存档在 ‘【域名】’ 分类

怎样注册.FM域名

2018年9月10日

【介绍】

.FM是密克罗尼西亚(Micronesia)国家顶级域名。

因为广播普及及其影响,.FM域名与.AM域名广泛使用于各个广播电视网站。

【申请】

申请:https://dot.fm/registrar/

【价格】

价格:https://dot.fm/pricing.cfm

【物料】

物料:https://dot.fm/dropped.cfm

怎样注册.MA域名

2018年9月10日

【介绍】

.MA域名是摩洛哥国家的国别顶级域名。

摩洛哥王国是非洲西北部的一个阿拉伯国家。

.MA域名最少注册1年,最少2个字符。

【申请】

申请:http://whois.ma/language/en/registrars/e-devenirprestataire
参考:http://www.anrt.ma/en/e-services/domaine-ma

1. 签署 ANRT declaration file

下载:http://www.anrt.ma/

2. 签署 conclude an agreement with ANRT, called “Registrar Agreement”

【注册】

参考:https://www.domcomp.com/tld/ma

$42
https://www.netim.com/domain-name/search-registration.html

怎样成为域名注册商

2018年9月4日

Verisign

申请:https://www.verisign.com/zh_CN/channel-resources/become-a-registrar/index.xhtml

Afilias

申请:https://afilias.info/

列表:https://afilias.info/china/find-registrar

Donuts

申请:https://donuts.domains/what-we-do/accredited-registrars/#become-a-registrar

Neustar

申请:https://www.registry.neustar/registrars

参考:http://chuangzaoshi.com/Operate
排名:http://domainincite.com/17058-the-top-35-most-popular-new-gtld-sites

怎样获得ICANN认证

2018年9月3日

ICANN 的全称是 The Internet Corporation for Assigned Names and Numbers(互联网名称与数字地址分配机构)。

ICANN是美国商务部下属的一个非营利性的国际组织,全球域名最高管理机构。

要成为国际顶级域名注册商,首先需要通过 ICANN 的认证。

ICANN 认证具有严格的审查规范及认证标准。所有申请从事顶级域名注册的公司必须具备足够能力从技术上、经营上保证注册业务的持续性和稳定性。

认证资质包括:
1. 域名注册的专业技术能力
2. 国际化的服务标准
3. 足够的商业责任担保(例如100万美金以上)
4. 充裕的资金运营证明
5. 一定的公司规模

通过 ICANN 的认证,即是证实具备开展域名注册服务的信誉与资格;同时由于直接获得授权,域名价格达到最低,以注册商身份直接管理客户、提供更好的服务,客户因此得到更多保障。

在技术实现方面,只有通过 ICANN 认证,继而获得资格完成各个国际域名注册局的 OT&E 技术测试,开放程序与注册局提供的注册接口连接,才能向公众正式提供各类国际域名的实时注册服务。通过该认证即证明企业具有良好的开展域名注册服务的资格及很高的信誉度。

列表:http://www.icann.org/en/registrars/accredited-list.html

ICANN不参与商业运作,只负责管理和认证。 上面是注册局负责管理各种域名,下面是获得ICANN认证的国际域名注册商,能够直接开展业务的公司。

ICANN currently accredits domain-name registrars for the following Top Level Domains:
.aero, (reserved for the global aviation community) sponsored by Societe Internationale de Telecommunications Aeronautiques (SITA INC USA)
.asia, (reserved for the Pan-Asia and Asia Pacific region) sponsored by DotAsia Organisation
.biz, (restricted to businesses), operated by NeuStar, Inc.
.cat, (reserved for the Catalan linguistic and cultural community), sponsored by Fundació puntCat.
.com, operated by VeriSign, Inc.
.coop, (reserved for cooperatives) sponsored by Dot Cooperation LLC
.info, operated by Afilias Limited
.jobs, (reserved for the human resource management community) sponsored by Employ Media LLC
.mobi, (reserved for consumers and providers of mobile products and services) sponsored by mTLD Top Level Domain, Ltd.
.museum, (restricted to museums and related persons), sponsored by the Museum Domain Management Association International (MDI)
.name, (restricted to individuals), operated by Verisign Information Services, Inc.
.net, operated by VeriSign, Inc.
.org, operated by Public Interest Registry
.pro, (restricted to licensed professionals) operated by Registry Services Corporation (dba RegistryPro)
.tel, (reserved for individuals and businesses to store and manage their contact information in the DNS) sponsored by Telnic Limited
.travel, (reserved for entities whose primary area of activity is in the travel industry) sponsored by Tralliance Registry Management Company, LLC

获得ICANN认证的好处:

参考:https://www.midian.com/home/index/regcertification.html

成为ICANN注册商可以为您的企业增加如下优势:
1. 品牌提升:ICANN认证注册商身份可以为您的品牌增加可信度
2. 节约成本:注册商从注册局获得的成本价格可为您每年节约大量的资金
3. 提高收入:域名parking,过期域名拍卖等增值服务可为您的企业增加额外的收入
4. 域名资产安全:成为ICANN注册商可以获得对您域名资产的完全控制,以注册商成本价格进行消费
5. 市场推广:通过和注册局的市场合作可以为您的企业带来市场曝光,增加企业的市场份额
6. 新顶级域:成为ICANN注册商可以根据您企业客户群体特性选择合适的新顶级域进行认证

ICANN资质申请:
1. 申请材料准备与预审
2. 注册商申请表填写
3. 验资指导
4. 注册商网站指导
5. 提交申请及全程跟进至申请完成
6. 签订ICANN认证协议

注册局认证:
1. 注册局系统对接指导
2. 后缀注册和管理指导
3. Verisign,CNNIC,新顶级域以及其他您感兴趣的后缀注册局认证协议签订

怎样部署CoCCA

2018年8月9日

【结论】

貌似http://wiki.cocca.org.nz/不能解析,也就无法获得最新的CoCCA软件包,仅能从Google镜像中恢复说明文档。

经与CoCCA开发方交流,CoCCA目前仅对在IANA注册在案的TLD管理机构开放,而且需要签订商业合同或者公益援助。

CoCCA SRS的负责人 Garth Miller 建议从 FRED 系统入手:

如果你只是出于学习研究的目的,想测试EPP、WHOIS、RDAP等,我建议你试试 https://fred.nic.cz/ 。不少TLD也选择了它作为域名管理系统。

在SourceForge上的CoCCA代码太过陈旧,存在不少RFC合规性问题。并不建议使用它学习或者用于生产环境。新版本的CoCCA几乎完整重写。

结论:为期3天的CoCCA研究告一段落?至少搞定了PostgreSQL/phpPGAdmin。

参考:http://amon.org/fred
参考:http://amon.org/wp-admin/post.php?post=9967&action=edit

【介绍】

CoCCA代表国家代码管理员理事会(Council of County Code Administrators)。CoCCA建立于2004年,是一个互联网基础设施支持公司,由一系列ccTLD管理组织联合组成。

这个我们创建并维护的注册局软件是业内部署最广泛的ccTLD注册局解决方案。目前,CoCCA SRS被用于54个ccTLD和6个gTLD。

CoCCA软件可以托管,或者部署在本地。

CoCCA提供商业化支持,包括培训、托管、数据迁移、失效备援、灾难恢复和投诉解决服务。

【源码】

下载:https://sourceforge.net/projects/coccaopenreg/
版本:最新版本v2.6.16;公开版本v2.2.9

下载:https://wiki.cocca.org.nz/mediawiki/index.php/CoCCA_SRS_Software
版本:最新,但无法访问。

构成:CoCCA注册局开发包 CoCCAtools-v2.2.9.zip
下载:https://master.dl.sourceforge.net/project/coccaopenreg/CoCCA%20Registry%20-%20Stable/V2.2.9/CoCCAtools-v2.2.9.zip

构成:CoCCA注册商开发包 CoCCARegistrarTools-v1.1.2_Production.zip & CoCCARegistrarSRC-v1.1.2.zip & RegistrarInstall_v1.1.2.pdf
下载:https://master.dl.sourceforge.net/project/coccaopenreg/CoCCA%20Registrar%20Package/Registrar_v1.1.2_Production/CoCCARegistrarTools-v1.1.2_Production.zip

【安装】

必要环境

1. PostgreSQL 8.1或更高版本

参考:http://amon.org/postgresql
参考:http://amon.org/phppgadmin

2. java 1.5或更高版本

参考:http://amon.org/java

3. Resin 3.1.1更高版本

参考:http://amon.org/resin

必要环境

wget https://master.dl.sourceforge.net/project/coccaopenreg/CoCCA%20Registry%20-%20Stable/V2.2.9/CoCCAtools-v2.2.9.zip && unzip CoCCAtools-v2.2.9.zip

Notes on Security �

In a production environment the registry should be behind a firewall and the registry database should be on an internal network.

* the firewall should only allow access from a known IP via port 700 and 443 for EPP registrars and 443 only for registrars only using the GUI. A combination hardware appliance and use of the OS firewall is recommended. The database server should only allow connections from the EPP and backup servers.

* registrars using the GUI should be provided with two-factor authentication keys.

Only trusted parties should have access to the registry via secure certificates, trusted IP’s and a user name and password PLUS a two factor authentication for GUI access. If you only grant access to a handful of trusted parties with whom you have an contract or are accredited security is simply addressed. Make sure the client accounts and registry staff have the correct level of access to avoid any accidental bulk changes / deletions.

If you have a registrar that is “hacking” or creating other mischief you really have a problem. We use best practice in designing the code and subscribe to and check all releases against – http://www.scanalert.com/ for known issues or coding flaws.

Automated incremental backups every 10-15 min as well as a full daily backup to a backup server is highly recommended. CoCCA offers an off-site backup server to members if they wish to use this facility. Grabing a “snap shot” each time you do the zone generation is also not a bad idea…

Regularly update the OS and the registry code – Aotea makes updates available once a month or more to members, mostly to add features but also to address any security issues that have been identified.

Database preparation �

1. Create two databases, one for a dns server and one for the main registry functionality. I’ll use epp and pdns for the names respectively. From a terminal window on a *nix system, you can try

createdb epp
createdb pdns

2. Create the pdns role if it doesn’t exist. The SQL statement for this is

create role pdns;

Binary File Installation �
EPP Server �

We assume a directory structure like that in the download. If it is not the same, paths will need to be changed where applicable.

1. Edit the configuration file (CoCCAtools/EPP Server/epp/conf/epp.conf.xml).
1. The db-object-pool element will need to be changed to connect to the database created previously
2. The secure-store element will need to be changed to use your keystore
3. Setup classpath to include all files in the lib directory
4. Start the server (from command line)

java -server -Xmx512m cx.cocca.epp.EppServer conf/epp.conf.xml > log/epp.log

where ‘conf/epp.conf.xml’ is the configuration file and log/epp.log is the log file. We’ve provided a script, CoCCAtools/EPP Server/epp/epp-run.sh, that sets the classpath, starts the server.
2. Web Interface
1. Configure resin to use ssl
1. Create a keystore file. The following command (run from the command line) is sufficient. When asked for your first and last name, give the domain name you will be using for the site.

keytool -genkey -keyalg RSA -keystore server.keystore

2. Add the following to the $RESIN_HOME/conf/resin.conf file. If you are using a basic resin setup, add it beneath the tag. Change the path and password to the location of the server.keystore file you just created and the password you provided while creating the keystore file respectively.




jks
path/server.keystore password

2. Configure the registry application to recognize the epp server’s ssl certificate. You will not need to do this if you’ve replaced the epp server’s keystore with one containing a valid SSL certificate provided by a Certificate Authority (Thawte, Verisign, etc.)
1. Add the following to the $RESIN_HOME/conf/resin.conf file. Add them anywhere beneath the resin tag, but not in a place enclosed by another tag.



edit the path in the second line to wherever the cocca.tools.keystore is located on your machine (“path to CoCCATools”/EPP Server/epp/cert/cocca.tools.keystore)

3. Edit resin.conf file to include database elements similar to the following. You can put these elements inside a specific element (e.g. ), or just before the element.


jdbc/registry

org.postgresql.Driver
jdbc:postgresql://localhost/epp
postgres pass



jdbc/pdns

org.postgresql.Driver
jdbc:postgresql://localhost/pdns
postgres pass

the url, user, and password elements will need to be changed to connect to the databases you’ve setup. The jndi-name elements must be kept the same.
4. add postgres driver to server’s lib directory

cp CoCCAtools/Web\ App/lib/dependencies/postgresql-8.2-506.jdbc3.jar $RESIN_HOME/lib

5. Deploy the provided registry.war file. This can be by placing it in the resin_home/webapps directory.
6. Start Resin
7. Login to the application (at https://localhost/registry/index.jsp … replacing localhost with the name of the server you installed it on). You’ll be asked to give information necessary to running the system. Once that is complete, you’ll be up and running!

If you have questions concerning the changes to the resin.conf file, please look at the sample_resin.conf included in the download. Specifically, look at the lines enclosed by the following:
********************** Begin – required for CoCCATools *****************
… and …
********************** End – required for CoCCATools *******************

【证书】

使用Java的keystore工具生成EPP连接所用的SSL证书

CoCCA使用Java的keystore工具完成SSL部署,证书在Web访问或者EPP访问时都说必须的。

查证:https://epp.whois.ai/login.jsp 使用的证书颁发机构 thawte DV SSL CA – G2.

第一步:创建keystore,生成CSR,发送到证书颁发机构。

用于创建和管理证书的是Java keytool,位于 /opt/cocca-8/java/bin

下载:https://cfhcable.dl.sourceforge.net/project/coccaopenreg/CoCCA%20Registry%20-%20Stable/V2.2.9/CoCCAtools-v2.2.9.zip

We create the keystore and CSR with the following command:(example generate Certificate for .OTE CoCCA)

./keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore registry_cocca_ote.jks -dname “CN=registry.cocca.ote,OU=Naming and Numbering, O=CoCCA Registry Systems , L=Aculand, ST=Aculand, C=NZ” && ./keytool -certreq -alias server -file registry_cocca_ote.csr -keystore registry_cocca_ote.jks

( create password when prompted – it prompts for 2, use the same for both.. )

Step 2

send the CSR file away for signing, example digicert

Step 3

When the authority sends you files back import the intermediate certificate and the singed certificate for your domain as :

./keytool -import -trustcacerts -alias intermediate -file DigiCertCA.crt -keystore registry_cocca_ote.jks ( enter password )

./keytool -import -trustcacerts -alias server -file registry_cocca_ote.crt -keystore registry_cocca.ote.jks

( enter password ) Copy the keystore to /opt/cocca-8/keys

Step 4

Edit the webserver ( resin ) to point to the new keystore

/opt/cocca-8/resin/conf/resin.xml

look for this section …


jks
/opt/cocca-8/keys/registry_cocca.ote.jks ****** TLSv1,TLSv1.1,TLSv1.2

Stop and Start resin /opt/cocca-8/ctlscript.sh stop resin / start

Step 5

Edit the EPP certificate settings in the CoCCA UI.

Config > EPP

Enter the path and password as appropriate, As the following figure:File:ConfigureEPP.jpg

【参考】

参考:https://wiki.cocca.org.nz/mediawiki/index.php/CoCCA_FAQ
参考:https://wiki.almworks.com/display/kb/How+to+Connect+to+Server+using+SSL+and+Client+Certificate

参考:https://stackoverflow.com/questions/8973880/connect-to-epp-server-with-php-using-ssl
参考:https://stackoverflow.com/questions/42194244/error-connecting-to-epp-server-using-openssl-s-client