This document provides information about registry operator obligations and ICANN's role in overseeing generic top-level domain registries. It outlines numerous ongoing obligations registry operators must comply with, such as paying fees, submitting various reports, maintaining DNS performance standards, and complying with rights protection mechanisms. It also describes actions ICANN takes, such as monitoring compliance, responding to emergencies, and implementing consensus policies developed by the community. The document aims to help registry operators understand and address common challenges by sharing experiences from other registries and providing guidance.
5. Text
#ICANN49
A New Relationship
• Contracting
o Once an applicant signs an agreement, its relationship
with ICANN changes – it becomes a registry
• Delegation
o ICANN assigns a piece of Internet infrastructure into
the care of the registry
• Ongoing Operations
o ICANN and the registry have interactions with one
another, and with Internet users
Goal: Secure, stable and resilient operation of the new gTLD
6. Text
#ICANN49
Disclaimer
Nothing in this presentation is a
waiver or modification of any
obligation in the Registry Agreement.
In the event of a conflict between
anything in this presentation and the
Registry Agreement, the Registry
Agreement prevails.
8. Text
#ICANN49
Pay Registry-Level Fees
• Fixed and Variable fees
o Fixed = US$6250/quarter
o Variable = US$0.25/transaction over 50,000
• Pay fees within 30 calendar days of the issue
date of ICANN invoice
• Details
o Frequency: Quarterly
o Start Date: Upon delegation of the TLD
More information in the Registry Agreement: Article 6.1
$
9. Text
#ICANN49
• Rights Protection Mechanism Fees
o RPM Access Fee
Frequency: One-time
Start Date: Invoiced as of Registry Agreement Effective Date
o RPM Registration Fee
Frequency: Quarterly
Start Date: First quarter following delegation of the TLD
• Pay RPM fees within 30 calendar days of the issue
date of ICANN invoice
Pay Pass Through Fees – RPM
More information in the Registry Agreement: Article 6.4
$
10. Text
#ICANN49
Comply with Consensus & Temporary Policies
• Comply with and implement all Consensus and
Temporary Policies
• Consensus Policies are developed by the
community
• Temporary Policies are Board adopted policies
necessary to maintain the stability or security of
Registry Services or the DNS
• Details
o Frequency: Continuous
o Start Date: Following implementation notice from
ICANN
More information in the Registry Agreement: Specification 1
OK
11. Text
#ICANN49
Escrow Agent – Initial Setup
• Select and engage with an ICANN-approved
Data Escrow Agent
• Escrow agreement and letter of compliance
copy must be provided to Pre-Delegation
Testing provider during PDT
• Details
o Frequency: Once
o Start Date: Effective date of the RA
More information in the Registry Agreement: Specification 2, Part B.1.
12. Text
#ICANN49
Notify ICANN of Escrow Agent change
• Obtain ICANN consent to change escrow
agent prior to entering into a new escrow
agreement
• Escrow agreement and letter of compliance
copy must be provided to ICANN
• Details
o Frequency: At onset of every new escrow agreement
o Start Date: Effective date of the RA
More information in the Registry Agreement: Specification 2, Part B.1.
13. Text
#ICANN49
Submit Data Escrow Deposits, Send Notification
• Submit deposits to escrow agent
o Full deposit on Sunday
o Differential or full deposit Monday - Saturday
• Deposits must be accompanied by report of deposit
o Send a copy to ICANN using the Registry Reporting
Interface (RRI) system
• Details
o Frequency: Daily
o Start Date: Upon delegation of the TLD
More information in the Registry Agreement: Specification 2, Parts A.2 and A.7
14. Text
#ICANN49
Verify Delivery of Data Deposits
• Registry operator responsible for ensuring
escrow agent delivers verification
notification to ICANN within 24 hours of
each data escrow deposit
• Details
o Frequency: Daily
o Start Date: Upon delegation of the TLD
More information in the Registry Agreement: Specification 2, Part B.7.1
✓❏
15. Text
#ICANN49
Submit Transactions & Functions Reports
• Per-Registrar Transactions Report
o Accounts for new registrations, renewals, transfers, etc.
o Frequency: Monthly
o Start Date: At TLD delegation
• Registry Functions Activity Report
o Statistics for DNS, EPP, RDDS activity
o Frequency: Monthly
o Start Date: Upon delegation of the TLD
• Submit reports within 20 calendar days following
the end of each calendar month
More information in the Registry Agreement: Article 2.4 and Specification 3.1
16. Text
#ICANN49
Publish Certain Registration Data
• Operate a WHOIS service and a web-based
Registration Data Directory Service that
fulfills the requirements stated in
Specification 4
• Details
o Frequency: Continuous
o Start Date: Upon delegation of the TLD
More information in the Registry Agreement: Specification 4.1
17. Text
#ICANN49
Grant Zone File Access
• Provide Internet users access to zone files – in
bulk – via Centralized Zone Data System
o Access granted no more than once daily (ongoing basis)
• Provide ICANN and EBERO (through ICANN)
access to zone files continuously
o Access granted at least once daily
• Details
o Frequency: Daily
o Start Date: Upon delegation of the TLD
More information in the Registry Agreement: Specification 4.2
18. Text
#ICANN49
Grant Bulk Registration Data Access
• Provide up-to-date thin Registration Data to
ICANN
o Contents include domain name, registrar id, updated
& creation dates, etc. following data escrow format
o Contains data committed as of 00:00:00 UTC on the
day chosen by the registry
• Details
o Frequency: Weekly
o Start Date: Upon delegation of the TLD
More information in the Registry Agreement: Specification 4.3
19. Text
#ICANN49
Reserve Special Domain Names
• Reserve certain labels as identified in Specification 5
o The string “example”
o Two-Character Labels
o Reservations for Registry Operations
o Country and Territory Names
o IOC, Red Cross, Red Crescent
o Intergovernmental Organizations
• Details
o Frequency: Continuous
o Start Date: Effective date of the RA
More information in the Registry Agreement: Specification 5
20. Text
#ICANN49
Meet Interoperability/Continuity Standards
• Comply with the following:
o Standards Compliance
DNS, EPP, DNSSEC, IDN, IPv6
o Registry Services
o Registry Continuity
o Abuse Mitigation
Provide Abuse Contact to ICANN and publish on website
o Supported Initial/Renewal Registration Periods
o Name Collision Occurrence Management
• Details
o Frequency: Continuous
o Start Date: Effective date of the RA
More information in the Registry Agreement: Specification 6
✓❏
21. Text
#ICANN49
Name Collision Occurrence Management
• Comply with the Name Collision requirements
o 120-day no-activation of names period from
contracting
o No activation of names in the SLD block list
o Be ready to expeditiously handle reports of severe
harm caused by name collision
• Details
o Frequency: Continuous
o Start Date: Upon delegation of the TLD
More information in the Registry Agreement: Specification 6.6
OK
22. Text
#ICANN49
Maintain Registry Performance
• Meet the service levels outlined in the Service
Level Agreement matrix
o Maintain records for a period of at least one year
• Details
o Frequency: Continuous
o Start Date: Upon delegation of the TLD
More information in the Registry Agreement: Specification 10.2
OK
23. Text
#ICANN49
Uphold Rights Protection Mechanisms
• Implement and adhere to Rights Protection
Mechanisms
o Trademark Sunrise/Claims Periods
o Uniform Rapid Suspension System
o Post-Delegation Dispute Resolution Procedures
Trademark Post-Delegation (TM-PDDRP)
Registration Restriction (RRDRP)
Public Interest Commitments (PICDRP)
• Details
o Frequency: Continuous
o Start Date: Effective date of the RA
More information in the Registry Agreement: Specification 7
24. Text
#ICANN49
Maintain Continued Operations Instrument
• Continued Operations Instrument (COI) must
be in effect for 6 years from effective date of RA
• No amendment without ICANN approval
• If COI is terminated or not renewed, required
to obtain replacement COI
• Details
o Frequency: Continuous
o Start Date: Effective date of the RA
More information in the Registry Agreement: Specification 8
OK
25. Text
#ICANN49
Abide by Registry Operator Code of Conduct
• Comply with Code of Conduct
o Preference Not Permitted
Registry will not show any preference or provide any special consideration to any
registrar with respect to operational access to registry systems and related
registry services, unless comparable opportunities to qualify for such preferences
or considerations are made available to all registrars on substantially similar
terms and subject to substantially similar conditions.
o Use an ICANN-accredited registrar to register names
o Do not register names for the registry based on proprietary access
to search or resolution information
o Additional requirements for registries with cross-ownership
• Details
o Frequency: Continuous
o Start Date: Effective date of the RA
More information in the Registry Agreement: Specification 9
OK
26. Text
#ICANN49
Submit Code of Conduct Review Results
• Registries with cross-ownership must conduct
internal review to ensure compliance with Code
of Conduct and provide results to ICANN
• Executive Officer of registry must certify
compliance with the Code of Conduct
• Details
o Frequency: Annually
o Start Date: 20 January, following effective date
of the RA
More information in the Registry Agreement: Specification 9.3
27. Text
#ICANN49
Abide by Public Interest Commitments
• Registrars used by the registry must be party
to the 2013 Registrar Accreditation
Agreement
• Comply with all voluntary Public Interest
Commitments (if applicable)
o Voluntary PICS were published 6 March 2013
o If registry submitted, PIC is included in the RA
More information in the Registry Agreement: Specification 11, Section 1 and 2
OK
28. Text
#ICANN49
Abide by Public Interest Commitments
• Comply with all mandatory Public Interest
Commitments
o Four mandatory PICs that apply to all registries
• Comply with all regulated industries Public
Interest Commitments
o For registries that received GAC Category 1 Advice
• Details
o Frequency: Continuous
o Start Date: Effective date of the RA
More information in the Registry Agreement: Specification 11, Section 1 and 2
OK
29. Text
#ICANN49
Implement Community Registration Policies
• Policy Examples (list not exhaustive)
o Required to be a member of the specified Community
o Methods for validating Community eligibility
• Details
o Frequency: Continuous
o Start Date: Effective date of the RA
More information in the Registry Agreement: Specification 12
➥
30. Text
#ICANN49
Registry Obligation Timelines
Continuously
• Consensus/Temporary Policies
• Registration Data Publication Services
• Schedule of Reserved Names
• Registry Interoperability and Continuity
• Rights Protection Mechanisms
• Continuing Operations Instrument
• Registry Operator Code of Conduct
• Name Collision Performance Management
• Registry Performance
• Public Interest Commitments
• Community Registration Policies
Daily
• Data Escrow: Deposits
• Data Escrow: Notification of Deposits
• Data Escrow: Verification of Deposits
• Zone File Access
31. Text
#ICANN49
Registry Obligation Timelines (cont.)
Weekly • Bulk Registration Data Access
Monthly
• Per-Registrar Transactions Report
• Registry Functions Activity Report
Quarterly
• Pay Registry-Level Fees
• Pass Through Fees
Annually
• Registry Operator Code of Conduct Internal
Review Results
• Maintain Technical and Operational
Registry Performance Records
As Needed
• Notify ICANN of Escrow Agent and Data
Escrow Agent Changes
33. Text
#ICANN49
Process Registry Operator Notifications
• Process requests/notices (list not exhaustive):
o Request to amend Registry-Registrar Agreement
(Article 2.9(a))
o Notification that RO will become an affiliate or
reseller of an ICANN accredited registrar, or will
subcontract the provision of any registry services to an
ICANN accredited registrar, registrar reseller or
affiliate (Article 2.9(b))
o Notification of outage/maintenance (Specification 10.7.3)
ICANN will note planned maintenance times and suspend
emergency escalation services during expected
outage/maintenance
➥
34. Text
#ICANN49
Adhere to ICANN Covenants
• Covenants, specified in Article 3, include:
o Operate in an open and transparent manner (3.1)
o Apply standards, policies, procedures, practices equitably (3.2)
o Implement changes to TLD nameserver designations within 7
calendar days (3.3)
o Include registry operator and administrative, technical contacts in
publication of root zone contact information for each TLD (3.4)
o To extent ICANN is authorized (3.5):
(a) ensure that the authoritative root will point to the top-level domain
nameservers designated by registry operator for the TLD
(b) maintain a stable, secure, and authoritative publicly available
database of relevant information about the TLD
(c) coordinate the Authoritative Root Server System so that it is
operated and maintained in a stable and secure manner
OK
35. Text
#ICANN49
Monitor Compliance
• Monitor and enforce compliance with the
Registry Agreement and applicable
Consensus Policies
• Perform Contractual Compliance Audit
o Audit is limited to the representations and
warranties in Article 1, and covenants in Article 2 of
the Registry Agreement
✓❏
36. Text
#ICANN49
Respond to Emergency Situations
• Emergency Back-End Registry Operator
o When certain conditions exist, may initiate an Emergency
Escalation with the relevant registry operator
(Specification 10.7.1)
o May Designate an emergency registry operator in
accordance with ICANN's registry transition process
(Article 2.13)
• Name Collision
o Relay reports to registry operators alleging demonstrably
severe harm as a result of name collision (Specification 6)
!
37. Text
#ICANN49
Issue Information and Invoices
• Publish certain data on ICANN website:
o List of ICANN-accredited registrars party to the 2013
Registrar Accreditation Agreement (Specification 11.1)
• Issue timely, accurate invoices for registry-
related fees, including:
o Registry-Level Fees (Article 6.1)
o Variable Registry-Level Fees (Article 6.3)
o Pass Through Fees (Article 6.4)
38. Text
#ICANN49
Consensus & Temporary Policy Implementation
• Consensus Policies
o Collaborate with registries to implement and provide
required tools (e.g., providers, technology)
o Provide a reasonable amount of time to implement
• Temporary Policies
o Ensure the Policy is narrowly tailored to address the
security or stability concern
o Provide a reasonable amount of time to implement
o Collaborate with registries to implement and provide
required tools (e.g., providers, technology)
➥
39. Text
#ICANN49
Engagement and Communication
• Communication
o Ensure cooperative lines of communication between
ICANN and Registries exist
o Ensure Registries point-of-view is taken into account
within ICANN
• Tools
o Develop tools (providers, technology, etc.), when
appropriate, Registries require in order to fulfill their
obligations
o Collaborate with Registries on anticipated new
requirements or tools
41. Text
#ICANN49
Gathering Registry Experiences
• Methodology
o ICANN Staff supporting new gTLD registry
operations provided input on frequently
asked questions and observed registry issues
• Purpose
o Flag common issues; provide registries with
Guidance for avoidance/resolution
42. Text
#ICANN49
DNSSEC
• Registry Experience
o I’m receiving calls at odd hours from ICANN (NOC) re:
failures in my DNS(SEC) service
• Guidance
o Some zone files are not being signed properly or have
expired signatures
Follow the DNSSEC standards and DNSSEC Operational
Practices found in RFC 6781
Ensure you have proper operational procedures to ensure your
zone file(s) signatures remain up to date
43. Text
#ICANN49
Registry Reporting Interface
• Registry Experience
o I’m unable to log in to the Registry Reporting Interface
• Guidance
o The GDD Portal launched on 17 March 2014 with a goal
of reducing credentialing errors because the portal
includes built-in validations
o If you continue to experience errors, submit a New Case
via the GDD Portal Cases Work Item and ICANN will
work to resolve the issue
44. Text
#ICANN49
Data Escrow Deposit Compliance
• Registry Experience
o Why am I receiving ICANN compliance inquiries/notices
regarding issues with data escrow deposits?
• Guidance
o Check with your Data Escrow Agent to make sure it is
submitting daily notifications
o Make sure DEA has its passwords (onboarding form)
o Ensure you are doing daily escrow deposits and sending
respective reports to ICANN
o If using curl, please use “--data-binary" option. Don't use “--
data" or “--data-ascii".
o Data Escrow must start at TLD delegation
45. Text
#ICANN49
Monthly Reports Compliance
• Registry Experience
o Why am I receiving ICANN compliance inquiries/notices
regarding missing monthly reports?
• Guidance
o Ensure you are submitting monthly reports (per Specification 3 of
the RA) to ICANN using the RRI interface
o In the reports, make sure to include transactions for all domain
names, including those registered by the registry itself
(e.g., nic.<tld>, 100 names from Spec 5)
o Use valid registrar IDs and/or special purpose registrar IDs
Examples: 9995 and 9996 for PDT, 9997 for ICANN SLA monitoring
name(s), 9998 for registry acting as registrar billed names, 9999 for registry
acting as registrar non-billed names
46. Text
#ICANN49
Compliance: Zone File, Bulk Registration Data Access
• Registry Experience
o Why am I receiving ICANN compliance inquiries/notices
regarding Zone File Access and/or Bulk Registration Data
Access?
• Guidance
o Ensure you have working Zone File Access (ZFA) for ICANN
and (EBEROs trough ICANN) using your preferred method (as
indicated at onboarding) in a daily basis as described in
Specification 4, sections 2.3 and 2.4
o Ensure you have working thin Bulk Registration Data Access
(BRDA) for ICANN, including the proper signatures of the data
file as described in Specification 4, section 3.1
o Access to both ZFA and BRDA must start at TLD delegation
47. Text
#ICANN49
Reserved/Blocked Names Compliance
• Registry Experience
o Why am I receiving ICANN compliance inquiries/notices
regarding activation of names?
• Recommendations
o Ensure you have complete lists of the names that should not be
activated in the DNS per the Registry Agreement
(e.g., Specification 5, Name Collision SLD block list)
o Some names can be registered to third parties but not activated
in DNS (e.g., names in the SLD block list)
o Other names cannot be registered to third parties and must not
be activated in the DNS (e.g., two-char second-level names)*
48. Text
#ICANN49
Name Collision Mitigation
• Registry Experience
o I’m unclear as to when I can start activating second-level
domains in relation to the 120-day no-activation name period
• Guidance
o Delegate nic.TLD (to yourself) upon delegation – this is
mandatory for all new registries
o Ensure that whois.nic.<tld> points to a valid WHOIS and web-
based Registration Data Directory Service
o Do not activate any other second-level domain before 120 days
from contracting (RA effective date) have elapsed
49. Text
#ICANN49
NIC.TLD and IANA
• Registry Experience
o When can I provide my nic.<tld> URL, WHOIS server or email
addresses to IANA?
• Guidance
o For now, whois.nic.<tld> can only be registered in IANA after
a TLD is delegated – we recommend requesting that IANA
update your Root Zone Management profile with this URL
after delegation
o On the RZM form, there is a field requesting the Whois service
URL – you can either (a) leave it blank for initial delegation, or
(b) provide an alternate WHOIS address that works prior to
delegation (e.g., whois.example.com)
50. Text
#ICANN49
Centralized Zone File Access
• Registry Experience
o Users of the Centralized Zone Data System are
complaining they no longer have access
o I’m receiving a high number of requests from
previously approved users
• Guidance
o Remember that a CZDS user will have to submit a
new request, which the registry needs to approve,
every time the user’s access expires
o Approve access for longer periods
CZDS access can now be granted for up to 1,000 days
51. Text
#ICANN49
Abuse Contact Info
• Registry Experience
o Why have I received a compliance
inquiry/notification about the posting of my Abuse
Contact information?
• Guidance
o Publish the Abuse Contact information on your
website; make sure it’s easy to find in order to
avoid complaints
52. Text
#ICANN49
Legal Notifications
• Registry Experiences
1. I don’t know how to send a legal notification to ICANN
2. I don’t know how to update or change my legal notices
point of contact
• Guidance
1. Legal notifications between parties (ICANN and
registry operator) must follow the process outlined in
Section 7.9 of the Registry Agreement
2. Updates must be made through the GDD Portal –
Registry to notify ICANN within 30 days of change
Theme: whenever you begin a new relationship, it’s important to clearly stateexpectations.
OBLIGATIONSGOAL: Safe, secure and resilient operation of gTLDsThe list of Registry Operator obligations we’ll cover today is not exhaustive. Please remember that Registries are obligated to comply with all terms and conditions in the Registry Agreement.
Two buckets - Consensus policies (per the bylaws) - Temporary policies (2/3 board vote to preserve security & stability of the DNS)ICANN typically gives the registries a reasonable amount of time to implement following the notice
This is thin data in order to facilitate compliance checks on registrars by icann
ExampleTwo-Character labels WWW, RDDS, WHOIS, NIC100 names for registry operationsAny names the RO wants to reserveCountry and Territory names (ISO 3166-1 list)IOC, RCRCIGO
Standards complianceDNSEPPDNSSECIDNIPv6Registry ServicesProducts or services that only a registry operator is capable of providing by reason of its designation as the registry operator Registry Continuity-Abuse MitigationProvide ICANN and Publish in its website an Abuse Contact (valid email and mailing address) and provided prompt notice of such changesRemove orphan glue records when there’s evidence there is a connection with malicious conductInitial and Renewal Registration Periods1 to 10 years for eitherName Collission Occurrence ManagementNo activation in the DNS for 120 days from effective date of RA (EXCEPT ‘NIC’ which must be activated)
For DNS, RDDS and EPPIf emergency thresholds are reached (Specification 10.6) would cause the emergency transition of the Registry
RPMSPer the TMCH documentMandatory Sunrise (minimum 30 days, w/30 day notice period; or 60 days w/o notice period)Mandatory Claims (minimum 90 days)May request Specificationial Launch program, but must be approved by ICANN prior to SunriseUtilize TMCHMay have additional RPMs
Mandatory PICsProvision in RRA that registration agreements must prohibit bad stuff (malware, TM and copyright infringement, botnets)Conduct tech analysis to look for pharming, phishing, etc. and provide reports to ICANN upon requestOperate in a transparent mannerIf TLD is a ‘generic string”, it cannot be exclusive useRegulated and highly regulated sectors PICs- (medical, legal, accounting, finance)Comply with consumer protections, fair lending, debt collectionCompliance with regulatory or industry self-regulatory bodies
ICANN’s GOAL: Support new registries!ICANN’s role related to the Registry Agreement are stated differently than obligations of Registry Operators; in some cases, ICANN’s role is implied rather than explicit. These activities do not lend themselves to categorization based on frequency; instead, they are described in more general terms.
Compliance Scope The Registry Agreement and applicable Consensus PoliciesThe Dispute Resolution ProceduresPublic Interest CommitmentsCommunity Registration RestrictionsTrademark Post-DelegationUniform Rapid SuspensionThe Sunrise ProcessesThe Claims Services ProcessesThe Audit is limited to the representations and warranties in Article 1, and the covenants in Article 2
When ‘services’ are failing, ICANN will reach out to the Registry to resolveIf the issues are not resolved, ICANN may escalate to an EBERO
ICANN Staff, representing many departments have been supporting the new gTLD Registry Operations.An Internal meeting was held to gather and discuss the issues and frequent questions the ICANN staff have been encountering.After the meeting, the department representatives were interviewed to gather further details of each items.Selected items from the list are presented in Singapore with Guidance for action.The purpose here is to communicate the lessons learned from the early experience to avoid common issues and provide helpful information in advance.Department represented areRegistry ServicesTechnical ServicesCustomer Service CenterLegalComplianceFinanceGDD OperationsIANA
Use 9998 for the 100 names in Spec 5Use 9999 for nic.<tld>Monthly reporting must start at TLD delegation
Use 9998 for the 100 names in Spec 5Use 9999 for nic.<tld>
* Specification 5 provide mechanisms to release two-char names
Registering names (subject other policies, rules and restrictions) is ok
Clarify that the requirement to have
Note: We continue to look for ways to improve CZDS usability and functionality.We encourage you to send your suggestions to czds@icann.org
Legal notifications between parties (ICANN and registry operator) must follow the process outlined in Section 7.9 of the Registry AgreementIf you’re struggling to locate items in the Registry Agreement, using Control or Command + Find in the PDF version of the document can be very helpful