[dnssec-deployment] Registry software systems
Ed.Lewis at neustar.biz
Wed Jan 19 12:41:19 EST 2005
At 5:54 PM +0100 1/19/05, Jaap Akkerhuis wrote:
>Jim Galvin reminded about the following:
> 20041027 Jaap Akkerhuis to put together a quick summary of
> registry/registar software he knows about and who is using it.
>If I recall correctly, this was in reference to the discussion which
>registar systems needs to be adapted to use DNSSEC. Of course all need
>go, but what the notes below give an idea about the basic priciples
>registrars use for their systems. Note this is not compete, but I ran
>out of time. Sorry about that. If this is useful, let me know nd I'll
>expand these notes.
I think it would be wise to limit it to that. ;) Otherwise we could
go on forever. (Or at least until lines of text equals lines of
>1. Modes of operation of registars
>There are a couple of ways how registrars might operate. In a strict
>registry registrar model (.com, nl); direct registrations (.br) or
>Another way registrar can operate is whether they do all the
>processing in house or have (parts of) the operations sourced out.
>Verisign GRS is running .com, but also the back offie of a couple
>of (cc)tld. The same is done by affilias and other, less known
>outfits (icb.co.uk, www.cocca.cx). They might provide just the
>back-office, represent the TLD also in the policy precess up to
>running the TLD.
We also need to account for resellers (just to pick a document
highlighting the relationship and it's fragility -
Also there are registry gateway services, the best way I can describe
them is to direct y'all to this faq:
http://www.neulevel.com.cn/faqs/. BTW - there's currently a typo in
#3 that ought to be fixed in short order.
(It's business. I'm an engineer. The reason I am aware of this is
that EPP in involved. That's all I'm saying.)
>2. "Protocols" used by Registars
>A shared registry registrar system have often a protocol called a
>Shared registry registrar protocol. The Generic requirements can
>be found in RFC 3375. In pratice there are two forms of such a
>protocol, the Registry Registrar protocol (RRP, RFC 2832) and the
>Extensible Provisioning Protocol (EPP, RFC 3730 and friends).
RFC 3632 is newer for RRP, don't know if it's the latest.
>RRP is developed by Verisign for use by the .com, .net and, initially,
>the .org registries. As far as I know, Verisign has a protoype RRP
>client available for registrars.
>EPP is a standard developped in the IETF community as a result of
>the contract the new registries had with ICANN. In there was mentioned
>the these registries should use a standard IETF protocol althought
>there wasn't one. Before the proposed standard was published,
>various registries implemented EPP drafts ov various levels to get
>started. Allthough most registriy operators promised to upgrade to
>the final soecifications, it is not sure whether they actually have
>Registries using this systems have often example code available for
>2.2.1. EPP clients
>There are quite some (sourceforce) open source projecs for various
>clients able to spaek EPP.
>2.2.2. EPP servers
>Of the registrations system is less available publicly, There is
>an incomplete system "open registry" done by the ISC. There are
>rumours that some registries have actually build on top of this
>The Belgian Registry has an EPP (-like, it is based on a draft as
>fas as I know) based system they are willing to give away to other
>non-profit registries under the strict condition that dns-be will
>nog give any spupport.
>3. Mail template
I'd label this 2.3, and the next 2.4. To non-trivialize the comment,
registries can be divided as in #1 and can also be (orthogonally)
divided amongst interface types as in #2. Also - registries may do
multiple protocols .
>The majority of (cc) TLDS are using mailrobots, often stemming
>directkly form the original Postel mail templates. There are an
>enormous amount of small deifferences between the templates, due
>to the fact that all registries have slight differences in their
>rules and regulations. Most registries seems to accept email
>submission, but there are still registries only accepting FAXES or
>4. Web interfaces
>Registries, notably the ones with allow (also) direct registrations have
>web interfaces. Notably the system from Alain Aina, which uses a LDAP
>backend workds like that (and is available). Another example us the
>brazialian system (uses MySql as back0enp) and that is also available to
E.g, I know that APNIC uses a X.509-cert secured Web Portal, I
believe/think in addition to templates.
Edward Lewis +1-571-434-5468
"A noble spirit embiggens the smallest man." - Jebediah Springfield
More information about the Dnssec-deployment