As Internet usage grows exponentially, the demand for Internet-related services is also growing rapidly. As a result of the increased usage of the Internet, the demand for domain names is also growing rapidly. Consequently, demand for domain related services is also on the rise. Such domain related services can include domain name creation, domain name registration renewal, and the like. Typically, a website serves as a primary vehicle for establishing an online presence for a domain name. To meet this ever increasing demand for domain name related services, it is necessary that the entities that provide these services do so in an efficient and cost-effective manner.
The Domain Name System (“DNS”) is the part of the Internet infrastructure that translates human-readable domain names into the Internet Protocol (“IP”) numbers needed to establish TCP/IP communication over the Internet. DNS allows users to refer to web sites, and other resources, using easier to remember domain names, such as “www.example.com”, rather than the numeric IP addresses associated with a website, e.g., 123.4.56.78, and assigned to computers on the Internet. Each domain name can be made up of a series of character strings (e.g., labels) separated by dots. The right-most label in a domain name is known as the top-level domain (“TLD”). Examples of well-known TLDs are “com”; “net”; “org”; and the like. Each TLD supports second-level domains, listed immediately to the left of the TLD, e.g., the “example” level in “www.example.com”. Each second-level domain can include a number of third-level domains located immediately to the left of the second-level domain, e.g. the “www” level in www.example.com.
The responsibility for operating each TLD, including maintaining a registry of the second-level domains within the TLD, is delegated to a particular organization, known as a domain name registry (“registry”). The registry is primarily responsible for answering queries for IP addresses associated with domains (“resolving”), typically through DNS servers that maintain such information in large databases, and operating its top-level domain.
For most TLDs, in order to obtain a domain name, that domain name has to be registered with a registry through a domain name registrar, an entity authorized to register Internet domain names on behalf end-users. Alternatively, an end-user can register a domain name indirectly through one or more layers of resellers. A registry may receive registrations from hundreds of registrars.
A registrar usually has a dedicated service connection with the registries in order to access domain related services, e.g., domain name creation or renewal. Registrars typically use the Extensible Provisioning Protocol (“EPP”) as a vehicle to communicate with the registries in order to register or renew domain names. EPP is a protocol designed for allocating objects within registries over the Internet. The EPP protocol is based on Extensible Markup Language (“XML”), which is a structured, text-based format. The underlying network transport is not fixed, although the currently specified method is over Transmission Control Protocol (“TCP”).
Today, a registry operating a generic top-level domain (“gTLD”) must typically implement a number of requirements specified by the Internet Corporation for Assigned Names and Numbers (“ICANN’), including Domain Name Security System Extension (“DNSSEC”), Internationalized Domain Name “IDN”, THIRDLEVEL domain names, ESCROW & THICK registration data. DNSSEC implementation includes complying with Requests for Comments (“RFCs”) including, but not limited to:
RFC 4033—DNS Security Introduction and Requirements
RFC 4034—Resource Records for the DNS Security Extensions;
RFC 4035—Protocol Modifications for the DNS Security Extension;
RFC 5910—Domain Name System (DNS) Security Extensions Mapping for the Extensible Provisioning Protocol (EPP);
RFC 4509—Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records;
RFC 4641—DNSSEC Operational Practices; and
RFC 5155—DNS Security (DNSSEC) Hashed Authenticated Denial of Existence.
To comply with these requirements, a registry system must address several issues. Implementation of DNSSEC protocols NSEC, NSEC3 Opt Out and NSEC3 No Opt Out combined with IDN, THIRDLEVEL involves complex business logic which needs high performance, precision and atomicity to create various DNS Records and publish a valid and operable zone file. The server should return correct DNSSEC-related resource records such as DNSKEY, RRSIG, and NSEC/NSEC3 for the signed zone, and accept and publish DS resource records from second-level domain administrators and support the full life cycle of Key Signing Keys (“KSK”) and Zone Signing Keys (“ZSK”). The registry operators often may have to service a large number gTLDs and may have to provide back-end registry service for hundreds of gTLDs. Under “Registry Performance Specifications”, ICANN encourages registry operators to do maintenance for different service at times and dates of statistically lower traffic for each service. This would lead to different upgrade cycles for each gTLD. The need of deploying and maintaining services for each gTLD burdens registry operators with the heavy cost associated with physical infrastructure and manual resources required to keep the system running. Running gTLD services for each TLD on the application server as independent application leads to very high memory footprint, which is not scalable and does not perform well and can lead to breach of the registry operator's obligations and may result in ICANN compliance actions up to and including termination of the registry agreement.