Generic Top-Level Domain (gTLD) Registry Agreements
Proposed Unsponsored TLD Agreement: Appendix C, Part 12 (.name)
Part 12 - Other Modules These modules are to reside on all Registry Operator servers, if not otherwise specified in documentation for the specific server or site. Network Time Protocol daemon A daemon implementing the Network Time Protocol (NTP) in accordance with RFC1305 will be used to ensure consistency across servers in various time zones for the purpose of accuracy and log synchronisation. The NTP helps to synchronise the system time of a computer to another computer or reference time source, such as a radio or satellite receiver or modem. Accuracy in NTP will typically be within a millisecond on LANs and up to a few tens of milliseconds on WANs. In most configurations NTP utilises multiple redundant servers and diverse network paths to achieve this high accuracy and reliability. The NTP configuration may also include cryptographic authentication to prevent accidental or malicious protocol attacks. These measures may be implemented if deemed necessary. Each machine should have time reference from at least two primary servers. No server should have a higher stratum number than 3 in the Registry Operators network in order to prevent any time skewing or clock drift. The servers in the Registry Operator's network will refer to at least 2 publicly available stratum 2 servers. These servers must reside within close proximity with regards to network topology. Each of the servers should obtain NTP service from at least two different sources of synchronisation, preferably via different gateways and access paths. Future expansions may include an internal primary NTP server (stratum 1) in the Registry Operator's network, if deemed necessary. For more information regarding NTP, refer to the following website: Logging All software made by GNR will invoke a custom application program interface (API) that transfers appropriate events and system messages deemed suitable to a secured machine. Once received at the secure machine the logs will be written to disk, and a log file rotation scheme will be in place to partition the files according to date. The partitioning is done to make it easier to manage and search the logs for relevant information. The resulting log files will then be backed up in accordance with the backup scheme described in the section Backup in Part 11 (Registry Operations) of this appendix. SSH/SCP services SSH (Secure SHell) and SCP (Secure CoPy) provide means for encrypted communication and file transfers. These packages should be used as the preferred secure shell and secure file transfers method for the Registry Operator's internal data to and from all servers. This is to prevent eavesdropping on sensitive information during internal information transfers. The sshd daemon will run on all the Registry Operator's servers. FTP and Telnet should be avoided if possible as these provide no encryption of passwords and can easily compromise security due to the reason that communication between servers can be subject to eavesdropping. For a description on external data transfer (e.g. to Registrars), see Part 8D (Zone File Access) of this Appendix C. Refer to the SCP section for more information about SCP services provided by the Registry Operator and to the FTP section for more information about FTP services provided by the Registry Operator. Refer to Appendix N for the Zone File Access Agreement. Comments concerning the layout, construction and functionality of this site should be sent to webmaster@icann.org.
|
