS service. This Appendix is subject to change by agreement of Registry Operator and ICANN during the design process as well as during the IETF standards process. However, the following provides the target architecture and initial functionality.
The standard WHOIS service is intended as a lookup service for registries, registrars, registrants, as well as for other individuals and businesses that wish to query details of domain names or nameservers stored in the registry. The standard WHOIS service will provide a central location for all authoritative .XXX TLD data. The registry provides a front-end web interface to allow convenient user access to the WHOIS service.
The RFC3912-conformant WHOIS service will be engineered to handle moderate transaction load and be integral to the standard suite of Registry Services. The WHOIS service will return a single response per domain name or nameserver query. The RFC3912-conformant WHOIS service will conform to the requirements of Appendix 5.
The RFC3912-conformant service provided by the registry will have the following features:
Standard protocol accessible over port 43 on "whois.nic.xxx".
Batch-style or near real time updates.
Additional fields capability.
WHOIS Service Data Elements
The format of responses shall follow a semi-free text format outline below, optionally followed by a blank line and a legal disclaimer specifying the rights of Registry Operator, and of the user querying the database.
Each data object shall be represented as a set of key/value pairs, with lines beginning with keys, followed by a colon and a space as a delimiters, followed by the value.
For fields where more than one value exists, multiple key/value pairs with the same key shall be allowed (for example to list multiple name servers). The first key/value pair after a blank line should be considered the start of a new record, and should be considered as identifying that record, and is used to group data, such as hostnames and IP addresses, or a domain name and registrant information, together.
The format of the following data fields: domain status, individual and organizational names, street, city, state/province, postal code, country, telephone and fax numbers, email addresses, date and times should conform to the mappings specified in EPP RFCs 5730-
5734 so that the display of this information (or values return in WHOIS responses) can be uniformly processed and understood.
Registry Operator shall make reasonable efforts to update the data continuously as requests are processed, in a matter of seconds or minutes. The typical update cycle will be 30 seconds but may be different depending on performance considerations. Registry Operator shall ensure that records in the WHOIS server are updated no later than 24 hours after the completion of the registration or modification transaction with the registrar.
If necessary, Registry Operator may introduce some additional fields to the list of WHOIS fields. Those fields will be preceded and identified by appropriate tags.
Registry Operator may introduce the optional ability to associate privacy labels to a record in the Registry Database. These fields would appear in an "additional information" section of the WHOIS data. The maximum number of custom fields allowed per record is yet to be determined. The privacy label capability allows certain data to be associated with an indication of any special disclosure or handling restrictions. This characteristic may be used e.g. to comply with potential legal or regulatory obligations.
The following keywords restrict a search to specific object type:
Domain: Search only by domain objects. The input string is searched in the Name field.
Contact: Search only contact objects. The input string is searched in the ID field.
Nameserver: Search only by nameserver objects. The input string is searched in the nameserver field and the IP address field.
Registrar: Search only registrar objects. The input string is searched in the ID and Name fields.
By default, if no object type control is specified, then the Name field of the Domain object is searched.
The fields specified below set forth the minimum output requirements.
Domain Name: EXAMPLE.TLD Domain ID: D1234567-TLD
WHOIS Server: whois.example.tld Referral URL: http://www.example.tld Updated Date: 2009-05-29T20:13:00Z
Creation Date: 2000-10-08T00:45:00Z Registry Expiry Date: 2010-10-08T00:44:59Z
Sponsoring Registrar: EXAMPLE REGISTRAR LLC Sponsoring Registrar IANA ID: 5555555
Domain Status: clientDeleteProhibited Domain Status: clientRenewProhibited Domain Status: clientTransferProhibited Domain Status: serverUpdateProhibited
Registrant ID: 5372808-ERL
Registrant Name: EXAMPLE REGISTRANT Registrant Organization: EXAMPLE ORGANIZATION Registrant Street: 123 EXAMPLE STREET Registrant City: ANYTOWN
Registrant State/Province: AP Registrant Postal Code: A1A1A1 Registrant Country: EX
Registrant Phone: +1.5555551212 Registrant Phone Ext: 1234 Registrant Fax: +1.5555551213 Registrant Fax Ext: 4321
Registrant Email: EMAIL@EXAMPLE.TLD Admin ID: 5372809-ERL
Admin Name: EXAMPLE REGISTRANT ADMINISTRATIVE
Admin Organization: EXAMPLE REGISTRANT ORGANIZATION Admin Street: 123 EXAMPLE STREET
Admin City: ANYTOWN Admin State/Province: AP Admin Postal Code: A1A1A1 Admin Country: EX
Admin Phone: +1.5555551212 Admin Phone Ext: 1234 Admin Fax: +1.5555551213
Admin Fax Ext:
Admin Email: EMAIL@EXAMPLE.TLD Tech ID: 5372811-ERL
Tech Name: EXAMPLE REGISTRAR TECHNICAL
Tech Organization: EXAMPLE REGISTRAR LLC Tech Street: 123 EXAMPLE STREET
Tech City: ANYTOWN Tech State/Province: AP Tech Postal Code: A1A1A1 Tech Country: EX
Tech Phone: +1.1235551234 Tech Phone Ext: 1234
Tech Fax: +1.5555551213
Tech Fax Ext: 93
Name Server: NS01.EXAMPLEREGISTRAR.TLD Name Server: NS02.EXAMPLEREGISTRAR.TLD
DNSSEC: signedDelegation DNSSEC: unsigned
>>> Last update of WHOIS database: 2009-05-29T20:15:00Z <<<
Registrar Name: Example Registrar, Inc. Street: 1234 Admiralty Way
City: Marina del Rey State/Province: CA Postal Code: 90292 Country: US
Phone Number: +1.3105551212
Fax Number: +1.3105551213 Email: registrar@example.tld
WHOIS Server: whois.example-registrar.tld Referral URL: http://www.example-registrar.tld Admin Contact: Joe Registrar
Phone Number: +1.3105551213
Fax Number: +1.3105551213
Email: joeregistrar@example-registrar.tld Admin Contact: Jane Registrar
Phone Number: +1.3105551214
Fax Number: +1.3105551213
Email: janeregistrar@example-registrar.tld Technical Contact: John Geek
Phone Number: +1.3105551215
Fax Number: +1.3105551216
Email: johngeek@example-registrar.tld
>>> Last update of WHOIS database: 2009-05-29T20:15:00Z <<<
Server Name: NS1.EXAMPLE.TLD IP Address: 192.0.2.123
IP Address: 2001:0DB8::1
Registrar: Example Registrar, Inc.
WHOIS Server: whois.example-registrar.tld Referral URL: http://www.example-registrar.tld
>>> Last update of WHOIS database: 2009-05-29T20:15:00Z <<<
Contact ID: 5372808-ERL Name: EXAMPLE REGISTRANT
Organization: EXAMPLE ORGANIZATION Street: 123 EXAMPLE STREET
City: ANYTOWN
State/Province: AP Postal Code: A1A1A1 Country: EX
Phone: +1.5555551212
Phone Ext: 1234
Fax: +1.5555551213
Fax Ext: 4321
>>> Last update of WHOIS database: 2009-05-29T20:15:00Z <<<
Offering searchability capabilities on the Directory Services is optional but if offered by the Registry Operator it shall comply with the specification described in this section.
Registry Operator will offer searchability on the web-based Directory Service.
Registry Operator will offer partial match capabilities, at least, on the following
fields: domain name, contacts and registrant’s name, and contact and registrant’s postal address, including all the sub-fields described in EPP (e.g., street, city, state or province, etc.).
Registry Operator will offer exact-match capabilities, at least, on the following
fields: registrar id, name server name, and name server’s IP address (only applies to IP addresses stored by the registry, i.e., glue records).
Registry Operator will offer Boolean search capabilities supporting, at least, the following logical operators to join a set of search criteria: AND, OR, NOT.
Search results will include domain names matching the search criteria.
Registry Operator will: 1) implement appropriate measures to avoid abuse of this feature (e.g., permitting access only to legitimate authorized users); and 2) ensure the feature is in compliance with any applicable privacy laws or policies.
Registry Operator shall provide a link on the primary website for the TLD (i.e., the website provided to ICANN for publishing on the ICANN website) to a web page designated by ICANN containing WHOIS policy and educational materials.
Registry Operator will have ninety (90) days from the Amendment Effective Date to comply with the terms of the Agreement as modified by this Amendment, during which time Registry Operator remains obligated to comply with the provisions of the Agreement as they existed prior to the Amendment Effective Date. On or prior to expiration of this period, Registry Operator must procure and provide to ICANN a Registry Data Escrow Agreement that meets compliance with the terms of Appendix 1 of the Agreement as modified by this Amendment.
The parties agree that, except as set forth in this Amendment, the terms of the Agreement will remain in full force and effect. All capitalized terms not defined will have the meaning given to them in the Agreement.
AGREED:
By: Akram Atallah
President, Global Domains Division
By: [Name]
[Title]
Registry Operator will engage an independent entity to act as data escrow agent (“Escrow Agent”) for the provision of data escrow services related to the Registry Agreement. The following Technical Specifications set forth in Part A, and Legal Requirements set forth in Part B, will be included in any data escrow agreement between Registry Operator and the Escrow Agent, under which ICANN must be named a third-party beneficiary. In addition to the following requirements, the data escrow agreement may contain other provisions that are not contradictory or intended to subvert the required terms provided below.
Deposits. There will be two types of Deposits: Full and Differential. For both types, the universe of Registry objects to be considered for data escrow are those objects necessary in order to offer all of the approved Registry Services.
“Full Deposit” will consist of data that reflects the state of the registry as of 00:00:00 UTC (Coordinated Universal Time) on the day that such Full Deposit is submitted to Escrow Agent.
“Differential Deposit” means data that reflects all transactions that were not reflected in the last previous Full or Differential Deposit, as the case may
be. Each Differential Deposit will contain all database transactions since the previous Deposit was completed as of 00:00:00 UTC of each day, but Sunday. Differential Deposits must include complete Escrow Records as
specified below that were not included or changed since the most recent full or Differential Deposit (i.e., newly added or modified domain names).
Schedule for Deposits. Registry Operator will submit a set of escrow files on a daily basis as follows:
Each Sunday, a Full Deposit must be submitted to the Escrow Agent by 23:59 UTC.
The other six (6) days of the week, a Full Deposit or the corresponding Differential Deposit must be submitted to Escrow Agent by 23:59 UTC.
Escrow Format Specification.
and draft-arias-noguchi-dnrd-objects-mapping, see Part A, Section 9, reference 2 of this Appendix (collectively, the “DNDE Specification”). The DNDE Specification describes some elements as optional; Registry Operator will include those elements in the Deposits if they are available. If not already an RFC, Registry Operator will use the most recent draft version of the DNDE Specification available at the Effective Date. Registry Operator may at its election use newer versions of the DNDE Specification after the Effective Date. Once the DNDE Specification is published as an RFC, Registry Operator will implement that version of the DNDE Specification, no later than one hundred eighty (180) calendar days after. UTF-8 character encoding will be used.
Processing of Deposit files. The use of compression is recommended in order to reduce electronic data transfer times, and storage capacity requirements. Data encryption will be used to ensure the privacy of registry escrow data. Files processed for compression and encryption will be in the binary OpenPGP format as per OpenPGP Message Format - RFC 4880, see Part A, Section 9, reference 3 of this Appendix. Acceptable algorithms for Public-key cryptography, Symmetric-key cryptography, Hash and Compression are those enumerated in RFC 4880, not marked as deprecated in OpenPGP IANA Registry, see Part A, Section 9, reference 4 of this Appendix, that are also royalty-free. The process to follow for the data file in original text format is:
The XML file of the deposit as described in Part A, Section 9, reference 1 of this Appendix must be named as the containing file as specified in Section 5 but with the extension xml.
The data file(s) are aggregated in a tarball file named the same as (1) but with extension tar.
A compressed and encrypted OpenPGP Message is created using the tarball file as sole input. The suggested algorithm for compression is ZIP as per RFC 4880. The compressed data will be encrypted using the escrow agent’s public
key. The suggested algorithms for Public-key encryption are Elgamal and RSA as per RFC 4880. The suggested algorithms for Symmetric-key encryption are TripleDES, AES128 and CAST5 as per RFC 4880.
The file may be split as necessary if, once compressed and encrypted, it is larger than the file size limit agreed with the escrow agent. Every part of a split file, or the whole file if not split, will be called a processed file in this section.
A digital signature file will be generated for every processed file using the Registry Operator’s private key. The digital signature file will be in binary OpenPGP format as per RFC 4880 Section 9, reference 3, and will not be compressed or encrypted. The suggested algorithms for Digital signatures are DSA and RSA as per RFC 4880. The suggested algorithm for Hashes in Digital signatures is SHA256.
The processed files and digital signature files will then be transferred to the Escrow Agent through secure electronic mechanisms, such as, SFTP, SCP, HTTPS file upload, etc. as agreed between the Escrow Agent and the Registry
Operator. Non-electronic delivery through a physical medium such as CD-ROMs, DVD-ROMs, or USB storage devices may be used if authorized by ICANN.
The Escrow Agent will then validate every (processed) transferred data file using the procedure described in Part A, Section 8 of this Appendix.
File Naming Conventions. Files will be named according to the following convention: {gTLD}_{YYYY-MM-DD}_{type}_S{#}_R{rev}.{ext} where:
{gTLD} is replaced with the gTLD name; in case of an IDN-TLD, the ASCII- compatible form (A-Label) must be used;
{YYYY-MM-DD} is replaced by the date corresponding to the time used as a timeline watermark for the transactions; i.e. for the Full Deposit corresponding to 2009-08-02T00:00Z, the string to be used would be “2009-08-02”;
{type} is replaced by:
“full”, if the data represents a Full Deposit;
“diff”, if the data represents a Differential Deposit;
“thin”, if the data represents a Bulk Registration Data Access file, as specified in Section 2 of Appendix 5;
{#} is replaced by the position of the file in a series of files, beginning with “1”; in case of a lone file, this must be replaced by “1”.
{rev} is replaced by the number of revision (or resend) of the file beginning with “0”:
{ext} is replaced by “sig” if it is a digital signature file of the quasi-homonymous file. Otherwise it is replaced by “ryde”.
Distribution of Public Keys. Each of Registry Operator and Escrow Agent will distribute its public key to the other party (Registry Operator or Escrow Agent, as the case may be) via email to an email address to be specified. Each party will confirm receipt of the other party’s public key with a reply email, and the distributing party will subsequently reconfirm the authenticity of the key transmitted via offline methods, like in person meeting, telephone, etc. In this way, public key transmission is authenticated to a user able to send and receive mail via a mail server operated by the distributing
party. Escrow Agent, Registry Operator and ICANN will exchange public keys by the same procedure.
Notification of Deposits. Along with the delivery of each Deposit, Registry Operator will deliver to Escrow Agent and to ICANN (using the API described in draft-lozano-icann- registry-interfaces, see Part A, Section 9, reference 5 of this Appendix (the “Interface Specification”)) a written statement (which may be by authenticated e-mail) that includes a copy of the report generated upon creation of the Deposit and states that the Deposit has been inspected by Registry Operator and is complete and accurate. Registry Operator will include the Deposit’s “id” and “resend” attributes in its statement. The attributes are explained in Part A, Section 9, reference 1 of this Appendix.
If not already an RFC, Registry Operator will use the most recent draft version of the Interface Specification at the Effective Date. Registry Operator may at its election use newer versions of the Interface Specification after the Effective Date. Once the Interface Specification is published as an RFC, Registry Operator will implement that version of the Interface Specification, no later than one hundred eighty (180) calendar days after such publishing.
Verification Procedure.
The signature file of each processed file is validated.
If processed files are pieces of a bigger file, the latter is put together.
Each file obtained in the previous step is then decrypted and uncompressed.
Each data file contained in the previous step is then validated against the format defined in Part A, Section 9, reference 1 of this Appendix.
If Part A, Section 9, reference 1 of this Appendix includes a verification process, that will be applied at this step.
If any discrepancy is found in any of the steps, the Deposit will be considered incomplete.
References.
Domain Name Data Escrow Specification (work in progress), http://tools.ietf.org/html/draft-arias-noguchi-registry-data-escrow
Domain Name Registration Data (DNRD) Objects Mapping, http://tools.ietf.org/html/draft-arias-noguchi-dnrd-objects-mapping
OpenPGP Message Format, http://www.rfc-editor.org/rfc/rfc4880.txt
OpenPGP parameters,
http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml
ICANN interfaces for registries and data escrow agents, http://tools.ietf.org/html/draft-lozano-icann-registry-interfaces
Escrow Agent. Prior to entering into an escrow agreement, the Registry Operator must provide notice to ICANN as to the identity of the Escrow Agent, and provide ICANN with contact information and a copy of the relevant escrow agreement, and all amendments thereto. In addition, prior to entering into an escrow agreement, Registry Operator must obtain the consent of ICANN to (a) use the specified Escrow Agent, and (b) enter into the form of escrow agreement provided. ICANN must be expressly designated as a third-party beneficiary of the escrow agreement. ICANN reserves the right to withhold its consent to any Escrow Agent, escrow agreement, or any amendment thereto, all in its sole discretion.
Fees. Registry Operator must pay, or have paid on its behalf, fees to the Escrow Agent directly. If Registry Operator fails to pay any fee by the due date(s), the Escrow Agent will give ICANN written notice of such non-payment and ICANN may pay the past-due fee(s) within fifteen (15) calendar days after receipt of the written notice from Escrow Agent. Upon payment of the past-due fees by ICANN, ICANN shall have a claim for such amount against Registry Operator, which Registry Operator shall be required to submit to ICANN together with the next fee payment due under the Registry Agreement.
Ownership. Ownership of the Deposits during the effective term of the Registry Agreement shall remain with Registry Operator at all times. Thereafter, Registry Operator shall assign any such ownership rights (including intellectual property rights, as the case may be) in such Deposits to ICANN. In the event that during the term of the Registry Agreement any Deposit is released from escrow to ICANN, any intellectual property rights held by Registry Operator in the Deposits will automatically be licensed to ICANN or to a party designated in writing by ICANN on a non-exclusive, perpetual,
irrevocable, royalty-free, paid-up basis, for any use related to the operation, maintenance or transition of the TLD.
Integrity and Confidentiality. Escrow Agent will be required to (i) hold and maintain the Deposits in a secure, locked, and environmentally safe facility, which is accessible only to authorized representatives of Escrow Agent, (ii) protect the integrity and confidentiality of the Deposits using commercially reasonable measures and (iii) keep and safeguard each Deposit for one (1) year. ICANN and Registry Operator will be provided the right to inspect Escrow Agent’s applicable records upon reasonable prior notice and during normal business hours. Registry Operator and ICANN will be provided with the right to designate a third-party auditor to audit Escrow Agent’s compliance with the technical specifications and maintenance requirements of this Appendix 1 from time to time.
If Escrow Agent receives a subpoena or any other order from a court or other judicial tribunal pertaining to the disclosure or release of the Deposits, Escrow Agent will promptly notify the Registry Operator and ICANN unless prohibited by law. After notifying the Registry Operator and ICANN, Escrow Agent shall allow sufficient time for Registry Operator or ICANN to challenge any such order, which shall be the responsibility of Registry Operator or ICANN; provided, however, that Escrow Agent does not waive its rights to present its position with respect to any such order. Escrow Agent will cooperate with the Registry Operator or ICANN to support efforts to quash or limit any subpoena, at such party’s expense. Any party requesting additional assistance shall pay Escrow Agent’s standard charges or as quoted upon submission of a detailed request.
Copies. Escrow Agent may be permitted to duplicate any Deposit, in order to comply with the terms and provisions of the escrow agreement.
Release of Deposits. Escrow Agent will make available for electronic download (unless otherwise requested) to ICANN or its designee, within twenty-four (24) hours, at the Registry Operator’s expense, all Deposits in Escrow Agent’s possession in the event that the Escrow Agent receives a request from Registry Operator to effect such delivery to ICANN, or receives one of the following written notices by ICANN stating that:
the Registry Agreement has expired without renewal, or been terminated; or
ICANN has not received a notification as described in Part B, Sections 7.1 and 7.2 of this Appendix from Escrow Agent within five (5) calendar days after the Deposit’s scheduled delivery date; (a) ICANN gave notice to Escrow Agent and Registry Operator of that failure; and (b) ICANN has not, within seven (7) calendar days after such notice, received the notification from Escrow Agent; or
ICANN has received notification as described in Part B, Sections 7.1 and 7.2 of this Appendix from Escrow Agent of failed verification of the latest escrow
deposit for a specific date or a notification of a missing deposit, and the notification is for a deposit that should have been made on Sunday (i.e., a Full Deposit); (a) ICANN gave notice to Registry Operator of that receipt; and (b) ICANN has not, within seven (7) calendar days after such notice, received notification as described in Part B, Sections 7.1 and 7.2 of this Appendix from Escrow Agent of verification of a remediated version of such Full Deposit; or
ICANN has received five notifications from Escrow Agent within the last thirty
(30) calendar days notifying ICANN of either missing or failed escrow deposits that should have been made Monday through Saturday (i.e., a Differential Deposit), and (x) ICANN provided notice to Registry Operator of the receipt of such notifications; and (y) ICANN has not, within seven (7) calendar days after delivery of such notice to Registry Operator, received notification from Escrow Agent of verification of a remediated version of such Differential Deposit; or
Registry Operator has: (i) ceased to conduct its business in the ordinary course; or (ii) filed for bankruptcy, become insolvent or anything analogous to any of the foregoing under the laws of any jurisdiction anywhere in the world; or
Registry Operator has experienced a failure of critical registry functions; or
a competent court, arbitral, legislative, or government agency mandates the release of the Deposits to ICANN; or
pursuant to contractual and operational compliance audits as specified.
Unless Escrow Agent has previously released the Registry Operator’s Deposits to ICANN or its designee, Escrow Agent will deliver all Deposits to ICANN upon expiration or termination of the Registry Agreement or the Escrow Agreement.
Verification of Deposits.
Within twenty-four (24) hours after receiving each Deposit or corrected Deposit, Escrow Agent must verify the format and completeness of each Deposit and deliver to ICANN a notification generated for each Deposit. Reports will be delivered electronically using the API described in draft-lozano-icann-registry- interfaces, see Part A, Section 9, reference 5 of this Appendix.
If Escrow Agent discovers that any Deposit fails the verification procedures or if Escrow Agent does not receive any scheduled Deposit, Escrow Agent must notify Registry Operator either by email, fax or phone and ICANN (using the API described in draft-lozano-icann-registry-interfaces, see Part A, Section 9, reference 5 of this Appendix) of such nonconformity or non-receipt within twenty-four (24) hours after receiving the non-conformant Deposit or the deadline for such Deposit, as applicable. Upon notification of such verification or
delivery failure, Registry Operator must begin developing modifications, updates, corrections, and other fixes of the Deposit necessary for the Deposit to be delivered and pass the verification procedures and deliver such fixes to Escrow Agent as promptly as possible.
Amendments. Escrow Agent and Registry Operator shall amend the terms of the Escrow Agreement to conform to this Appendix 1 within ten (10) calendar days of any amendment or modification to this Appendix 1. In the event of a conflict between this Appendix 1 and the Escrow Agreement, this Appendix 1 shall control.
Indemnity. Escrow Agent shall indemnify and hold harmless Registry Operator and ICANN, and each of their respective directors, officers, agents, employees, members, and stockholders (“Indemnitees”) absolutely and forever from and against any and all claims, actions, damages, suits, liabilities, obligations, costs, fees, charges, and any other expenses whatsoever, including reasonable attorneys’ fees and costs, that may be asserted by a third party against any Indemnitee in connection with the misrepresentation, negligence or misconduct of Escrow Agent, its directors, officers, agents, employees and contractors.
APPENDIX 3
Zone File Access Agreement
designee (the “CZDA Provider”). Registry Operator (optionally through the CZDA Provider) will provide access to zone file data per Section 1.1.3 of this Appendix and do so using the file format described in Section 1.1.4 of this
Appendix. Notwithstanding the foregoing, (a) the CZDA Provider may reject the request for access of any user that does not satisfy the credentialing requirements in Section 1.1.2 below; (b) Registry Operator may reject the request for access of any user that does not provide correct or legitimate credentials under Section 1.1.2 below or where Registry Operator reasonably believes will violate the terms of Section 1.1.5. below; and, (c) Registry Operator may revoke access of any user if Registry Operator has evidence to support that the user has violated the terms of Section 1.1.5 below.
<TLD>.zda.icann.org where <TLD> is the TLD for which the registry is responsible) for the user to access the Registry’s zone data
archives. Registry Operator will grant the user a non-exclusive, nontransferable, limited right to access Registry Operator’s (optionally CZDA Provider's) Zone File hosting server, and to transfer a copy of the top-level domain zone files, and any associated cryptographic checksum files no more than once per 24 hour period using FTP, or other data transport and access protocols that may be prescribed by ICANN. For every zone file access server, the zone files are in the top-level directory called <zone>.zone.gz, with <zone>.zone.gz.md5 and <zone>.zone.gz.sig to verify downloads. If the Registry Operator (or the CZDA Provider) also provides historical data, it will use the naming pattern <zone>- yyyymmdd.zone.gz, etc.
Each record must include all fields in one line as: <domain-name>
<TTL> <class> <type> <RDATA>.
Class and Type must use the standard mnemonics and must be in lower case.
TTL must be present as a decimal integer.
Use of /X and /DDD inside domain names is allowed.
All domain names must be in lower case.
Must use exactly one tab as separator of fields inside a record.
All domain names must be fully qualified.
No $ORIGIN directives.
No use of “@” to denote current origin.
No use of “blank domain names” at the beginning of a record to continue the use of the domain name in the previous record.
No $INCLUDE directives.
No $TTL directives.
No use of parentheses, e.g., to continue the list of fields in a record across a line boundary.
No use of comments.
No blank lines.
The SOA record should be present at the top and (duplicated at) the end of the zone file.
With the exception of the SOA record, all the records in a file must be in alphabetical order.
One zone per file. If a TLD divides its DNS data into multiple zones, each goes into a separate file named as above, with all the files combined using tar into a file called <tld>.zone.tar.
(3) months. Registry Operator will allow users to renew their Grant of Access.
Registry Operator shall provide one set of monthly reports per gTLD, using the API described in draft-lozano-icann-registry-interfaces, see Appendix 1, Part A, Section 9, reference 5, with the following content.
ICANN may request in the future that the reports be delivered by other means and using other formats. ICANN will use reasonable commercial efforts to preserve the confidentiality of the information reported until three (3) months after the end of the month to which the reports relate. Unless set forth in this Appendix 4, any reference to a specific time refers to Coordinated Universal Time (UTC). Monthly reports shall consist of data that reflects the state of the registry at the end of the month (UTC).
Field # | Field name | Description |
01 | registrar- name | Registrar’s full corporate name as registered with IANA |
02 | iana-id | For cases where the registry operator acts as registrar (i.e., without the use of an ICANN accredited registrar) 9999 should be used, otherwise the sponsoring Registrar IANA id should be used as specified in |
http://www.iana.org/assignments/registrar- ids | ||
03 | total- domains | total domain names under sponsorship in any EPP status but pendingCreate that have not been purged |
04 | total- nameservers | total name servers (either host objects or name server hosts as domain name attributes) associated with domain names registered for the TLD in any EPP status but pendingCreate that have not been purged |
05 | net-adds-1- yr | number of domains successfully registered (i.e., not in EPP pendingCreate status) with an initial term of one (1) year (and not deleted within the add grace period). A transaction must be reported in the month the add grace period ends. |
06 | net-adds-2- yr | number of domains successfully registered (i.e., not in EPP pendingCreate status) with an initial term of two(2) years (and not deleted within the add grace period). A transaction must be reported in the month the add grace period ends. |
07 | net-adds-3- yr | number of domains successfully registered (i.e., not in EPP pendingCreate status) with an initial term of three (3) years (and not deleted within the add grace period). A transaction must be reported in the month the add grace period ends. |
08 | net-adds-4- yr | number of domains successfully registered (i.e., not in EPP pendingCreate status) with an initial term of four (4) years (and not deleted within the add grace period). A transaction must be reported in the month the add grace period ends. |
09 | net-adds-5- yr | number of domains successfully registered (i.e., not in EPP pendingCreate status) with an initial term of five (5) years (and not deleted within the add grace period). A transaction must be reported in the month the add grace period ends. |
10 | net-adds-6- yr | number of domains successfully registered (i.e., not in EPP pendingCreate status) with an initial term of six (6) years (and not deleted within the add grace period). A transaction must be reported in the month the add grace period ends. |
11 | net-adds-7- yr | number of domains successfully registered (i.e., not in EPP pendingCreate status) with an initial term of seven (7) years (and not deleted within the add grace period). A transaction must be reported in the month the add grace period ends. |
12 | net-adds-8- yr | number of domains successfully registered (i.e., not in EPP pendingCreate status) with an initial term of eight (8) years (and not deleted within the add grace period). A transaction must be reported in the month the add grace period ends. |
13 | net-adds-9- yr | number of domains successfully registered (i.e., not in EPP pendingCreate status) with an initial term of nine (9) years (and not deleted within the add grace period). A transaction must be reported in the month the add grace period ends. |
14 | net-adds-10- yr | number of domains successfully registered (i.e., not in EPP pendingCreate status) with an initial term of ten (10) years (and not deleted within the add grace period). A transaction must be reported in the month the add grace period ends. |
15 | net-renews- 1-yr | number of domains successfully renewed (i.e., not in EPP pendingRenew status) either automatically or by command with a new renewal period of one (1) year (and not deleted within the renew or auto-renew grace period). A transaction must be reported in the month the renew or auto- renew grace period ends. |
16 | net-renews- 2-yr | number of domains successfully renewed (i.e., not in EPP pendingRenew status) either automatically or by command with a |
new renewal period of two (2) years (and not deleted within the renew or auto-renew grace period). A transaction must be reported in the month the renew or auto- renew grace period ends. | ||
17 | net-renews- 3-yr | number of domains successfully renewed (i.e., not in EPP pendingRenew status) either automatically or by command with a new renewal period of three (3) years (and not deleted within the renew or auto-renew grace period). A transaction must be reported in the month the renew or auto- renew grace period ends. |
18 | net-renews- 4-yr | number of domains successfully renewed (i.e., not in EPP pendingRenew status) either automatically or by command with a new renewal period of four (4) years (and not deleted within the renew or auto-renew grace period). A transaction must be reported in the month the renew or auto- renew grace period ends. |
19 | net-renews- 5-yr | number of domains successfully renewed (i.e., not in EPP pendingRenew status) either automatically or by command with a new renewal period of five (5) years (and not deleted within the renew or auto-renew grace period). A transaction must be reported in the month the renew or auto- renew grace period ends. |
20 | net-renews- 6-yr | number of domains successfully renewed (i.e., not in EPP pendingRenew status) either automatically or by command with a new renewal period of six (6) years (and not deleted within the renew or auto-renew grace period). A transaction must be reported in the month the renew or auto- renew grace period ends. |
21 | net-renews- 7-yr | number of domains successfully renewed (i.e., not in EPP pendingRenew status) either automatically or by command with a new renewal period of seven (7) years (and not deleted within the renew or auto-renew |
grace period). A transaction must be reported in the month the renew or auto- renew grace period ends. | ||
22 | net-renews- 8-yr | number of domains successfully renewed (i.e., not in EPP pendingRenew status) either automatically or by command with a new renewal period of eight (8) years (and not deleted within the renew or auto-renew grace period). A transaction must be reported in the month the renew or auto- renew grace period ends. |
23 | net-renews- 9-yr | number of domains successfully renewed (i.e., not in EPP pendingRenew status) either automatically or by command with a new renewal period of nine (9) years (and not deleted within the renew or auto-renew grace period). A transaction must be reported in the month the renew or auto- renew grace period ends. |
24 | net-renews- 10-yr | number of domains successfully renewed (i.e., not in EPP pendingRenew status) either automatically or by command with a new renewal period of ten (10) years (and not deleted within the renew or auto-renew grace period). A transaction must be reported in the month the renew or auto- renew grace period ends. |
25 | transfer- gaining- successful | number of domain transfers initiated by this registrar that were successfully completed (either explicitly or automatically approved) and not deleted within the transfer grace period. A transaction must be reported in the month the transfer grace period ends. |
26 | transfer- gaining- nacked | number of domain transfers initiated by this registrar that were rejected (e.g., EPP transfer op="reject") by the other registrar |
27 | transfer- losing- successfully | number of domain transfers initiated by another registrar that were successfully completed (either explicitly or automatically approved) |
28 | transfer- losing- nacked | number of domain transfers initiated by another registrar that this registrar rejected (e.g., EPP transfer op="reject") |
29 | transfer- disputed- won | number of transfer disputes in which this registrar prevailed (reported in the month where the determination happened) |
30 | transfer- disputed- lost | number of transfer disputes this registrar lost (reported in the month where the determination happened) |
31 | transfer- disputed- nodecision | number of transfer disputes involving this registrar with a split or no decision (reported in the month where the determination happened) |
32 | deleted- domains- grace | domains deleted within the add grace period (does not include names deleted while in EPP pendingCreate status). A deletion must be reported in the month the name is purged. |
33 | deleted- domains- nograce | domains deleted outside the add grace period (does not include names deleted while in EPP pendingCreate status). A deletion must be reported in the month the name is purged. |
34 | restored- domains | domain names restored from redemption period |
35 | restored- noreport | total number of restored names for which the registrar failed to submit a restore report |
36 | agp- exemption- requests | total number of AGP (add grace period) exemption requests |
37 | agp- exemptions- granted | total number of AGP (add grace period) exemption requests granted |
38 | agp- exempted- domains | total number of names affected by granted AGP (add grace period) exemption requests |
39 | attempted- adds | number of attempted (both successful and failed) domain name create commands |
The first line shall include the field names exactly as described in the table above as a “header line” as described in section 2 of RFC 4180. The last line of each report shall include totals for each column across all registrars; the first field of this line shall read “Totals” while the second field shall be left empty in that line. No other lines besides the ones described above shall be included. Line breaks shall be <U+000D, U+000A> as described in RFC 4180.
Field # | Field Name | Description |
01 | operational-registrars | number of operational registrars at the end of the reporting period |
02 | ramp-up-registrars | number of registrars that have received a password for access to OT&E at the end of the reporting period |
03 | pre-ramp-up-registrars | number of registrars that have requested access, but have not yet entered the ramp-up period at the end of the reporting period |
04 | zfa-passwords | number of active zone file access passwords at the end of the reporting period |
05 | whois-43-queries | number of WHOIS (port-43) queries responded during the reporting period |
06 | web-whois-queries | number of Web-based Whois queries responded during the reporting period, not including searchable Whois |
07 | searchable-whois-queries | number of searchable Whois queries responded during the reporting period, if offered |
08 | dns-udp-queries-received | number of DNS queries received over UDP transport during the reporting period |
09 | dns-udp-queries- responded | number of DNS queries received over UDP transport that were responded during the reporting period |
10 | dns-tcp-queries-received | number of DNS queries received over TCP transport during the reporting period |
11 | dns-tcp-queries- responded | number of DNS queries received over TCP transport that were responded during the reporting period |
Field # | Field Name | Description |
12 | srs-dom-check | number of SRS (EPP and any other interface) domain name “check” requests responded during the reporting period |
13 | srs-dom-create | number of SRS (EPP and any other interface) domain name “create” requests responded during the reporting period |
14 | srs-dom-delete | number of SRS (EPP and any other interface) domain name “delete” requests responded during the reporting period |
15 | srs-dom-info | number of SRS (EPP and any other interface) domain name “info” requests responded during the reporting period |
16 | srs-dom-renew | number of SRS (EPP and any other interface) domain name “renew” requests responded during the reporting period |
17 | srs-dom-rgp-restore- report | number of SRS (EPP and any other interface) domain name RGP “restore” requests delivering a restore report responded during the reporting period |
18 | srs-dom-rgp-restore- request | number of SRS (EPP and any other interface) domain name RGP “restore” requests responded during the reporting period |
19 | srs-dom-transfer-approve | number of SRS (EPP and any other interface) domain name “transfer” requests to approve transfers responded during the reporting period |
20 | srs-dom-transfer-cancel | number of SRS (EPP and any other interface) domain name “transfer” requests to cancel transfers responded during the reporting period |
21 | srs-dom-transfer-query | number of SRS (EPP and any other interface) domain name “transfer” requests to query about a transfer responded during the reporting period |
22 | srs-dom-transfer-reject | number of SRS (EPP and any other interface) domain name “transfer” requests to reject transfers responded during the reporting period |
23 | srs-dom-transfer-request | number of SRS (EPP and any other interface) domain name “transfer” requests to request transfers responded during the reporting period |
Field # | Field Name | Description |
24 | srs-dom-update | number of SRS (EPP and any other interface) domain name “update” requests (not including RGP restore requests) responded during the reporting period |
25 | srs-host-check | number of SRS (EPP and any other interface) host “check” requests responded during the reporting period |
26 | srs-host-create | number of SRS (EPP and any other interface) host “create” requests responded during the reporting period |
27 | srs-host-delete | number of SRS (EPP and any other interface) host “delete” requests responded during the reporting period |
28 | srs-host-info | number of SRS (EPP and any other interface) host “info” requests responded during the reporting period |
29 | srs-host-update | number of SRS (EPP and any other interface) host “update” requests responded during the reporting period |
30 | srs-cont-check | number of SRS (EPP and any other interface) contact “check” requests responded during the reporting period |
31 | srs-cont-create | number of SRS (EPP and any other interface) contact “create” requests responded during the reporting period |
32 | srs-cont-delete | number of SRS (EPP and any other interface) contact “delete” requests responded during the reporting period |
33 | srs-cont-info | number of SRS (EPP and any other interface) contact “info” requests responded during the reporting period |
34 | srs-cont-transfer-approve | number of SRS (EPP and any other interface) contact “transfer” requests to approve transfers responded during the reporting period |
35 | srs-cont-transfer-cancel | number of SRS (EPP and any other interface) contact “transfer” requests to cancel transfers responded during the reporting period |
Field # | Field Name | Description |
36 | srs-cont-transfer-query | number of SRS (EPP and any other interface) contact “transfer” requests to query about a transfer responded during the reporting period |
37 | srs-cont-transfer-reject | number of SRS (EPP and any other interface) contact “transfer” requests to reject transfers responded during the reporting period |
38 | srs-cont-transfer-request | number of SRS (EPP and any other interface) contact “transfer” requests to request transfers responded during the reporting period |
39 | srs-cont-update | number of SRS (EPP and any other interface) contact “update” requests responded during the reporting period |
The first line shall include the field names exactly as described in the table above as a “header line” as described in section 2 of RFC 4180. No other lines besides the ones described above shall be included. Line breaks shall be <U+000D, U+000A> as described in RFC 4180.
For gTLDs that are part of a single-instance Shared Registry System, the Registry Functions Activity Report may include the total contact or host transactions for all the gTLDs in the system.
For gTLDs that are part of a single-instance Shared Registry System, the Registry Functions Activity Report may include the total contact or host transactions for all the gTLDs in the system.