ISOC wins .org contract
Complex handover begins
Afilias Ltd, the company that runs the .info internet domain, has embarked upon the trickiest migration project in the history of the domain name system, following yesterday's announcement that it is to take over the running of .org,writes Kevin Murphy
A proposal by the Internet Society, which names Afilias as its infrastructure provider, was yesterday selected by the Internet Corp for Assigned Names and Numbers, from 11 competing applications, to take over .org from VeriSign Inc on January 1, 2003.
But delays in deciding on VeriSign's successor have shortened an already pretty tight transition schedule, and ISOC/Afilias now face the challenge of making sure .org is handed over with no disruption to the domain name services of .org customers.
Rival applicants, including NeuStar Inc and Global Name Registry Ltd, questioned whether the ISOC team has the ability to execute a seamless transition, and offered their services if ICANN decides to change its mind.
"ICANN's stated first priority was stability... and the NeuStar proposal was ranked highest in terms of stability," said Ken Hansen, director of business development at NeuStar, which was a runner-up applicant.
"It's a very short period of time, only 60 days after contract signing is allotted for the transition," NeuStar's Hansen said. "This is a very challenging task, even when you don't have additional risks, trying to juggle all these balls at the same time."
But Afilias, while recognizing it has a tough job ahead of it, remains confident it is the best qualified to take over the running of .org while making sure internet users' email addresses still work and .org web sites are still accessible.
The major challenge in the transition entails transferring all .org registration data - the zone files - from VeriSign to Afilias, and to have the whole internet recognize Afilias's servers as the authoritative source for .org addresses.
In addition, more than 100 registrars have to make sure their registration systems are integrated with Afilias's back-end, so they and their customers can sell, delete and edit .org registration data with very little extra effort.
And millions of web sites and email addresses are relying on it all happening seamlessly at one minute past midnight, US Pacific Time, on January 1 2003.
"I want to keep the number of moving parts low," said Afilias CTO Ram Mohan, who is heading up the transition project. "We don't want to change the underlying platform. This is a high-risk process. My philosophy is 'keep it simple, stupid'."
Mohan said his chief priority is ensuring Afilias is recognized across the internet as the authoritative source for .org addresses on January 1. When an internet user types in a .org address, their ISP should know how to resolve that address.
This means the internet's DNS root servers have to point to Afilias's systems as a secondary authority for several days before VeriSign turns off its .org registry, to give the new data time to propagate throughout the internet.
"The main thing I'm worried about is securely transferring data from the VeriSign registry to our registry," said Mohan. "We have to make sure the zone file for .org records is published by us on January 1 and not VeriSign."
A secondary concern, but one that could cause equally serious problems, is having all ICANN-accredited registrars use Afilias's systems for .org registration data, so when a .org customer buys a new name, or wants to update name server information, the transaction is executed the same way it was when VeriSign ran the registry.
This is complicated by the fact that VeriSign's current infrastructure runs the legacy Registry-Registrar Protocol, RRP, for these transactions. Afilias's systems, built to run the year-old .info registry, use the more modern Extensible Provisioning Protocol, EPP.
Rather than ask over 100 registrars to upgrade to EPP, Afilias has developed gateway software that will sit at the edge of its infrastructure and convert RRP to EPP as it arrives from the registrars. The gateway is currently undergoing scalability testing to make sure it does not become the weak link in the chain.
Afilias has a record of handling unprecedented DNS projects, being the first company since VeriSign to launch a generic top-level domain, when .info went live last year. Unfortunately, the same record shows that the .info registry had scalability problems and had to be taken offline less than 24 hours after it went live, after seeing ten times more demand than anticipated.
Mohan said this makes Afilias, having learned from mistakes, even more qualified to take on .org, even though the namespace is more than twice as large as .info. In addition, Mohan said, .org traffic levels have been well documented by VeriSign, which will take much of the guesswork out of providing a registry that can scale according to demand.
VeriSign agreed to relinquish control of .org as part of a deal inked with ICANN last year in which previous agreements to spin off its registrar business and re-compete for the contract to run .com were scrapped. VerSign will give ISOC $5m to help it through the transition.
ISOC will set up a separate entity, to be called Public Internet Registry (PIR), to be the official .org registry. For every .org registration, PIR will get $2 per year to use to finance ISOC-style projects. Afilias will get another $4 per name per year for its infrastructure services. The .org registry currently has about 2.5 million names in it.
Afilias will shortly launch a web site, at www.orgtransition.info, for registrars or .org registrants that have questions or concerns about the handover.
Sponsored: 2016 Cyberthreat defense report