Generic Top-Level Domain (gTLD) Registry Agreements

gTLD Registry Agreements establish the rights, duties, liabilities, and obligations ICANN requires of registry operators to run gTLDs.

Unsponsored TLD Agreement: Appendix C, Section 1 (.biz)

ICANN | Unsponsored TLD Agreement: Appendix C, Section 1 (.biz)

  ICANN Logo

Unsponsored TLD Agreement: Appendix C, Section 1 (.biz)
Posted: 27 April 2001


Functional Specifications

C.1 Registry Overview

This section will provide an overview of the registry. Specifically it will describe the registry facilities, the SRS systems and functions, and the nameserver systems and functions.

C.1.1 Registry Facilities Site Description

This section describes NeuLevel's proposed TLD Registry architecture consisting of redundant SRS data centers and multiple nameserver sites to provide a seamless, responsive, and reliable registry service to registrars and Internet users. The NeuLevel TLD registry consists of redundant SRS and multiple nameserver data center sites geographically dispersed. All of these sites are interconnected with a secure Virtual Private Network (VPN) to provide worldwide coverage and protect against natural and man-made disasters and other contingencies.

SRS Data Center and Nameserver Buildings

Each NeuLevel data center facility is located in a modern, fire-resistant building that offers inherent structural protection from such natural and man-made disasters as hurricanes, earthquakes, and civil disorder. Facilities are protected by a public fire department, and have their internal fire-detection systems connected directly to the fire department.

Data centers are protected from fire by the sprinkler systems of the buildings that house them. Furthermore, each equipment room is protected by a pre-action fire-suppression system that uses an extinguishing agent.

The environmental factors at the SRS Data Center and nameserver sites are listed in the following table.

SRS DATA CENTER ENVIRONMENTAL FACTORS
Heating, ventilation, and air conditioning Redundant HVAC units control temperature and humidity, able to maintain the required environment under failure of any one unit.
Control of static electricity All equipment-mounting racks are grounded to the building's system, and are equipped with grounding straps that employees wear whenever they work on the equipment.
Power supply Modular UPS with battery backup and diesel generator.
Grounding
  • All machines are powered by grounded electrical service.
  • A heavy-gage cable under the equipment-room floor connects all equipment racks to the building's electrical-grounding network.

Building Security

In addition to providing physical security by protecting buildings with security guards, closed circuit TV surveillance video cameras, and intrusion detection systems, physical access to our facilities is vigilantly controlled. Employees must present badges to gain entrance, and must wear their badges at all times while in the facility. Visitors must sign in to gain entrance. If the purpose of their visit is found to be valid, they are issued a temporary badge; otherwise, they are denied entrance. At all times while they are in the facility, visitors must display their badges and must be escorted by an authorized employee. Sign-in books are maintained for a period of one year.

C.1.2 Shared Registration System (SRS) Data Center Functional Description

The SRS data centers incorporate redundant uninterruptible power supplies; high-capacity heating, ventilation, and air conditioning; fire suppression; physical security; system security; firewalls with intrusion detection; redundant, high availability cluster technology; and redundant network and telecommunications architectures. The sites have been engineered to be resistant to natural and man-made disasters. The functional block diagram of our SRS data center is depicted in Exhibit 1. This diagram is shown for illustrative purposes and is a target architecture. Details within the diagram are subject to change as we progress through development and deployment.

Each SRS data center facility provides the functions listed in the system function directory table below.

SHARED REGISTRATION SYSTEM (SRS) FUNCTION DIRECTORY
System Function Functional Description
Web Server High capacity Web Servers provide secure web services and information dissemination that is outside the scope of the XRP protocol. It contains a registry home page to enable registrars to sign in and inquire about account status, get downloads and whitepapers, access frequently asked questions, obtain self help support, or submit a trouble ticket to the TLD Registry Help Desk.
Protocol (XRP) Servers XRP transactions received from registrars undergo front-end processing by the XRP server that manages the XRP session level dialog, performs session level security processing, and strips out transaction records. These XRP transaction records are sent to the SRS data center application server cluster for security authentication and business logic processing.
Application Servers Processing of the XRP applications business logic, user authentication, posting of inserts, deletes, updates to the master database, and interfaces to authentication, billing and collections, backup, and system/network administration.
SRS Database Servers The SRS database maintains registry data in a multi-threaded, multi-session database for building data-driven publish and subscribe event notifications and replication to downstream data marts such as the Whois, Zone, and Billing and Collection services.
Whois Distribution Database The Whois Distribution Database is dynamically updated from the SRS database and propagates the information to the Whois Database clusters.
Whois Database Clusters The Whois Database is dynamically updated from the Whois Distribution Database and sits behind the Whois Server clusters. The Whois Database clusters are used to lookup records that are not cached by the Whois Servers.
Whois Servers The Load Balanced Whois Server Clusters receive a high volume of queries from Registrants and Internet users. The Whois service returns information about Registrars, domain names, nameservers, IP addresses, and the associated contacts.
Zone Distribution Database The Zone Distribution Database is dynamically updated from the registry SRS database and propagated to the nameserver sites located worldwide. It contains domain names, their associated nameserver names, and the IP addresses for those nameservers.
Billing and Collection A commercial off the shelf system is customized for registry specific eCommerce billing and collection functions that are integrated with XRP transaction processing, the master database and a secure web server. The system maintains each registrar's account information by domain name and provides status reports on demand.
Authentication Services Authentication Service uses X.509 digital certificates and is used to authenticate the identity of entities interacting with the SRS.
Backup Server Provides backup and restore of each of the various cluster servers and database servers files and provides a shared robotic tape library facility for central backup and recovery.
Systems/Network Management Console Provides system administration and simple network management protocol (SNMP) monitoring of the network, LAN-based servers, cluster servers, network components, and key enterprise applications including the XRP, Web, Whois, Zone, Billing and Collections, Backup/Restore, and database application. Provide threshold and fault event notification and collects performance statistics.
Applications Administration Workstations Provides client/server GUI for configuration of SRS applications including XRP, Web, Billing and Collection, Database, Authentication, Whois, Zone, etc.
Building LAN Provides dual redundant switched 100BaseT Ethernet LAN-based connectivity for all network devices in the data center.
Firewall Protects the building LAN from the insecure Internet via a Firewall that provides policy-based IP filtering and network-based intrusion detection services to protect the system from the Internet hacking and denial of service attacks.
Load Balancers Dynamic Feedback Protocol (DFP) - based load balancing of TCP/IP traffic in a server cluster including common protocols such as least connections, weighted least connections, round robin, and weighted round robin.

C.1.3 Nameserver Sites Functional Description

Two of the five initial nameserver sites are co-located at our SRS Data Centers. One of the remaining nameserver sites will be located in Europe, another of the remaining nameservers will be located in Asia. The location of the fifth nameserver site has not yet been determined. Additional geographically dispersed nameserver sites will be deployed as load and geographic diversity needs dictate and will be served with dual homed Internet and VPN local access telecommunications links to provide resilience and disaster recovery. The functional block diagram of our nameserver sites is depicted in Exhibit 2. As can be seen from the exhibit the nameserver sites are configured to be remotely managed and operated "lights out". This diagram is shown for illustrative purposes and is a target architecture. Details within the diagram are subject to change as we progress through development and deployment.

The following function directory table lists the nameserver functions.

NAMESERVER FUNCTION DIRECTORY

System Function

Functional Description
Zone Update Database The SRS Zone Distribution Database is propagated to the Zone Update Database Servers at the nameserver sites. Information propagated includes domain names, their associated nameserver names, and the IP addresses for those nameservers.
Nameserver The nameserver handles resolution of TLD domain names to their associated nameserver names and to the IP addresses of those nameservers. The nameservers are dynamically updated from the Zone Update Database. Updates are sent over the VPN Registry Management Network.
Building LAN Provides dual redundant switched 100BaseT Ethernet LAN-based connectivity for all network devices in the data center.
Firewall Protects the building LAN from the insecure Internet via a Firewall that provides policy-based IP filtering and network-based intrusion detection services to protect the system from the Internet hacking and denial of service attacks.
Load Balancers Dynamic Feedback Protocol (DFP) - based load balancing of TCP/IP traffic in a server cluster including common protocols such as least connections, weighted least connections, round robin, and weighted round robin.
Telecommunications Access Dual-homed access links to Internet Service Providers (ISPs) and Virtual Private Network (VPN) services are used for connectivity to the Internet and the NeuLevel Registry Management Network.


Comments concerning the layout, construction and functionality of this site
should be sent to webmaster@icann.org.

Page Updated 27-April-2001

©2001  The Internet Corporation for Assigned Names and Numbers. All rights reserved.