CoCCA域名注册局

2020年9月19日 | 分类: 【域名】

【介绍】

CoCCA代表国家代码管理员理事会（Council of County Code Administrators）。
CoCCA建立于2004年，是一个互联网基础设施支持公司，由一系列ccTLD管理组织联合组成。
CoCCA SRS被用于54个ccTLD和6个gTLD，是业内部署最广泛的ccTLD注册局解决方案。
CoCCA软件可以托管，或者部署在本地。需要签订商业协议。
CoCCA提供商业化支持，包括培训、托管、数据迁移、失效备援、灾难恢复和投诉解决服务。

CoCCA is an acronym for Council of Country Code Administrators, CoCCA is an internet infrastructure support company established in 2004 by a consortium of ccTLD managers. The registry software we author and maintain is the most widely deployed ccTLD registry solution in the industry. The CoCCA SRS is used to manage 54 ccTLDs and 6 gTLDs

The CoCCA software may be hosted or downloaded and installed locally. Use of the software requires an End User Licence Agreement (EULA).

CoCCA provides TLD managers who purchase an EULA with Corrective Services (bug fixes and patches), training, hosting, data escrow, failover, disaster recovery and complaint resolution services.

COMPLAINT RESOLUTION SERVICE (CRS)

The CX, GS, GY, KI, HT, HN, TL, SB, and NF ccTLDs have adopted the CoCCA CRS. The CoCCA CRS provides a transparent, efficient and cost effective way for the public, law enforcement, regulatory bodies, and intellectual property owners to have their concerns regarding use of a TLD service addressed.

The CoCCA CRS addresses not only rights to a particular domain but also the registrant’s use of that domain. Policies apply recursively, and are applicable not only to the domains in the registry but apply equally to any subordinate domain created by the registrant.

The registrants’ licence to use a domain requires them to comply with the applicable AUP, a failure to do so and/or to remedy an AUP breach if requested, may result in a suspension of a domain and its removal from the zone.

Any party who believes a domain name registrant has violated a participating TLD manager’s AUP must provide a formal complaint in order for CoCCA to investigate and evaluate the claim or complaint.

Complaint Form

To lodge a complaint [email protected]

If you are a TLD manager and wish to adopt the CoCCA CRS please send your queries at to [email protected]
Contact
Tel: +64 (0)9 446 6370
[email protected]

Headquarters
CoCCA Registry Services (NZ) Limited
4a / 36 College Hill Road
Freemans Bay, Auckland 1011
New Zealand
Branch Offices
CoCCA Registry (FR)
6 rue de la Michodière
Paris 75002 France

CoCCA Registry XO Pty. Ltd.
Unit 552 83-93 Dalmeny Avenue
Rosebery, NSW 2018 Australia

PATRONS

The maintenance of the CoCCA software and shared infrastructure in Paris is user-funded, CoCCA wishes to thank the following administrators for their generous financial support.

Afghanistan | .af | Ministry of Communications and IT
American Samoa | .as | AS Domain Registry
Anguila | .ai | Government of Anguilla
Botswana | .bw | Botswana Communications Regulatory Authority (BOCRA)
Benin | .bj | Benin -Benin Telecoms S.A.
Christmas Island | .cx | Christmas Island Domain Administration
Congo | .cg | Central African Backbone (CAB)
Congo, The Democratic Republic Of The) | .cd | Office Congolais des Postes et Télécommunications – OCPT
Côte d’Ivoire | .ci | Autorité de Régulation des Télécommunications/TIC de Côte d’lvoire (ARTCI)
Ecuador | .ec | NIC.EC (NICEC) S.A.
Egypt | xn--wgbh1c مصر | National Telecoms Regulatory Authority
Egypt | .eg | Egyptian Universities Network (EUN) Supreme Council of Universities
Greenland | .gl | TELE Greenland A/S
Guernsey | .gg | Island Networks Ltd
Guyana | .gy | University of Guyana
Haiti | .ht | Consortium FDS/RDDH
Honduras | .hn | Red de Desarrollo Sostenible Honduras
Iraq | .iq | Communications Media Commission
Iraq | xn--mgbtx2b عراق | Communications Media Commission
Jersey | .je | Island Networks Ltd.
Kenya | .ke | Kenya Network Information Center (KeNIC)
Kiribati | .ki | Telecommunications Authority of Kiribati
Kuwait | .kw | Kuwaitnet General Trading & Contracting Co
Montserrat | .ms | MNI Networks Ltd.
Morocco | .ma | Agence Nationale de Réglementation des Télécommunications (ANRT)
Mozambique | .mz | Centro de Informatica de Universidade Eduardo Mondlane
Libya | .ly | Libya Telecom and Technology
Namibia | .na | Namibia – Namibian Network Information Center
Nigeria | .ng | Nigeria Internet Registration Association
Norfolk Island | .nf | Norfolk Island data services
Peru | .pe | Red Cientifica Peruana
Rwanda | .rw | Rwanda Information Communication and Technology Association (RICTA)
Saint Kitts And Nevis | .kn | Ministry of Finance, Sustainable Development Information & Technology
Solomon Islands | .sb | Solomon Telekom Company Limited
South Georgia and South Sandwich Islands | .gs | Government of South Georgia and South Sandwich Islands (GSGSSI)
Sudan | .sd | Sudan Internet Society
Timor Leste | .tl | Ministry of Transport and Communications
Zambia | .zm | Zambia Information and Communications Technology Authority (ZICTA)
.xn--p1acf | .pyc | Rusnames Limited | Russian speaking Community
.shia | Asia Green IT System | The .SHIA gTLD is intended for Shia Muslim faithful who wish to promote, participate or learn about Islam and its various facets.
.tci | Asia Green IT System | TCI is well-known among the company’s customers, especially those outside their established service area. With an eye towards growing business abroad, TCI has entrusted AGITSys with the development of the TCI gTLD
.nowruz | Asia Green IT System | People using and familiar with the Persian language know ‘nowruz’ to mean ‘the new day’, or ‘the new year’
.pars | Asia Green IT System | The benefits of the .PARS domain will be manifold, not just to registrants but also to tens of millions of Persian internet users, as well as many others with an interest in or curiosity regarding Persia.
.xn--mgbt3dhd همراه, | Asia Green IT System | “comrade”, /hamra/

Last Updated | November 19, 2019

OTHER USERS

CoCCA does not have a formal relationship with the TLDs below but they are understood to be using the CoCCA registry software.

CoCCA WHMCS Module

You may download the WHMCS module from https://cocca.org.nz/whmcs/cocca-whmcs.zip

GDPR Statement

Data regarding registrants in the following TLDs is collected and stored in France – af, as, ci, cx, gs, gy, ht, ki, kn, nf, tl, zm, pyc, shia, pars, nowruz, همراه .
Following the principle of data minimisation, data on only one contact (the Registrant) is required. Registrars are not required to lodge Administrative Contact, Billing Contact, or Technical contact information with the Registry.
Data is stored as a Contact Object in the Registry. Effective July 2020, unless specifically requested by the Data Subject, Contact Objects are to be purged seven (7) years after they cease to be linked to a domain object.
The designated TLD manager, CoCCA staff, law enforcement and the controlling registrar all have access to Contact Objects in the registry.
Data stored in Contact Objects will, if required, be used to identify and communicate with the individual responsible for compliance with TLD policy, applicable public policy and legislation.
If the Contact Object contains personal information on an EU Data Subject, the personal information it is redacted from WHOIS. If the Contact Object contains information on an Organisation the information may be redacted.
Data submitted and maintained in the registry is secured in transit using TLS 1.2 and where applicable and required, encrypted in the Registry database.

【结论】

http://wiki.cocca.org.nz/已不能解析，也无法获得最新的CoCCA软件包，仅能从Google镜像中恢复说明文档。
经与CoCCA开发方交流，CoCCA目前仅对在IANA注册在案的TLD管理机构开放，而且需要签订商业合同或者公益援助。

CoCCA SRS的负责人 Garth Miller 建议从 FRED 系统入手：

如果你只是出于学习研究的目的，想测试EPP、WHOIS、RDAP等，我建议你试试 https://fred.nic.cz/ 。不少TLD也选择了它作为域名管理系统。
在SourceForge上的CoCCA代码太过陈旧，存在不少RFC合规性问题。并不建议使用它学习或者用于生产环境。新版本的CoCCA几乎完整重写。

参考：https://amon.org/fred

【介绍】

CoCCA代表国家代码管理员理事会（Council of County Code Administrators）。CoCCA建立于2004年，是一个互联网基础设施支持公司，由一系列ccTLD管理组织联合组成。

CoCCA软件可以托管，或者部署在本地。
CoCCA提供商业化支持，包括培训、托管、数据迁移、失效备援、灾难恢复和投诉解决服务。
CoCCA SRS被用于54个ccTLD和6个gTLD，是业内部署最广泛的ccTLD注册局解决方案。

搜索：https://bing.com/search?q=v8.1.20181212

https://coccaregistry.org/login.jsp
https://ote.nic.kw/login.jsp
https://swakop.omadhina.co.na/login.jsp
https://registry.nic.net.bw/login.jsp
https://registry.nic.gl/login.jsp
https://registry.nic.mz/domains/
https://registry.nic.ci/login.jsp
https://registry.nic.bi/login.jsp
https://registry.nic.hn/login.jsp

【源码】

下载：https://sourceforge.net/projects/coccaopenreg/
版本：最新版本v2.6.16；公开版本v2.2.9

下载：https://wiki.cocca.org.nz/mediawiki/index.php/CoCCA_SRS_Software
版本：最新，但无法访问。

构成：CoCCA注册局开发包 CoCCAtools-v2.2.9.zip
下载：https://master.dl.sourceforge.net/project/coccaopenreg/CoCCA%20Registry%20-%20Stable/V2.2.9/CoCCAtools-v2.2.9.zip

构成：CoCCA注册商开发包 CoCCARegistrarTools-v1.1.2_Production.zip & CoCCARegistrarSRC-v1.1.2.zip & RegistrarInstall_v1.1.2.pdf
下载：https://master.dl.sourceforge.net/project/coccaopenreg/CoCCA%20Registrar%20Package/Registrar_v1.1.2_Production/CoCCARegistrarTools-v1.1.2_Production.zip

【安装】

必要环境

1. PostgreSQL 8.1或更高版本

参考：https://amon.org/postgresql
参考：https://amon.org/phppgadmin

2. java 1.5或更高版本

参考：https://amon.org/java

3. Resin 3.1.1更高版本

参考：https://amon.org/resin

必要环境

wget https://master.dl.sourceforge.net/project/coccaopenreg/CoCCA%20Registry%20-%20Stable/V2.2.9/CoCCAtools-v2.2.9.zip && unzip CoCCAtools-v2.2.9.zip

Notes on Security �

In a production environment the registry should be behind a firewall and the registry database should be on an internal network.

* the firewall should only allow access from a known IP via port 700 and 443 for EPP registrars and 443 only for registrars only using the GUI. A combination hardware appliance and use of the OS firewall is recommended. The database server should only allow connections from the EPP and backup servers.

* registrars using the GUI should be provided with two-factor authentication keys.

Only trusted parties should have access to the registry via secure certificates, trusted IP’s and a user name and password PLUS a two factor authentication for GUI access. If you only grant access to a handful of trusted parties with whom you have an contract or are accredited security is simply addressed. Make sure the client accounts and registry staff have the correct level of access to avoid any accidental bulk changes / deletions.

If you have a registrar that is “hacking” or creating other mischief you really have a problem. We use best practice in designing the code and subscribe to and check all releases against – http://www.scanalert.com/ for known issues or coding flaws.

Automated incremental backups every 10-15 min as well as a full daily backup to a backup server is highly recommended. CoCCA offers an off-site backup server to members if they wish to use this facility. Grabing a “snap shot” each time you do the zone generation is also not a bad idea…

Regularly update the OS and the registry code – Aotea makes updates available once a month or more to members, mostly to add features but also to address any security issues that have been identified.

Database preparation �

1. Create two databases, one for a dns server and one for the main registry functionality. I’ll use epp and pdns for the names respectively. From a terminal window on a *nix system, you can try

createdb epp
createdb pdns

2. Create the pdns role if it doesn’t exist. The SQL statement for this is

create role pdns;

Binary File Installation �
EPP Server �

We assume a directory structure like that in the download. If it is not the same, paths will need to be changed where applicable.

1. Edit the configuration file (CoCCAtools/EPP Server/epp/conf/epp.conf.xml).
1. The db-object-pool element will need to be changed to connect to the database created previously
2. The secure-store element will need to be changed to use your keystore
3. Setup classpath to include all files in the lib directory
4. Start the server (from command line)

java -server -Xmx512m cx.cocca.epp.EppServer conf/epp.conf.xml > log/epp.log

where ‘conf/epp.conf.xml’ is the configuration file and log/epp.log is the log file. We’ve provided a script, CoCCAtools/EPP Server/epp/epp-run.sh, that sets the classpath, starts the server.
2. Web Interface
1. Configure resin to use ssl
1. Create a keystore file. The following command (run from the command line) is sufficient. When asked for your first and last name, give the domain name you will be using for the site.

keytool -genkey -keyalg RSA -keystore server.keystore

2. Add the following to the $RESIN_HOME/conf/resin.conf file. If you are using a basic resin setup, add it beneath the tag. Change the path and password to the location of the server.keystore file you just created and the password you provided while creating the keystore file respectively.

jks
path/server.keystore
password

2. Configure the registry application to recognize the epp server’s ssl certificate. You will not need to do this if you’ve replaced the epp server’s keystore with one containing a valid SSL certificate provided by a Certificate Authority (Thawte, Verisign, etc.)
1. Add the following to the $RESIN_HOME/conf/resin.conf file. Add them anywhere beneath the resin tag, but not in a place enclosed by another tag.

edit the path in the second line to wherever the cocca.tools.keystore is located on your machine (“path to CoCCATools”/EPP Server/epp/cert/cocca.tools.keystore)

3. Edit resin.conf file to include database elements similar to the following. You can put these elements inside a specific element (e.g. ), or just before the element.

jdbc/registry

org.postgresql.Driver
jdbc:postgresql://localhost/epp
postgres
pass

jdbc/pdns

org.postgresql.Driver
jdbc:postgresql://localhost/pdns
postgres
pass

the url, user, and password elements will need to be changed to connect to the databases you’ve setup. The jndi-name elements must be kept the same.
4. add postgres driver to server’s lib directory

cp CoCCAtools/Web\ App/lib/dependencies/postgresql-8.2-506.jdbc3.jar $RESIN_HOME/lib

5. Deploy the provided registry.war file. This can be by placing it in the resin_home/webapps directory.
6. Start Resin
7. Login to the application (at https://localhost/registry/index.jsp … replacing localhost with the name of the server you installed it on). You’ll be asked to give information necessary to running the system. Once that is complete, you’ll be up and running!

If you have questions concerning the changes to the resin.conf file, please look at the sample_resin.conf included in the download. Specifically, look at the lines enclosed by the following:
********************** Begin – required for CoCCATools *****************
… and …
********************** End – required for CoCCATools *******************

【证书】

使用Java的keystore工具生成EPP连接所用的SSL证书

CoCCA使用Java的keystore工具完成SSL部署，证书在Web访问或者EPP访问时都说必须的。

查证：https://epp.whois.ai/login.jsp 使用的证书颁发机构 thawte DV SSL CA – G2.

第一步：创建keystore，生成CSR，发送到证书颁发机构。

用于创建和管理证书的是Java keytool，位于 /opt/cocca-8/java/bin

下载：https://cfhcable.dl.sourceforge.net/project/coccaopenreg/CoCCA%20Registry%20-%20Stable/V2.2.9/CoCCAtools-v2.2.9.zip

We create the keystore and CSR with the following command:(example generate Certificate for .OTE CoCCA)

./keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore registry_cocca_ote.jks -dname “CN=registry.cocca.ote,OU=Naming and Numbering, O=CoCCA Registry Systems , L=Aculand, ST=Aculand, C=NZ” && ./keytool -certreq -alias server -file registry_cocca_ote.csr -keystore registry_cocca_ote.jks

( create password when prompted – it prompts for 2, use the same for both.. )

Step 2

send the CSR file away for signing, example digicert

Step 3

When the authority sends you files back import the intermediate certificate and the singed certificate for your domain as :

./keytool -import -trustcacerts -alias intermediate -file DigiCertCA.crt -keystore registry_cocca_ote.jks ( enter password )

./keytool -import -trustcacerts -alias server -file registry_cocca_ote.crt -keystore registry_cocca.ote.jks

( enter password ) Copy the keystore to /opt/cocca-8/keys

Step 4

Edit the webserver ( resin ) to point to the new keystore

/opt/cocca-8/resin/conf/resin.xml

look for this section …

jks
/opt/cocca-8/keys/registry_cocca.ote.jks
******
TLSv1,TLSv1.1,TLSv1.2

Stop and Start resin /opt/cocca-8/ctlscript.sh stop resin / start

Step 5

Edit the EPP certificate settings in the CoCCA UI.

Config > EPP

Enter the path and password as appropriate, As the following figure:File:ConfigureEPP.jpg

【连接WHMCS和CoCCA】

参考：https://webcache.googleusercontent.com/search?q=cache:XggdzzRafe4J:https://wiki.cocca.org.nz/mediawiki/index.php/CoCCA_and_EPP_Clients+&cd=2&hl=en&ct=clnk&gl=us
任务：http://whmcs2.rssing.com/chan-6631133/all_p64.html
任务：https://www.peopleperhour.com/freelance-jobs/web-development/php/build-epp-client-for-domain-name-managment-1696290

源码：whmcs-registrars-coza

源码：https://github.com/noer/whmcs-registrars-cocca .CO.ZA

whmcs-registrars-coza is a domain registrar module connecting the CO.ZA zone with WHMCS. It uses EPP for communicating with the Registry via the php-epp2 library.
It is written in modern PHP and tries to fix some shortcommings of the existing registrar modules.
Released under the GPLv3 License, feel free to contribute (fork, create meaningful branchname, issue pull request with thus branchname)!

源码：WHMCS Plugin for CoCCA EPP and NiRA .NG EPP

源码：https://github.com/ihannu/ngepp

WHMCS Plugin for CoCCA EPP and NiRA .NG EPP, works for .co.ke and other CoCCA Registries.
Features Added to existing CoCCA EPP WHMCS Plugin:
1. Enable/Disable Registrar Lock
2. Get EPP Code for your .NG and .KE Domains in WHMCS
Instructions: Copy the functions given in NGepp.php and replace it in your COCCAepp.php file downloaded from: https://wiki.cocca.org.nz/mediawiki/index.php/CoCCA_EPP_module_for_WHMCS

【参考】

参考：https://wiki.cocca.org.nz/mediawiki/index.php/CoCCA_FAQ
参考：https://wiki.almworks.com/display/kb/How+to+Connect+to+Server+using+SSL+and+Client+Certificate

参考：https://stackoverflow.com/questions/8973880/connect-to-epp-server-with-php-using-ssl
参考：https://stackoverflow.com/questions/42194244/error-connecting-to-epp-server-using-openssl-s-client