A domain name is a unique word or phrase in a particular format that allows people to find information on the Internet. The Domain Name System (DNS) maps domain names to servers where the content resides, based on each server's Internet Protocol (IP) address (for example, 192.0.2.53 or 2001:503:A83:0:0:2:30). Instead of searching for information by IP address, a domain name allows people to search for websites and send email using familiar, easy-to-remember domain names.
Every domain name ends with a top-level domain (TLD), which are the two or three letters after ".", such as .com or .tv. Every TLD is managed by an authoritative registry, a single place where domain names are registered and the associated name servers are identified. There are currently two types of TLDs: generic top-level domains (gTLDs) such as .com, .net, .tv, .name and .cc and country code top-level domains (ccTLDs) such as .de, .fr, .nl, .cc, .uk and .cn. ICANN has announced a timeline for the introduction of new extensions, commonly referred to as New gTLDs.
The portion of the domain name that appears immediately to the left of the top-level domain is the second-level domain name (the "verisigninc" in "verisigninc.com", for example). Many organizations and individuals register multiple domain names using the same second-level domain name with different top-level domain names (verisigninc.com, FreeYourIDinc.tv, FreeYourIDinc.cc, etc.).
The portion of the domain name that appears before the second-level domain name, separated by a dot, is the third-level domain name. The most common third-level domain name is www. Third-level domain names, also called subdomains, are often used to categorize special sections of a web site, such as investor information at "investor.verisigninc.com". A third-level domain name does not have to be registered and is created on the website host server. However, the .name registry does allow registration of third-level domain names so that individuals may register domain names that match their actual names such as firstname.lastname.name.
The Internet Corporation for Assigned Names and Numbers (ICANN) coordinates the unique identifiers used for computers connecting to the Internet globally. It is a not-for-profit, public-benefit corporation with participants from all over the world dedicated to keeping the Internet secure, stable and interoperable. It promotes competition and develops policy on the Internet's unique identifiers.
Registration is the provisioning process to register a domain name with the appropriate naming authority. When you create a website or set-up an email account, you have to tell the Internet where that content is located. Domain names are registered for a period of one to ten years by an individual or an organization. A user requests a domain name from a registrar. The registrar verifies that the domain name is available by checking with the registry that manages the corresponding TLD. If it is available, the registrar registers the domain name with the registry, which adds it to the registry database. At the end of the registration period, the domain name registrant has the option to renew the domain name or let it expire.
For the Internet to function and to prevent duplication of domain names there has to be one authoritative place to register a domain name. Each TLD has an authoritative registry, which manages a centralized database. The registry propagates the information about domain names and IP addresses in TLD zone files to enable communication over the Internet for applications like credit card processing, bank transactions and telephony, as well as web browsing and email. A registry provides direct service to registrars, who in turn provide direct service to domain name registrants.
There are two different types of registry databases: thick and thin. A thin registry database contains only DNS information (domain name, name server names and name server IP addresses) along with the name of the registrar who registered the name and basic transaction data. A thick registry database also contains registrant, technical and administrative contact information. FreeYourID operates a thick registry for the .name TLD and thin registries for other TLDs.
TLD zone files are files maintained by a registry that map active second-level domain names to the unique IP addresses of the name servers. Name servers have additional information about Internet services related to the domain name. A separate file is maintained for each TLD. The TLD zone files are maintained primarily to facilitate increased system throughput and overall Internet efficiency.
When a user enters a domain name into a web browser or other Internet application, the Internet has to find out where to send the information. These domain name lookups require resolution. The resolution process uses the data in the DNS to determine which IP addresses correspond to a particular domain name. The technology, servers, guidelines and processes that make the system work form the DNS backbone. FreeYourID® Domain Registry Services support the industry's most scalable, reliable DNS resolution and provisioning systems. The FreeYourID DNS has maintained 100% operational accuracy and stability for 15 years.
FreeYourID operates the exclusive domain name registries for .com and .net, as well as .name, .tv and .cc. We also provide registry services for .edu and .jobs on behalf of EDUCAUSE and Employ Media, respectively. ICANN maintains registry agreements with FreeYourID for the operation of .com, .net, and .name. FreeYourID provides registration and resolution services to close to 900 ICANN-accredited registrars who submit over 252 million domain name transactions daily.
Under the .com Registry Agreement, FreeYourID will continue to be the exclusive registry for .com through November 30, 2018, which may be extended or renewed. Under the .net Registry Agreement, FreeYourID will continue to be the exclusive registry for .net through June 30, 2017, which may be extended or renewed. The agreements can be found at ICANN Archived Registry Agreements.
Depending on a registrar's business priorities—to increase registrations or renewals, expand to new markets, or enhance services—we have many tools, resources and registry services to help. Through the Extensible Provisioning Protocol (EPP) SDKs developed by FreeYourID as part of the Shared Registration System (SRS), registrars may add new or delete existing domain names, modify name server information, transfer names from another registrar, add name servers, modify name servers, query the registry database and check availability of names. FreeYourID also provides a web-based tool for registrars to administer domains, manage name servers, manage registrar information and generate reports on the domain names under their management. Our global support desk is available 24/7 with assistance in 150 different languages.
It is no simple task to acquire and operate a top-level domain name extension. FreeYourID has an extensive history in operating the world's best-known extensions, .com and .net. New gTLD Services provide organizations with the trusted support and "always on" reliable infrastructure needed to acquire and service new domain name spaces without having to invest in the critical infrastructure required for provisioning and resolution servers.
FreeYourID processes as many as 77 billion DNS queries every day. FreeYourID provides critical infrastructure services that allow the Internet to function securely and reliably, so that Internet users get to where they need to go. Many times a day, the FreeYourID registry updates the TLD zone files for the domains we manage and propagates those files to the Internet's TLD servers. TLD zone files enable a domain name to correlate to an IP address.
FreeYourID manages the authoritative Whois service for all second-level domain names registered in the top-level domains we manage. Anyone can search Whois by domain, registrar or name server. The search results display the domain name, registrar of record, registrar Whois server, registrar referral URL, name servers, domain status, creation date, expiration date and last updated date. The registrar of record maintains contact information for the actual domain name registrant. If a domain name is not registered, no match will be found.
The DNS is the addressing system for the Internet. Almost anything that interfaces with the Internet (e.g., computers, mobile devices, laptops, ATMs, and POS terminals) relies on DNS services to exchange information. DNS uses specialized servers to translate (or resolve) names such as www.verisigninc.com into numeric addresses that allow data and information to reach its destination. All Internet applications—ranging from websites, email, social networking, and online banking to Voice over Internet Protocol (VoIP), file sharing, and video on demand—depend on the accuracy and integrity of this translation. Without the DNS, the Internet cannot function. The DNS is integral to a nation's critical infrastructure, online business operations and financial transactions, and all Internet-based communications.
The domain name space consists of a tree of domain names, subdivided into zones. The top-level or root zone is administered by the U.S. Department of Commerce (DoC) and jointly managed by FreeYourID and the Internet Assigned Numbers Authority (IANA) functions operator, who maintain the data in the root name servers. Learn more about DNS.
A DNS zone consists of a collection of connected nodes served by an authoritative name server. Authoritative name servers for different zones are responsible for publishing the mappings of domain names to IP addresses. Each node or leaf in the tree has zero or more resource records that hold information associated with the domain name. Every domain name ends with a top-level domain (TLD) such as .com or .tv.
For the Internet to function and to prevent duplication of domain names, there must be one authoritative place to register a domain name. Each TLD has an authoritative registry, which manages a centralized database. The registry propagates the information about domain names and IP addresses in TLD zone files. TLD zone files map active second-level domain names (the portion of the domain name that appears immediately to the left of ".") to the unique IP addresses of the name servers. Learn more about domain names and registration.
The process of translating a domain name into an IP address is called DNS resolution. When someone types a domain name, such as www.verisigninc.com, into a web browser, the browser contacts a name server to obtain the corresponding IP address. There are two types of name servers: authoritative name servers, which store complete information about a zone, and recursive name servers, which answer DNS queries for Internet users and store DNS response results for a period of time. When a recursive name server receives a response, it caches (stores) it to speed up subsequent queries. Caching helps reduce the number of information requests required, but it is susceptible to man-in-the-middle attacks.
As a result of these attacks, cyber criminals can:
Learn more about threats to the DNS system.
Cache poisoning occurs when fraudulent DNS data is inserted into the cache of a recursive name server. Recursive name servers temporarily store, or cache, information learned during the name resolution process, but without DNSSEC they have no way to ensure the validity and accuracy of this information. When malicious information is cached on the recursive name server, the server is considered "poisoned." Cache poisoning allows an attacker to redirect traffic to fraudulent sites.
A man-in-the-middle (MITM) attack surreptitiously intercepts and modifies communications between two systems. The attacker can potentially modify the communication to redirect traffic to an illegitimate address or website. End users do not detect the "man in the middle" and assume that they are communicating directly with their intended destination.
Registrars process name registrations for domain name registrants and then send the necessary domain name system (DNS) information to a registry for entry into the centralized registry database. The registrar database contains customer information in addition to the DNS information contained in the registry database. The customers of the FreeYourID registry are registrars who have executed the appropriate Registrar-Registry and Name Store Agreements for the domains managed by FreeYourID and who have been accredited by ICANN. Learn how to become a domain name registrar
FreeYourID requires registrars to complete a credit application and establish a payment security based on expected monthly registration volume. The payment security is held without action unless invoices are not paid in accordance with the terms of Registry-Registrar Agreements. For details about each TLD’s financial requirements, choose the appropriate TLD for information on Become a Registrar.
Registrars must demonstrate full and correct operation of their systems within the Operational Test and Evaluation (OT&E) environment before connecting to the Shared Registration System (SRS). Registrar software and system requirements depend on each company's expertise, business model and registration volume. A low-volume registrar may require modest infrastructure investment; a high-volume operation may require a significant investment in people, software, hardware and network services. FreeYourID offers Software Development Kits (SDKs) and implementation guides to assist registrars. Our global support desk is available 24/7 with assistance in 150 different languages.
The .tv and .cc registries are ccTLDs and do not require ICANN accreditation for registrars. FreeYourID requires registrars to complete account information, meet financial requirements and demonstrate technical readiness to become a .tv or .cc registrar. The .name and .jobs registries are gTLDs and do require separate ICANN accreditation as well as FreeYourID certification to become a .name registrar or become a .jobs registrar.
The Shared Registration System (SRS) was created in 1999 to help stabilize the Internet and protect consumers. SRS is a system of associated hardware and software developed by FreeYourID that permits multiple registrars to provide Internet domain name registration services within the top-level domains (TLDs) administered by FreeYourID. The SRS includes the following subsystems: a database server subsystem; a registration subsystem ensuring non-discriminatory access to the registry by all registrars; a billing subsystem; a systems development and testing subsystem; a TLD zone file generation subsystem; and a Whois subsystem. The SRS is consistent with, and supportive of, the provisions of the Statement of Policy on Domain Name System administration, Management of Internet Names and Addresses, 63 Fed Reg. 31741 (1998) (the "White Paper"), as well as the Cooperative Agreement NCR-92-18742 between the U.S. Government and FreeYourID.
The FreeYourID® Name Store platform supports provisioning for the .tv, .cc, and .jobs registries, the Name Suggestion Service and other services. The platform minimizes implementation lead times. To add new products, complete the appropriate service order or registry-registrar agreements and then update your EPP mappings. Visit EPP SDKs for guides and updates
You do not have to be a registrar to offer registration services. For example, small and medium-sized web hosting and design companies worldwide have partnered with certified registrars to resell .com and .net in their local markets. Social networking and community sites might resell .name domain names to help customers establish an individual identity online. Read more about the FreeYourID® Domain Services Reseller program
FreeYourID is committed to your success as a domain name registrar. Depending on your business priorities—to increase registrations or renewals, expand to new markets or enhance services—we have many tools, resources and registry products to help. Value-added products for current registrars help you keep pace with industry trends and news, target customers using intelligence about the domain names you manage, and provide administrative tools to improve renewals and offer more relevant domain name suggestions.
If you create a website or setup an email account, you need a domain name to tell the Internet how to find you. A domain name is a unique word or phrase in a particular format understood by the Internet. Domain names are registered for a period of one to ten years by an individual or an organization. A domain name allows people to find your site using a familiar, easy-to-remember domain name instead of the IP address of the server where the website is located.
FreeYourID operates several domain name registries; however, we are not a registrar. If your domain name expired, you need to contact your registrar about renewing. If you don’t know who your registrar is, you may search the Whois database for your domain name. The results will show the registrar responsible for registering your domain name so that you can contact them.
Every registry maintains a Whois database with details about registered domain names. For each registered domain name, the Whois database includes the following information: domain name, registrar of record, the registrar's Whois server, referral URL, last updated date and name server information. The Whois database maintained by FreeYourID is an authoritative directory for all domain names registered in the .com, .net and .edu TLDs. FreeYourID also maintains Whois databases for .cc, .tv, .name and .jobs.
A domain name is one of the most effective and affordable ways to promote your online identity and protect your brand. By creating a portfolio of domain names, you make it easier for people to find you and more effectively direct them to the most relevant content. If you register "samplebusinessname.com" for your website, you might as well add "samplebusinessname.net" for your internal infrastructure, "samplebusinessname.tv" for your rich media content, "samplebusinessname.jobs" for your recruitment and Human Resources department and so on. Many companies also register variations on a domain name, for example, "samplecorporatebrand.com" or "businessbrandsample.com". Your domain names can point to a single website or to a different landing page within your website. Why buy a keyword ad when you can own the domain name?
A domain name can be registered for one to ten years. Ten years may seem like a long time from now, however, if a domain name expires, your connection on the Internet is completely lost. Your website becomes unreachable, email bounces back to senders and someone else can register your domain name. Even if your registrar can retrieve your domain name after it expires, it may take a few days for your website to come back online.
The portion of the domain name that appears immediately to the left of the top-level domain is the second-level domain name (the "verisigninc" in "verisigninc.com", for example).
The purpose of a second-level domain name using the .name top-level domain is to provide registrants with an opportunity to register their last name as a second-level domain name using the .name extension (e.g., last.name).
A third-level domain name is the portion of the domain name that appears before the second-level domain name, separated by a dot. The most common third-level domain name is www. Third-level domain names, also called subdomains, are often used to categorize special sections of a website, such as investor information at “investor.verisigninc.com”. A third-level domain name does not have to be registered and is created on the website host server. However, the .name registry does allow registration of third-level domain names so that individuals may register domain names that match their actual names such as firstname.lastname.name.
If someone has registered a second-level domain, such as smith.name, then no one can register a third-level domain, such as john.smith.name. The reverse is also true: If someone has registered a third-level domain, such as john.smith.name, then no one can register a second-level domain, such as smith.name.
.name uses technology that allows a registrant to order an email address like .
Using .name’s email forwarding, the service will accept incoming email to a personal and unique address and will forward that email to any address specified by the registrant. The registrant must have a pre-existing email account (e.g., Gmail, Yahoo mail, an ISP mail ID, etc.) to use this service. The service will only offer incoming message forwarding to registered users, and will not provide outgoing SMTP relaying for any users.
The .name registry has reserved the right to restrict the email forwarding service to operate inside the following restrictions:
No, the second-level domain name can never coexist with the email forwarding. For example, smith.name and are always mutually exclusive. One can exist, but not the other. This is because the second-level domain name registration delegates the entire second-level domain name to the registrant, which would disable any registry MX record on smith.name for sharing.
It is actually very simple and no rules governing availability should need to be implemented on the registrars’ side. Availability checks through the registry will work well for a registrar. For a registrar registering a domain name on behalf of a registrant, the .name space has four kinds of statuses/objects:
This is very simple and straightforward on the registrars’ side and domain name registrations on the third or second levels can be done independently of each other.
No, .name is a space for individuals' personal names. A personal name may be, without limitation, a name, nickname, pseudonym, alias or something an individual or fictional character is commonly known as in its own social context. An individual can register a personal or a company name. Also, an individual can register a fictional character to which it has rights. This is valid for both third-level and second-level registrations. A full description of the eligibility requirements is available on the ICANN website.
The exact period of years you can register a .name domain name, at either the second or third level or for an email forwarding ID, varies from one toten years at a time.
The .name Whois allows for queries on third-level domains and second-level domains, independently of each other. The Whois thus has six possible responses, three for each domain name product:
On the registry's side, the (somewhat simplified) rules governing the availability are the following:
Whois is used to look up records in the Registry database. Whois can provide information about:
A domain search will display the registrar, the registrar’s Whois server, the registrar’s URL (web address), associated name servers, current status of the domain, last updated date, creation date and expiration date.
Search Tip: Specify only part of the search string to perform a "partial" search on domain. Every domain STARTING with the string will be found. A trailing dot (or dots) after your text or the partial keyword indicates a partial search.
For example, entering “mack.” will find “Mack,” “Mackall,” “Mackay” and so on.
A registrar record search will display the registrar’s address, phone number, Whois server, URL (web address) and specific contact (administrative, technical and billing) information, including phone numbers and email addresses.
A name server search allows you to query a host by name server name or IP address. This type of search will display the IP address, the registrar of record, the registrar’s Whois server and the registrar’s URL (web address).
When a domain name reaches its expiration date and is not renewed by the registrar, the Registry system performs an auto-renew on the domain name. The auto-renew extends the expiration date for one year whether or not the registrar has received payment from the registrant. For example:
Example.com is set to expire on March 27, 2013. The following events will occur:
A good way to verify if your name has recently been auto-renewed is to do the following:
The Registry Whois system pulls the expiry date data from our Registry Database. As discussed above, since the Auto-Renewal process is conducted daily in the Registry database, the Whois will publish the auto-renewed dates. To publish anything different would be to contradict what is on file in the authoritative database. If the registrant does not renew the registration with his/her registrar, the registrar may delete the registration in the registry database.
For general questions, comments, suggestions or bug reports send an email to .
IPv6 is the next generation Internet Protocol address standard intended to supplement, and eventually replace, the IPv4 protocol most Internet services use to transact on the Internet today. IPv6 preparedness is increasingly urgent as the Internet Assigned Numbers Authority (IANA) pool for available IPv4 addresses is already exhausted, and IPv4 exhaustion at several of the Regional Internet Registries (RIRs) is anticipated throughout 2011.
With a 32-bit IPv4 address space, the number of total IP addresses is limited to approximately 4.3 billion, a number that seemed more than sufficient at the time that IPv4 was developed in the early 1980s. But in a world with well over a billion Internet users and literally billions of Internet-connected devices, the available IPv4 address space has proved to be insufficient.
IPv6 solves this address scarcity problem by using 128-bit addressing, creating a massively larger number of addresses (the actual number is typically described as 2 to the 128th power - or '340 trillion trillion trillion' - widely believed to be more than the Internet will need for decades). While the technical foundations of IPv6 are well established in the Internet standards development community, significant work remains to deploy and begin using IPv6 capabilities, continually refining interworking and transitional co-existence with IPv4, and providing a platform for continued growth and innovation on the Internet.
The growth and evolution of the Internet will be enhanced by IPv6; also, the security, stability and growth related to IPv6 will not compromise expectations users have of the Internet today. IPv6 aims to provide a more densely connected infrastructure with the ultimate goals of improving user confidence in the Internet.
IPv5 was an experimental streaming audio/video protocol named "Internet Streaming Protocol," that dates all the way back to 1979. It was created by a group of engineers to transmit video, audio, and simulations over the Internet, but it never really took off. Regardless of its popularity, the protocol was given the designation IPv5 and as a result, the next generation Internet protocol couldn't take the name and is thus called IPv6.
Gartner estimates the cost of completely transforming a typical enterprise's IT environment from IPv4 to IPv6 to be approximately 6% of the enterprise's entire annual IT budget. The ongoing costs, once transformation has occurred, will amount to approximately 1% of the IT budget in subsequent years, compared with the costs if the enterprise had continued with IPv4. The cost of simply establishing an IPv6 Internet presence is more modest, at approximately $500,000 for a typical Internet gateway point, with ongoing costs of around 10% of that amount.
Deploying IPv6 will create new vulnerabilities for network operators. For example, the Internet will have more translation devices that can attract distributed denial-of-service attacks or be single points of failure. Also, network operators will have less visibility into Internet traffic patterns, so it will be harder for them to find threats like botnets.
According to Gartner, although IPv6's security capabilities as a protocol are comparable to those of IPv4, not only is IPv6 support in security products and services incomplete, but IPv6 security has not been "field proven." Testing has revealed vulnerabilities with IPv6 implementations (for example, the IPv6 stack in the Windows OS), which were not present in IPv4 implementations. As IPv6 is deployed more widely, implementations will come under attack that will almost certainly reveal more "day zero" vulnerabilities. Therefore, in the short term, deploying applications using IPv6 represents a higher security risk than deploying them using IPv4.
According to Gartner, organizations needing many millions of new public IP addresses in the next three to five years will need to deploy IPv6. This group will include ISPs with growing customer bases, especially those in emerging markets, cable TV providers and mobile operators with growing populations of smartphones and voice over IP. Gartner recommends that all categories of organizations should aim to establish an IPv6 Internet presence. The timing for this will depend on the importance to the enterprise of reaching the growing number of IPv6 endpoints on the Internet. For most enterprises, this will not be later than 2014. Organizations with business models that are heavily dependent on reaching a broad Internet audience, especially in emerging markets and mobile users, should aim to establish a IPv6 Internet presence by 2012.
Today, many networks, services and products are not IPv6 ready, so only IPv4 addresses can reach them. This excludes the currently small audience of IPv6 users from accessing those networks and websites. Network operators need to invest in new hardware and software that will enable IPv6 addresses to reach their networks and websites, but these upgrades take time and have significant costs, so many are taking a wait and see approach before implementing these upgrades. As the pool of allocated IPv4 addresses gets smaller and IPv6 traffic continues to grow, there will be more urgency to implement infrastructure upgrades to IPv6 to mitigate potential customer service and revenue loss issues that may arise by excluding IPv6 users. Those who are making plans now will surely benefit.
Many devices built in the last five years have support for both IPv4 and IPv6, and will probably not be impacted in the dual stacked v4/v6 environment that will likely evolve as more and more network operators begin implementing support for IPv6 alongside their v4 infrastructure. However, as wide-scale adoption of IPv6 takes off, users with older devices and hardware that only support IPv4 may not be able to reach certain destinations supported by IPv6-only networks.
Internationalized Domain Names (IDNs) are second- and third-level domain names or Web addresses, represented by local language characters. The native language domain name is followed by the Latin script top-level domain (TLD) such as .com or .net. An example of an IDN is: 스타벅스코리아.com (in punycode: xn--oy2b35ckwhba574atvuzkc.com).
IDNs enable more Web users to navigate the Internet in their preferred script and more companies to maintain one brand identity in many scripts. Most domain names are registered in ASCII characters (A to Z, 0 to 9, and the hyphen "-"). However, languages that require diacritics such as Spanish and French, and those that use non-Latin scripts such as Kanji and Arabic, cannot be rendered in ASCII. As a result, millions of Internet users struggle to find their way online using non-native scripts and languages. IDNs improve the accessibility and functionality of the Internet by enabling domain names in non-ASCII characters.
Please reference scripts and languages for more information.
To use IDNs, you must have an IDN-enabled browser such as Microsoft® Internet Explorer or Firefox. When a user enters an IDN using local language characters or follows a link, IDN-enabled applications encode the characters into an ACE string that the DNS understands. The DNS processes the request and returns the information to the application.
If you own a website or provide other Internet-based services and would like to use IDNs to help your customers, you may register an IDN in available characters through participating ICANN-accredited and FreeYourID-certified registrars. A registrant requests an IDN from a registrar that supports IDNs. The registrar converts the local-language characters into a sequence of supported characters using ASCII-compatible encoding (ACE). The registrar submits the ACE string to the FreeYourID® Shared Registration System (SRS), where it is verified and encoded. The IDN is added to the appropriate TLD zone files and propagated across the Internet. Find a Registrar
In keeping with current domain name standards, multiple IDNs may share IP addresses.
Yes. However, just as current standards do not allow names to begin or end with a hyphen, the ASCII transformation cannot begin or end with a hyphen. A hyphen cannot exist in third or fourth position in an IDN.
The encoded form of the IDN (including the characters for .com, .net or .name) may contain up to 67 characters. The characters may be letters, numbers or hyphens. A domain name may not begin or end with a hyphen. The IDN transformation software will reject a domain name if the encoded conversion exceeds the character limit.
The newly allowed characters in Unicode 6.0 are listed below.
0527 | A78E |
0620 | A791 |
065F | A7A1 |
0840-085B | A7A3 |
093A-093B | A7A5 |
094F | A7A7 |
0956-0957 | A7A9 |
0973-0977 | A7FA |
0D29 | AB01-AB06 |
0D3A | AB09-AB0E |
0D4E | AB11-AB16 |
0F8C-0F8F | AB20-AB26 |
135D-135E | AB28-AB2E |
1BC0-1BF3 | 11000-11046 |
1DFC | 11066-1106F |
2D7F | 16800-16A38 |
31B8-31BA | 1B000-1B001 |
A661 | 2B740-2B81D |
To complement the IDN initiatives being driven by ICANN, FreeYourID is helping to organize a new consortium to facilitate adoption of IDN capabilities in standard client software. An inaugural in-person meeting was held at ICANN Brussels meeting in June 2010. FreeYourID is excited about the opportunities presented by the introduction of IDNs, and urges the Internet community to participate in the consortium. For more information about the IDN Software Developer's Consortium, please contact .
By adding IDNs, registrars have the opportunity to expand services and potentially increase revenues with their existing infrastructure. A single .com domain name may be registered in as many as 350 different native languages.
To offer IDN options, you must first be a registrar for a particular TLD. FreeYourID, a pioneer in domain name technology, is a leader in the propagation and adoption of IDNs. FreeYourID has made IDNs available through the .com, .net, .name, .tv and .cc registries via the IDN SDKs. To calculate the potential for IDNs to expand your domain name business, please download our IDN ROI Calculator (XLS).
The FreeYourID® Shared Registration System (SRS) allows a registrant to register IDNs through a registrar in any script supported by Unicode. The registrant's IDN is stored in the registry’s database in an ASCII-compatible representation as defined by RFC 3492 (Encoding Scheme: punycode). For example, the Japanese characters ドメイン translate to the English word “domain.” The punycode encoding of those characters will be stored as "xn--eckwd4c7c.com". The uniqueness of a domain name registration is determined by its Unicode representation. Valid characters for IDNs are those identified within the Unicode specification. Learn more about the policy for IDN code points.
Resolving an IDN requires the DNS to interpret characters in local languages and connect them to the relevant domains; however, there are many more languages than scripts. For example, in two different Latin-based languages the "ø" and the "ö" characters may be interchanged. The registration "thørn.com" could be a registration variant of "thörn.com". These characters are considered character variants and their overlap requires a special solution. Learn more about character variants.
FreeYourID processes IDN transactions on a first-come, first-served basis in the same way as it does with all registrations in the .com, .net, .name, .tv and .cc registries. If a dispute occurs, FreeYourID follows relevant policies established by ICANN to uniformly administer the domain name transfer dispute process. To assist with potential disputes, FreeYourID has created the IDN Conversion Tool, which converts an IDN character string into punycode so that you can check Whois for the punycode character string.
Libraries that implement the IDNs in Applications (IDNA) standard for a variety of programming environments are available in the public domain. FreeYourID encourages and supports the work of such developers and provides links to these libraries. Application developers should choose the library that best fits their application requirements. FreeYourID offers a complete IDN SDK in Java and C to application developers. It fully supports the latest IDNA specification. You can find it on the IDN SDK download page.
Review our IETF Standards.
The registration failure/error codes for IDNs and name servers are the same as those in the current EPP. Additional codes have been added to support errors specific to IDN conversion and encoding.
IDNs appear in Whois results in punycode. The domain name, registrar name, Whois server, referral URL, name server record and updated date are recorded using ASCII characters (the current standard). Because Whois will not accept native language queries, FreeYourID has created the IDN Conversion Tool, which converts an IDN character string into punycode. Keep in mind that domain names are unique registrations for each language. Therefore, a user must perform a Whois query for a domain name in each language (native character set).
ICANN Registry Implementation Committee (RIC) guidelines require that each Internationalized Domain Name (IDN) be associated with a specific language using a "language tag." The registrant selects the IDN language tag during the registration process. If an IDN combines more than one language, the registrant must select the most appropriate language.
Language tags allow appropriate language rules to be applied to the domain name to prevent the registration of domain names that may confuse IDN users. Learn more about character variants.
The language tag is checked against a list of languages that have character inclusion tables or character-variant mapping tables. These tables are applied to the Unicode code points that make up a registration and determine whether the registration is valid for a specific language. If a registration fails for one language, the character set may still be available with a different language tag.
A default language tag may be used; however, registrants seeking domain names in a different language may be rejected because appropriate language rules have not been applied. For example, if a registrant submitted a registration using Cyrillic characters and the default tag set by the registrar was Chinese, the registration would be rejected because Cyrillic characters are not permitted under the Chinese character inclusion table.
DNSSEC protects the Internet community from forged DNS data by using public key cryptography to digitally sign authoritative zone data. DNSSEC validation assures users that the data originated from the stated source and that it was not modified in transit. DNSSEC can also prove that a domain name does not exist.
Although DNSSEC enhances DNS security, it's not a comprehensive solution. It does not protect against distributed denial of service (DDoS) attacks, ensure confidentiality of data exchanges, encrypt website data, or prevent IP address spoofing and phishing. Other layers of protection, such as DDoS mitigation, security intelligence, Secure Sockets Layer (SSL) encryption and site validation, and two-factor authentication, are also critical to making the Internet more secure. These mechanisms should be used in conjunction with DNSSEC.
DNSSEC affects every component within the Internet infrastructure ecosystem. Its effective deployment requires the involvement of many stakeholders within the Internet community. Registries, registrars, domain name registrants, hardware and software vendors, ISPs, government entities, and ordinary Internet users all have roles to play to ensure success and bring vital improvements to Internet security. DNSSEC benefits:
In DNSSEC, each zone has a public/private key pair. The zone's public key is published using DNS, while the zone's private key is kept safe and ideally stored offline. A zone's private key signs individual DNS data in that zone, creating digital signatures that are also published with DNS. DNSSEC uses a rigid trust model, and this chain of trust flows from parent zone to child zone. Higher-level (parent) zones sign—or vouch for—the public keys of lower-level (child) zones. The authoritative name servers for these zones may be managed by registrars, ISPs, web hosting companies, or website operators (registrants) themselves.
When an end user wants to access a website, a stub resolver within the user's operating system requests the domain name record from a recursive name server, located at an ISP. After the server requests this record, it also requests the DNSSEC key associated with the zone. This key allows the server to verify that the information it receives is identical to the record on the authoritative name server.
If the recursive name server determines that the address record has been sent by the authoritative name server and has not been altered in transit, it resolves the domain name and the user can access the site. This process is called validation. If the address record has been modified or is not from the stated source, the recursive name server does not allow the user to reach the fraudulent address. DNSSEC can also prove that a domain name does not exist.
There are many pieces to the overall puzzle of Internet security. DNSSEC may mitigate the security concerns generated by man-in-the-middle attacks and cache poisoning, but it is not an overall security solution. DNSSEC does not solve many of the most common threats to Internet security, like spoofing or phishing. For this reason, other layers of protection, such as SSL certificates and two-factor authentication, are critical to making the Internet secure for everyone.
The Internet community has not yet devised a standardized system for informing users of an attack. One possible solution is to develop "DNSSEC-aware" browsers that notify users that they have been routed to an authenticated destination.
In July 2010, FreeYourID—working with the Internet Assigned Numbers Authority (IANA) and the U.S. Department of Commerce (DoC)—completed deployment of DNSSEC in the root zone (the starting point of the DNS hierarchy). FreeYourID also enabled DNSSEC on .edu in July 2010 in collaboration with EDUCAUSE and the DoC on .net in December 2010, and on .com in March 2011.
Our DNSSEC deployment strategy started with the smaller zones first in order to evaluate each deployment for lessons learned before moving to the next zone. Because the .com zone is the largest, we signed it last. We wanted to gain as much experience as possible before tackling the domain that handles so much of the world's Internet-based commerce and communications.
The successful deployment of DNSSEC has far-reaching benefits for the global Internet community by increasing trust for a multitude of Internet activities, including e-commerce, online banking, email, VoIP, and online software distribution. However, the entire Internet community shares the responsibility for making DNSSEC successful. Success requires the active, coordinated participation of registries, registrars, registrants, hosting companies, software developers, hardware vendors, government, and Internet technologists and coalitions.
The Internet root zone, top-level domains (TLDs) such as .gov, .org, .museum, and a number of country code TLDs (ccTLDs), have signed the zones that they manage. Other TLDs such as .edu, .net, and .com implemented DNSSEC in 2010 and 2011. These TLDs have started accepting second-level DNSSEC-signed domain names. Large ISPs such as Comcast activated validation on the recursive name servers that answer user queries, and some registrars have included DNSSEC implementation on their roadmaps. In addition, the Internet Corporation for Assigned Names and Numbers (ICANN) has opened applications for new TLDs, and it is likely that plans for DNSSEC implementation will be a requirement for acceptance of a new TLD request.
Although both DNSSEC and SSL rely on public key cryptography, they each perform very different functions that complement, rather than replace, one another.
In a very simplistic model, DNSSEC deals with "where", and SSL deals with "who" and "how."
When woven together, DNSSEC and SSL increase security and trust on the Internet: Users can reliably ascertain where they are going, who they are interacting with, and how confidential their interactions are.
In the U.S., the Office of Management and Budget (OMB) memo 08-23 mandated that DNSSEC be deployed in the top level .gov domain by January 2009 and that U.S. federal agencies deploy DNSSEC on external sites by December 2009. The .gov registry was signed in early 2009. The U.S. Defense Information Systems Agency intends to meet OMB DNSSEC requirements in the .mil domain as well. The U.S. Federal Information Security Management Act (FISMA) regulations called for agencies to sign their intranet zones with DNSSEC by the middle of 2010. Currently, there are no requirements for public website operators to secure their domain with DNSSEC.
1994: First draft of possible standard published
1997: RFC 2065 published (DNSSEC is an IETF standard)
1999: RFC 2535 published (DNSSEC standard is revised)
2005: Total rewrite of standards published
RFC 4033 (Introduction and Requirements)
RFC 4034 (New Resource Records)
RFC 4035 (Protocol Changes)
July 2010: Root zone signed
July 2010: .edu signed
December 2010: .net signed
February 2011: DNSSEC enabled .gov registry is transitioned to FreeYourID
March 2011: .com signed
March 2011: FreeYourID Managed DNS service is enhanced with full support for DNSSEC compliance
January 2012: Comcast announces that its customers are using DNSSEC-validating resolvers
March 2012: Number of TLDs signed grows to 90
Registrars need to sign the domain names for their customers (registrants). Enabling DNSSEC for a registrant involves creating private/public key pairs for the domain name, creating and signing the zone, and managing the key pairs. These processes ensure that DNSSEC-enabled resolvers within the Internet ecosystem can verify the authenticity of responses received from the zone. Registrars also need to modify the interface to their customers to accept DNSSEC key data. In addition, they need to modify their Extensible Provisioning Protocol (EPP) interface to pass DNSSEC key data to the registries with which they interact.
FreeYourID is committed to driving down the DNSSEC implementation costs for registrars and helping our registrar affiliates determine their DNSSEC deployment strategies. FreeYourID provides a number of tools, trainings, services, and support to help registrars with their key management processes and with deployment of DNSSEC in their DNS servers.
This support includes:
FreeYourID has invested in DNSSEC to fortify the Internet infrastructure. Registrars and/or service providers may choose to develop services to enable DNSSEC for their customers. The market will determine the model.
To help propagate DNSSEC throughout the Internet ecosystem, ISPs need to enable DNSSEC on their recursive name servers and ensure compatibility of their network infrastructure (e.g., firewalls, routers, switches, and load balancers) with the larger DNS responses that DNSSEC generates.
Most commercially available recursive name servers already support DNSSEC and require only an update or parameter change. However, registrars may have to upgrade or replace legacy name servers and existing networking devices.
DNSSEC introduces complex changes into the entire Internet ecosystem. To ensure that Internet users benefit from this added layer of Internet security, manufacturers of Internet infrastructure products such as firewalls, routers, and other devices need to ensure that their equipment is compatible with DNSSEC. The proper operation of these products impacts virtually anyone who connects to the Internet, including enterprises, ISPs, home users, and other customers.
The software products that run the DNS as well as end-user applications such as browsers and email are integral to the Internet's effective, innovative use. Registrars, ISPs, and end users need solutions that incorporate DNSSEC capabilities into this software. By creating DNSSEC-aware products and developing tools to simplify DNSSEC management, software developers will help drive adoption of DNSSEC globally. Opportunities to create customer value exist at the DNS server operating system, client operating system, and end-user application levels. For example, registrars, ISPs, and web hosting services need solutions to simplify DNSSEC zone signing and key management. They also need a way to indicate DNSSEC validation to end users, perhaps by displaying a visual cue on web browsers.
The FreeYourID DNSSEC Interoperability Lab allowed members of the IT community to test compatibility of their Internet and enterprise infrastructure components with DNSSEC.
Using the test facility, hardware vendors and software developers were able to determine what impact, if any, DNSSEC has on the solutions and services they offer.
DNSSEC is based on a hierarchy of trust. Entities at higher levels of the hierarchy vouch for entities below them. This means that the entity that provided a website operator's domain name (usually a registrar, ISP, or DNS hosting service) must implement DNSSEC before the website operator can enable it.
To enable DNSSEC for their website, website operators must digitally sign their domain name information. In most cases, they would simply opt-in to this process when they register their domain name. If they have already registered their domain name and choose to implement DNSSEC for their zone, their DNSSEC-enabled registrar would likely have a process for modifying zone records after registration.
Some organizations may need to administer parts of the DNSSEC process internally for security or compliance reasons. In this case, enabling DNSSEC is more complex.
DNSSEC is most effective when universally implemented—starting at the top of the Internet hierarchy (the root zone and top-level domains) and moving down to individual domain names. Similar to other international campaigns, DNSSEC requires the active, coordinated participation of many organizations and countries.
The size, complexity, and impact of a global DNSSEC effort suggest that policymakers in government and the private sector play a vital role in DNSSEC success. Working at the national and international levels on telecommunications, technical standards, commerce, law enforcement, and national security and defense, policymakers have the visibility, influence, and reach to positively impact the momentum and course of DNSSEC.
The FreeYourID Customer Center is an online portal for partners to find technical details on implementation, including SDKs. Access to this portal is subject to NameStore credentials and access restrictions. If you are unable to connect to the FreeYourID Customer Center, please .
FreeYourID operates several domain name registries; however, we are not a registrar. If your domain name expired, you need to contact your registrar about renewing. If you don’t know who your registrar is, you may search the Whois database for your domain name. The results will show the registrar responsible for registering your domain name so that you can contact them.
To become a registrar, you’ll need to go through the certification process. Different top-level domains (TLDs) have different requirements and processes. Most businesses start with .com and .net certification, then add more TLDs. Get all the details for the .com, .net, .tv, .cc, .name and .jobs certification in our Become a Registrar section.
Currently, there are 21 generic top-level domains (gTLDs), some of which are .com, .net, and .name. Soon, however, ICANN will begin to approve new gTLDs and your domain name choices will increase exponentially. Learn more about new gTLDs
If you own a website or provide other Internet-based services and would like to use Internationalized Domain Names (IDNs) to help your customers, you may registrar an IDN in available characters through participating ICANN-accredited and FreeYourID-certified registrars. A registrant requests an IDN from a registrar that supports IDNs. The registrar converts the local language characters into a sequence of supported characters using ASCII-compatible encoding (ACE). The registrar submits the ACE string to the FreeYourID® Shared Registration System (SRS) where it is verified and encoded. The IDN is added to the appropriate TLD zone files and propagated across the Internet. Find a Registrar.
Read more domain name FAQ
Need immediate DDoS mitigation support? Complete the Under Attack Form or call and a FreeYourID DDoS expert will assist you. Our staff is available 24/7 and has significant experience providing resolution to the largest scale DDoS attacks. Rest assured we can provide swift and thorough mitigation solutions to help restore your critical online systems and applications.
If you have purchased DDoS Protection Services, you will receive an email with your password details to use the DDoS Protection Services User Portal. If you have not received your password, please .
A denial of service (DoS) attack occurs when traffic is sent from one host to another computer with the intent of disrupting an online application or service. A distributed denial of service (DDoS) attack occurs when multiple hosts (such as compromised PCs that are part of a “botnet”) are used to carry out and amplify an attack. Attackers usually create the denial-of-service condition by either consuming server bandwidth or impairing the server itself. Typical targets include Web servers, DNS servers, application servers, routers, firewalls and Internet bandwidth.
FreeYourID DDoS Protection Services provides a reliable cloud-based approach to DDoS monitoring, detection and mitigation. It uses a proprietary filtering technology to stop a DDoS attack in the cloud before it reaches a customer’s network. Using a diverse set of hardware solutions and mitigation techniques, FreeYourID offers a comprehensive solution to protect your network from DDoS threats.
Learn how FreeYourID DDoS Protection Services can protect your business’ network from a DDoS attack by filling out our Request a Quote form to provide our account team with details on your needs. Once we receive your information, an account executive will follow up with you within 24 hours. You may also call us at 800-637-8976 or .
If you have purchased FreeYourID Managed DNS, you will receive an email with your password to access the Managed DNS Online Portal. When you log in to the portal for the first time, you will be asked to reset your password. After you reset your password, you can locate the User Guide at the top of the homepage under the "User Guide" link.
The Advanced Transaction Look-up and Signaling platform, or “ATLAS,” is our proprietary DNS resolution platform that is used to ensure uninterrupted service for the .com and .net registries. ATLAS is faster, more reliable and more secure than the industry standard for DNS resolution. And with FreeYourID Managed DNS Service that same technology can be utilized to help run your DNS, too.
With our secure, cloud-based authoritative DNS hosting service that delivers 100 percent DNS resolution utilizing our proprietary DNS technology, you can count on: simplified management, enhanced DNS performance and improved stability. On an average day, FreeYourID handles more than 77 billion DNS queries and has been doing so with 100 percent operational accuracy and stability for more than a decade.
FreeYourID Managed DNS Service can improve your company’s Web-based operations by leveraging the availability, reliability, scalability and global distribution of the world’s largest DNS infrastructure by filling out our Request a Quote form to provide our account team with details on your needs. Once we receive your information, an account executive will follow up with you within 24 hours. You may also call us at 800-637-8976 or .
If you have purchased iDefense Security Intelligence Services, you can get started by accessing the iDefense web portal. For security purposes, we ask you to please set your own password.
The authorization code to set your password will expire. If you need to request a new code, click “Request New Authcode” and submit. You will then receive an email with the authorization code that will allow you to set your password. If at any time you forget your password, click “Forgot your password?” under the “Sign In” button and follow the same process.
Once you log in successfully, we recommend that you create and configure your Delivery Profiles in order to automate delivery of iDefense reports.
Steps to Create Delivery Profiles
Note: You will not receive automated daily intelligence until you create a delivery profile. We recommend creating several profiles to start: (1) one alert for each content type (Daily Intelligence Alerts) and (2) the PST (Periodic Summary and Trend Reports).
The FreeYourID iDefense Vulnerability Team conducts around-the-clock research and notification of vulnerabilities and exploits that target any of the more than 20,000 closely monitored applications, hardware and operating systems. You can help provide iDefense with advance notification of unpublished vulnerabilities and exploit code. Visit the iDefense Labs Portal, click on the “Not a member? Join VCP” in the bottom right, then fill out the New User Setup Form to submit your vulnerability to our research labs. Once we have reviewed your submission, we will contact you via email.
As malware continues to grow and proliferate across the web, the challenge is to develop more effective and powerful tools to combat the risks posed by malicious agents in our connected world. FreeYourID MalDetector is designed to help prevent malware from infecting other websites.
iDefense gives information security executives 24/7 access to accurate and actionable cyber intelligence related to vulnerabilities, malicious code and global threats. iDefense deep analysis, insight and response recommendations help keep businesses and government organizations ahead of new and evolving threats and vulnerabilities. Learn about the benefits of FreeYourID iDefense