How to become a top-level domain registrar and how to provide domain name registration

Source: Internet
Author: User
Tags rfc domain name server domain name registration domain transfer go daddy icann asymmetric encryption

This is said domain name registrar is not a domain name distributor or agent, first say things happen background, in the second half of 2015 for a job, (this article may have a little verbose, do not like to ignore), the first day of work, completed the entry procedures, personnel mm with me and another just into the Ministry of the MM department to introduce, Around 10 o'clock in the morning sat to their desk, the computer Configuration i5+8g, boot into the desktop, the beginning of various shocking scenarios, desktop various Clutter file screen, open hard disk, C disk only less than 3G capacity, before and C disk unexpectedly have a variety of project files, yes, that is the kind of C disk as a solution directory scenario, According to unreliable intelligence, the predecessor of this computer is also just walk, think of this friend can make computer into this, is drunk, originally want to focus on the system, think oneself is just into the job, also do not understand the C disk of various "important" Project/code file also do not, finally just put desktop file centralized to D disk, and X60 security guard ( System originally installed) simple clean down, and then use the hard disk partition tool to add 50G to the C drive. ... After a lot of chores, see the hard disk of the c/d/e/f all the disks are scattered throughout the code files, find a change time for a recent project opened, ready to learn the next side of the development technology. Looked at a moment next to the brother (later confirmed to be one of the technical department's superiors called s) said you see these useless (it is not very useful basic is mvc+ado.net), but the first day think it is necessary to familiarize yourself with, and then continue to read some other documents. So again for a while, S sent me a Web site, said let me first understand, right is this URL (http://www.verisign.com), and only this one URL, no other material, I started this project: Domain name registration platform.

Go to the chase. Before that, let's say a few of the knowledge points used in the project.

A what is a domain name?

Domain name, which is the name of a computer or group of computers on the Internet consisting of a dotted list of names, used to identify the electronic orientation of the computer at the time of data transfer (sometimes referred to as geographical location, geographical domain name, a local area with administrative autonomy). A domain name is a "mask" on an IP address. A domain name is designed to facilitate the memory and communication of a group of server addresses (website, email, FTP, etc.). Domain name as a memorable Internet participants in their names, the world's first registered domain name is registered in January 1985, read more about Baidu Encyclopedia.

b How to become a domain name registrar

The Registrar is not the applicant through ICANN

Only the application root domain is. Through the ICANN-certified enterprises, the company needs the size, technical strength, service standards, market, capital status and other aspects of high standards. From the ICANN official website, the certification standards and difficulties of the companies that apply for certification 2010 years later are nearly one-fold more difficult than previous certifications. After the ICANN certification, we will also apply to VeriSign (the company entrusted by ICANN, responsible for. com/.net/.tv Domain name registration management business) and other management companies for the registration of the relevant domain name interface, once again the certification Enterprise audit. a very complex program.

C as a domain name registrar also needs to help customers resolve domain name resolution and provide WHOIS queries.

As mentioned above, after registering for the interface with ICANN ( for example, VeriSign ),VeriSign will provide some test environment accounts and information, only in the test environment, such as domain name query/domain name generation/domain name renewal/domain name transfer and other functions implemented , finally can after VeriSign test acceptance will enter the official account of the issuance process. In the principle of having a picture to be true. Here is a picture.

Versign's online customer service is usually 1-5 online, their Chinese customer service department is in Melbourne, Australia, and is only online after 10 o'clock in the morning. Their customer service is only possible if you want to modify sensitive information, such as IP whitelist modifications, by telephone (he will only call you on ICANN's phone) for a secure phrase confirmation. Here is some information.

Registrar products and Tools Http://www.verisign.com/zh_CN/channel-resources/domain-registry-products/epp-sdks/index.xhtml#chat

Online commissioning https://epptool-ctld.verisign-grs.com/epptool/

RFC 5730: Extended Provisioning Agreement Document http://tools.ietf.org/html/rfc5730

Because VeriSign only provides Java demo, Java is not familiar, have to use C # to write. Here are not a few things: a server with a separate IP, a VeriSign-supported certificate, and the connection process for their servers, see

Two-way authentication and asymmetric encryption are used here. The following are the types of certificates that their servers support, and certificates that are not listed below may be rejected by their servers.

Verisign supports SSL certificates from the Certificate authority (CA) providers Symantec, Thawte, GeoTrust, and GoDaddy. All issued certificates must chain up to one of the following supported root CAs certificates, grouped by provider:
Symantec
VeriSign Class 2 Public Primary certification AUTHORITY-G3
VeriSign Class 3 Public Primary certification AUTHORITY-G3
VeriSign Class 4 Public Primary Certification AUTHORITY-G3
VeriSign Trust Network
VeriSign Universal Root Certification Authority
VeriSign Class 3 Public Primary certification Authority-g5
Class 1 Public Primary certification Authority
VeriSign Class 1 Public Primary certification AUTHORITY-G3
Class 3 Public Primary Certification Authority
VeriSign Class 3 Public Primary certification Authority-g4
Symantec Class 1 Public Primary certification Authority-g6
Symantec Class 2 Public Primary certification Authority-g6
Thawte
Thawte Primary Root CA
Thawte Premium Server CA
Thawte Server CA
Thawte Primary Root Ca-g2
Thawte Primary Root Ca-g3
GeoTrust Primary Certification Authority-g2
GeoTrust
GeoTrust Universal CA
GeoTrust Primary Certification Authority
GeoTrust Universal CA 2
GeoTrust Global CA
GeoTrust Global CA 2
Equifax Secure Certificate Authority
GeoTrust Primary Certification Authority-g3
Godaddy
Starfield Secure Certification Authority
Go Daddy Root Certificate authority-g2
Starfield Secure Certification Authority
Valicert Class 2 Policy Validation Authority
Starfield Class 2 Certification Authority
Starfield Root Certificate Authority-g2
Starfield Services Root Certificate authority-g2
Go Daddy Class 2 Certification Authority
Starfield Services Root Certificate Authority

At that time in the acceptance test also spent a lot of energy, their acceptance documents are in English, here I sent their acceptance process, I hope to be a friend in the future to help

You need to complete all 27 instructions, then put the start time, the end time, and the time to start ot&e1 the first instruction, and ot&e2 the time of the last instruction to us.
The start and end times for the test below
The domain name used during the test
The EPP server transaction ID from the operation in Step # 1 below. The EPP
Session command for the OT&E1 account.
The EPP server transaction ID from the operation in Step # below. The
EPP Quit command for the OT&E2 account.
Extensible Provisioning Protocol
Registrar acceptance Criteria

1, Login account 1
2, use account 1 to query an available domain name
3, use account 1 to purchase a domain name of 2
4, create a child named server 1 using a named server to add a newly created domain command you ot&e1 account Login--Create a domain name server
5 Create child newly created domain name server 2 Use the Add namespace command to sign in with your OT&E1 account--then create a domain name server
6 Update domain connect sub-domain name server to newly created domain use the OT&E1 account to log on to the domain command--Add the two domain name servers to the domain name
7 update Domain Add domain clienthold customer status, clientupdateprohibited, clientdeleteprohibited clienttransferprohibited Internal
A command to log in with a OT&E1 account-add Clienthold to the domain name,
clientUpdateProhibited, clientdeleteprohibited, and clienttransferprohibited these kinds of states
8 Perform a message on the domain to verify the login with the OT&E1 account using the Status-full Update--Query the domain name with the info command
9 Update domain Delete domain clienthold customer status,
clientupdateprohibited, clientdeleteprohibited clienttransferprohibited
Login with Ot&e1 account-to remove Clienthold from the domain name,
clientUpdateProhibited, clientdeleteprohibited, and clienttransferprohibited these kinds of states
10 perform a message on the domain to verify that you are logged on with the OT&E1 account using Status-full update
11 Update your domain password with your ot&e1 account
12 Update child named server IP address 1 newly created domain using OT&E1 account Login--Modify the IP address of the name server 1
13 Send hello with account 1
14 Use account 1 to update the domain Name service LIFE + 2 years
15 Login to the second account
16 Use account 2 to query the full status of info
17 initiating a domain transfer request with account 2
18 using account 2 to initiate a domain transfer query
19 Approve domain transfer with account 1
20 Execute poll-request with account 1
21 Execute Poll-ack with account 1
22 initiating a domain transfer request with account 1
23 Transfer Query with account 2
24 transfer rejection with account 2
25 Use account 2 to synchronize the domain name, the date is 15th next month
26 Exit Account 1
27 Exit Account 2

Here's how we usually go to find out how whois information for a domain is coming from?

WHOIS protocol provided based on RFC 954
Http://www.rfc-base.org/txt/rfc-954.txt

Domain name queries are primarily based on the WHOIS protocol provided in RFC 954. In the above process,
We are actually visiting the WHOIS server at the InterNIC site,
The server queries what we need from the WHOIS database.
The WHOIS server is a "query/response" based TCP Transaction Server.
It runs on the Sri-nic machine (26.0.0.73 or 10.0.0.51), providing users with Internet-wide directory services.
A user program on the local host can access the server over the Internet, with three main steps in the process:
(1) Connect the Sri-nic service host on TCP service port 43 (decimal);
(2) send a command to the end of carriage return and line break (<CRLF>);
(3) Accept the return information of the corresponding command, once the output is finished, the server will close the connection.
The format of the command is very simple. You can enter the domain name directly

Use the socket to connect to the server provided by WHOIS. The default port for the WHOIS service is 43, and the query is to send the domain name over here.
The WHOIS server returns a plain text format after receiving your request

The first step is to query the end-level whois server.
The second step is based on the WHOIS server provided above, and then further detailed queries,
At this point the two results are combined to get the detailed information we want.

Top-level domain Whois server list Daquan
Http://www.liqwei.com/network/protocol/2014/916.shtml

The article below provides a simple WHOIS query server and a simple whois query client

Whoisserver

Finally, the domain name resolution, we are using a third-party hosting scheme, that is, the domain name registered on our platform we will point the DNS address to the third-party address, and then call their API to resolve the service, in order to avoid the suspicion of advertising, we do not disclose the use of third-party DNS service providers, Here are some of the holes encountered in accessing their API, and the other API only provides PHP samples with the following parameter signatures:

$apiKey= ' Your ApiKey ';$apiSecret= ' Your Apisecret ';//Parameters$parameters=Array(    ' ApiKey ' =$apiKey, ' domain ' = ' yourdomain.com ', ' timestamp ' = Time());//sort key namesKsort($parameters);$hashString= ' ';foreach($parameters  as $key=$value){    $hashString.= ($hashString? ' & ': ').$key. ' = '.$value;}$parameters[' hash '] =MD5($hashString.$apiSecret);?>

Then encountered in C # written MD5 encrypted signature and PHP generation mismatch and other issues, here posted on the Internet to find the available programs:

/// <summary>///Calculating parameter Signatures/// </summary>/// <param name= "params" >request parameter set, all parameters must have been converted to string type</param>/// <param name= "Secret" >Signature Key</param>/// <returns>Signature</returns> Public Static stringGetsignature (idictionary<string,string> Parameters,stringsecret) {    //The parameter is sorted in ascending order of the dictionary order of its parameter name firstidictionary<string,string> sortedparams =Newsorteddictionary<string,string>(parameters); IEnumerator<KeyValuePair<string,string>> iterator =Sortedparams.getenumerator (); //iterate through the sorted dictionary and stitch all parameters together in "Key=value" formatStringBuilder basestring =NewStringBuilder ();  while(iterator. MoveNext ()) {stringKey =iterator.        Current.key; stringValue =iterator.        Current.value; if(!string. IsNullOrEmpty (key) &&!string. IsNullOrEmpty (value)) {if(!string. IsNullOrEmpty (basestring. ToString ())) {basestring. Append ("&"); } basestring. Append (Key). Append ("=").        Append (value); }} basestring.    Append (secret); returnMD5 (basestring. ToString (),"Utf-8"). ToLower ();} Public Static stringMD5 (stringStrstringencodingstr) {    Try    {        byte[] HashValue = (NewMD5CryptoServiceProvider ()). ComputeHash (Encoding.GetEncoding (ENCODINGSTR).        GetBytes (str)); returnBitconverter.tostring (HashValue). Replace ("-","").    ToLower (); }    Catch    {        returnString.Empty; }}

Late at night, the first to write so much, after the expansion of space, there are brothers also do domain name registrar this piece can be more exchange, make bowls of glutinous rice balls, sleep ~

How to become a top-level domain registrar and how to provide a domain name registration

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.