REGISTRAR RESELLER TRAINING - 26 -27 NOVEMBER2020
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Registrar Reseller Training
26 -27 November2020
1
.ZADNA
Chapter X
• Established in 2002, under the ECT (Electronic Communication
PRT 1 and Transactions) ACT 2002, to Manage and Regulate the .ZA
Namespace.
• Accountable to DCDT with Board of DIrectors appointed by
PRT2 Minister.
• The Authority must enhance public awareness on the
economic and commercial benefits of domain name
registration.
PRT 3
• Comply with international best practice in the administration of
the .ZA domain name space; license and regulate registries and
registrars and publish guidelines on .ZA domain namespace.
PRT 5 •
•
Pricing policy.
Creation of new sub-domains.
Role of ZADNA
• Established in 2002, under the ECT ACT
• Manages and Regulates the .ZA Namespace
• Publishing guidelines on: administration and management of
.ZA domain namespace
• Licensing and regulating registries
• Accountable to Department of Communications and Digital
Technologies (DCDT)
• Enhance public awareness on the economic and commercial
benefits of domain name registration
• Board of Directors appointed by the Minister
3
.ZA Domain
ccTLD for South Africa
WHAT IS .ZA
ORG.ZA
.ZA is the Internet country code top-level domain (ccTLD)
for South Africa. The .ZA Domain Name has a second-level
domain (SLD or 2LD) structure - For example, in co.za, CO
is the second-level domain of the .ZA TLD.
CO.ZA
.ZA
GOV.ZA
AC.ZA
Domain name systems (DNS)
INTERNET
• The Internet (Interconnected network) is the global system
of interconnected computer networks.
• It is a network of networks that consists of private, public,
academic, business, and government networks of local to
global scope.
• The Internet carries a vast range of information resources
and services, such as the inter-linked hypertext documents
and applications of the World Wide Web (WWW),
electronic mail, telephony, and file sharing.
5
Domain name system (DNS)
WHAT IS A DOMAIN NAME?
• The Internet maintains two principal namespaces:
– the domain name hierarchy (refers to the protocol used today to convert, for the most part, human-
readable labels (such as computer hostnames) into numeric addresses.)) and
– the Internet Protocol (IP) address spaces.
• The Domain Name System (DNS) is a hierarchical distributed naming system for
computers, services, or any resource connected to the Internet or a private
network.
• It translates domain names, which can be easily memorized by humans, to the
numerical IP addresses needed for the purpose of computer services and devices
worldwide.
6Domains and domain names
7DOMAIN NAME SYSTEMS (DNS)
DOMAIN NAME SYSTEMS (DNS)
What Is an Internet Protocol (IP) Address?
• Before we talk domains, it’s important to understand what an IP address is
• IP address consists of a set of numbers separated by periods
• A typical IP address looks like this:
93.184.216.119 (IPv4)
Uses 32-bit addresses
Allows for 4.3 billion unique addresses
2606:2800:220:6d:26bf:1447:1097:aa7 (IPv6)
128-bit addresses,
Allows 3.4 x 1038 unique addresses, or 340 trillion unique trillion trillion addresses
• Each computer has an unique IP address
• It's a set of numbers is a language that computers use to communicate with each other over a
network
• Allow any number of internet-connected computers to be distinguished from other computers
8Domain name systems (DNS)
9What is a domain name
• Like a telephone number, a Domain name is a unique
Identifier that points to a certain site on the World Wide Web
• Each computer on the Internet has a unique numeric Internet
Protocol address (IP Address) such as 131.215.3.29
• These numbers are not user-friendly and give no indication as
to what this address contains.
• A domain name is a lot easier to remember
• It could also indicate what the Web Site contains.
10How does it work?
ORG.ZA
WWW.YOURDOMAIN.CO.ZA.
CO.ZA
A Domain name helps us interpret IP addresses (which are strings of
numbers) to human readable names.
The Domain Name System allows a familiar string of letters (the
GOV.ZA
"domain name") to be used instead of typing 192.0.34.163.
AC.ZADomain name systems (DNS)
• A computer network is a digital telecommunications
network which allows nodes to share resources.
• A network connects computers, mobile phones,
peripherals, and even IoT devices.
• Computing devices exchange data with each other using
connections between nodes
• These data links are established over cable media such as
wires or optic cables, or wireless media such as Wi-Fi.
12Domain name systems (DNS)
DOMAIN NAME SYSTEMS (DNS)
What Is a Domain Name?
• A domain name is human-friendly and much easier to remember than an IP
address
• The HOSTS.TXT file mapped names to numerical addresses
• A text file looks like this:
192.126.81.1 John
193.11.201.1 Patrick
194.10.231.44 Hendrick
154.45.111.71 Gabriel
13Domains vs Domain names
• Domains
– A sub-tree of the domain namespace
• Domain names
– A domain name of a domain is the same as the
name of the node at the very top of the domain
Domain
ZA
ORG NET Domain name
CO
14DNS Structure
15DNS Structure
WWW.YOURDOMAIN.CO.ZA.
3rd Level
SLD ccTLD Root Servers
Domain
16Domain hierarchy
• In the Domain Name System (DNS) hierarchy, domains consist of the root-level
domain at the top, with top-level domains underneath, followed by second-level
domains and finally subdomains.
Root “”
gTLD (.com
ccTLD (.za)
.net)
Subdomain
SLD (co.za) SLD (org.za)
(telkomsa.net)
• Generic Top-Level Domains (TLDs or gTLDs): Created for use by the Internet public.
.aero, .biz, .com, .coop, .edu, .gov, .info, .int, .mil, .net, and .org
• In 2011, ICANN opened for new private TLDs applications. (.Africa .capetown
.durban and .joburg etc .mtn .dstv .music .Law .Attorney)
17DNS Structure
A top-level domain is the label at the right end of the domain name, after the dot.
There are two types of top-level domains, generic and country code:
• Generic Top-Level Domains (TLDs or gTLDs)
• Country Code Top-level Domains (ccTLDs) extension based on the ISO 3166
country codes
• The first ccTLDs delegated were
– .US for the United States,
– .UK for the United Kingdom, and
– .IT for Italy in 1985.
• The general domain name structure is:
SubDomain.SecondLevelDomain.TopLevelDomain
• For example, "NET" is a top level domain name and "telkomsa" is second level
domain name.
18DNS Structure
Root (“ “)
ccTLD gTLD
.de .uk .au .za .com .net .org
Com.de co.uk .com.au .org.za Intekom.com telkomsa.net
zadna.org.za
19Domain Name Systems (DNS)
20Domain Name Systems (DNS)
DNS ZONE
• A DNS zone is any distinct, contiguous portion
of the domain name space in the Domain
Name System (DNS).
21Domain Name Systems (DNS)
DNS ZONE
• A Zone file is a text file that describes a DNS
zone
22Domain Name Systems (DNS) ZA ZONE FILE Structure • $TTL 86400 • za. 604800 IN SOA nsza.is.co.za. dnsadmin.zadna.org.za. ( • 2015020600 ; serial • 21600 ; refresh every 6 hours • 3600 ; retry every hour • 2592000 ; expire in 30 days • 86400 ) ; minimum ttl of 1 day • ; • ; ------------------------------------------------------------------ • ; Name servers for .za • ; ------------------------------------------------------------------ • ; • za. NS nsza.is.co.za. • ; • NS disa.tenet.ac.za. • NS za1.dnsnode.net. • NS za-ns.anycast.pch.net. • NS sns-pb.isc.org. • nsza.is.co.za. A 196.4.160.27 23
Domain Name Systems (DNS)
ZA ZONE FILE Structure
• The first name after SOA (nsza.is.co.za. ) is the name of the primary nameserver
for the zadna.za zone
• The Second name (dnsadmin.zadna.org.za.) is the mail address of the person in
charge of the zone
SOA Values
Serial number
• The format used is as follows: YYYMMDDNN.
• YYYY is the year, MM is the month, DD is the day, and NN is the count of how many
times the zone data was modified that day.
24Domain Name Systems (DNS)
ZONE FILE STRUCTURE
• Refresh
• The refresh interval tells a slave for the zone how often to check that the data for this zone is
up to date
• Retry
• If the slave server fails to reach the master server after the refresh interval, it starts to
connect every retry seconds
• Expire
• If the slave fails to contact the master server for expire seconds, the slave expires the zone
• Negative caching TTL
• TTL is a setting for each DNS record that specifies how long a resolver is supposed to cache
(or remember) the DNS query before the query expires and a new one needs to be done
25Domain Name Systems (DNS)
Resource Records
Resource records in datafiles is as follows:
• SOA record
Indicate the start of authority for this zone
• NS record
List a nameserver for this zone
26Domain Name Systems (DNS)
Resource Records
Resource records in datafiles is as follows:
• SOA record
Indicate the start of authority for this zone
• NS record
List a nameserver for this zone
Other records
Data about hosts in this zone
• PTR record
Address-to-name mapping
• CNAME
Canonical name (for aliases)
27DNS Name servers
28Name servers
TYPES OF NAMESERVERS
• A primary master nameserver for the zone reads the data for the zone
from a file on its host.
• A secondary master nameserver for the zone gets the zone data from the
nameserver authoritative for the zone, called master server.
29Name Servers
• The Domain Name System is maintained by a distributed database system, which
uses the client–server model.
• The nodes of this database are the name servers.
• Each domain has at least one authoritative DNS server that publishes information
about that domain and the name servers of any domains subordinate to it.
• The top of the hierarchy is served by the root name servers, the servers to query
when looking up (resolving) a TLD.Name Server (Cont’d)
Authoritative name server
• An authoritative name server can either be a master server or a slave server.
• A master server is a server that stores the original (master) copies of all zone
records.
• A slave server uses an automatic updating mechanism of the DNS protocol in
communication with its master to maintain an identical copy of the master
records.
• When domain names are registered with a domain name registrar, their
installation at the domain registry of a top level domain requires the assignment of
a primary name server and at least one secondary name server.Name Servers (Cont’d)
A Caching Name Server (resolver)
– Obtain information by querying a zone’s name server
– In order to answer a query and subsequently saves the data locally
• Resolvers (Also called DNS resolvers) are often just library routines
that create and send them across a network to a name server.
• Resolvers are commonly located with Internet Service Providers
(ISPs)
• Used to respond to a user request to resolve a domain name
• They translate a domain name into an IP address
3233
.ZA Structure
• .ZA is the Internet country code top-level domain (ccTLD) for South Africa.
• It is administered by the .ZA Domain Name Authority (ZADNA).
• None of the official names for South Africa can be abbreviated to ZA, which is an
abbreviation of the Dutch Zuid-Afrika.
• Dutch was considered an official language in the Union of South Africa until 1961;
it subsequently lost its synonymous status with Afrikaans in 1983 and Suid-Afrika is
now the more common regional spelling.
• However, the .SA domain is used by Saudi Arabia and ZAR also serves as the ISO
4217 currency code for the South African rand.
34.ZA DNS Structure
.ZA is the Internet country code top-level domain (ccTLD) for South Africa. The .ZA Domain Name has a second-level
domain (SLD or 2LD) structure - For example, in co.za, CO is the second-level domain of the .ZA TLD.
Root (‘’)
.ZA
Ac.za Co.za Org.za Net.za Web.za
tertiary.ac.za comm.co.za ngo.org.za Network.net.za Website.web.za
35.ZA 2ND Level domains
Active domains Dormant domains
• Ac.za • Net.za Alt.za*
• Co.za* • Nom.za Ngo.za
• Edu.za • Org.za Tm.za
• Gov.za • School.za Private domains
• Law.za • Web.za* Agric.za
• Mil.za Grondar.za
Nis.za
* Impose no eligibility requirementsDNS SECURITY
37DNS Security
• WHAT DOES SECURITY PROVIDE?
• Confidentiality:
• The information within the message or transaction is kept confidential.
• Integrity:
• The information within the message or transaction is not tampered accidentally
or deliberately
• Non-Repudiation:
• The sender cannot deny sending the message or transaction, and the receiver
cannot deny receiving it
• Access Control:
• Access to the protected information is only realized by the intended person or
entity
38DNS Security
DNS PROTECTION
• DNS protection is the world’s first and best line of defense
against malware or DDOS attack
• Various threats can be blocked the request at the DNS level
39DNS Security
TSIG (Transaction SIGnature)
• NOTIFY – Master name server sends a NOTIFY announcement to its slaves
– each time a master name server receives an update
• This is used to ensure that DNS packets originate from an authorized sender, and
that they have not been tampered with along the way
– Tsig records “signs” DNS message to ensure that the message wasn’t modified after it has left the
sender
• TSIG is used to secure communications between a primary and secondary name
server
• DNS zone transfer (AFXR) allows the master to send a full zone transfer
• Incremental Zone Transfer (IXFR) - allows slaves to request only the changes to
the zone between master and slaves
40DNS Security
DNS SECURITY EXTENSIONS (DNSSEC)
• DNSSEC adds authentication to DNS to make the system more secure
• DNS, as originally designed, has no means of determining whether domain name
data comes from the authorized domain owner or has been forged
• DNSSEC employs cryptographic keys and digital signatures to ensure that lookup
data is correct and that connections are to legitimate servers
41DNS MANAGEMENT SOFTWARE
DNS Management Software
• DNS management software is computer software that controls Domain Name
System (DNS) server clusters. DNS data is typically deployed on multiple physical
servers.
Main purposes of DNS management software :
• to reduce human error when editing complex and repetitive DNS data
• to reduce the effort required to edit DNS data
• to validate DNS data before it is published to the DNS servers
• to automate the distribution of DNS dataDNS Management Software (Cont’d)
BIND
• The name BIND stands for “Berkeley Internet Name Domain”.
• BIND is open source software that implements the Domain Name System (DNS)
protocols for the Internet.
• It is a free software product and is distributed with most Unix and Linux platforms.
• BIND is by far the most widely used DNS software on the Internet, providing a
robust and stable platform on top of which organizations can build distributed
computing systems with the knowledge that those systems are fully compliant
with published DNS standards.DNS Management Software (Cont’d)
NSD (Name Server Daemon)
• NSD is a free software authoritative server provided by NLNet Labs.
• NSD is a test-bed server for DNSSEC; new DNSSEC protocol features are often
prototyped using the NSD code base.
• NSD hosts several top-level domains, and operates three of the root nameservers.
• NSD is an authoritative only, high performance, simple and open source name
server.DNS Management Software (Cont’d)
Microsoft DNS
• Windows DNS Server component of Microsoft DNS, is a major player in the DNS
server software
• The same software can be configured to support authoritative, recursive and
hybrid mode
• The software is integrated with Active DirectoryDefining the Rs
47Defining 5 Rs • Regulator: entity responsible for .ZA, its administration, licensing, etc… • Registry: entity licensed by Regulator to administer ZA SLD. • Registrar: entity accredited to register .ZA domain names for registrants. • Registrant: holder (not owner!) of a domain name. • Reseller: entity that re-sells domain name services on behalf of a Registrar. 48
.ZA Ecosystem
Five Rs
Regulator Registry Registrar Registrant ResellerDefining 5 Rs
The .za SLD Cost and Fee Structure: Wholesale Fees
Annual fee paid by a domain name registrar to the registry operator for each .za SLD
(i.e Co.za, Org.za, Net.za and Web.za) registered and/or renewed by them.
Wholesale Fee have an influence on the retail pricing of domain names (i.e. fees
charged to the public)
Wholesale Fee for .za SLDs is currently set at R45.00 per year, excluding VAT.
Primary purposes of the Wholesale Fee is to sustain and enhance a critical piece of
Internet infrastructure.
Wholesale Fee sustains a highly competitive, relevant and secure digital space for
South Africans.
50Defining 4 Rs
.ZA VALUE CHAIN
Registrant
Registrar
Registrant
Registry
Registrar Reseller Registrant
REGULATOR
1. Registry – registrar/registrant
2. Registry - registrar - registrant
3. Registry - registrar - Reseller - Registrant
51The Triple R’S
Registry Registrar Reseller
• Operator is an entity • Is an internet service • Has the ability to
authorized by ZADNA provider authorized purchase the hosts
to manage a to register names for services on a
database of names in its clients in a TLD wholesale and then
an SLD. sells them to
customers for a
profit.Defining Rs
REGISTRAR SERVICES
Email Hosting Web Hosting
• An email hosting service is an • Type of Internet hosting
Internet hosting service that providers that allows
operates email servers. individuals and organizations
to make their website
accessible via the World Wide
Web.
53DEBATE
Does This Business Deserve a Domain?
54.ZA Structure
Does This Business Deserve a Domain?
55Registrar Business
A domain name is an asset
Reported Sold Domains
Property.co.za – R4.33 million
56Registrar Business
A domain name is an asset
Reported Sold Domains
Domains.co.za – R187,000
57Top Registrars
Top .za Registrars by performance
REGISTRAR NO. OF DOMAINS COST PRICE SELLING PRICE PROFIT
Registrar A 221,224 R51.75 R89.00 R8 340 144.80
Registrar B 165,004 R51.75 R97.00 R7 540 682.80
Registrar C 83,176 R51.75 R99.00 R3 967 495.20
Registrar D 71,983 R51.75 R75.00 R1 705 997.10
Registrar E 38,250 R51.75 R105.00 R2 054 025.00
58Registration Process
59Registration process
• Holding a domain name is a license not a right
• Registration is on first-come first-served basis
– Registry does not sit watching against name theft or
abuse, except abuse on their system.
• Registration & renewal process is usually
automated.
– Exceptions exist for restricted domains (e.g. ac.za)
• Registration & renewal through registrars/ISPs
60Registration process
1. DOMAIN NAME and ACTION Give the name of the subdomain. This is the name that will be used
in tables and lists associating the domain with the name server and IP addresses.
The .co.za domain names that are delegated by ZACR are at the third level, for example:
thisnetwork.co.za. Domain names in the CO.ZA zone are limited to 30 characters.
The Action field specifies whether this is a 'N'ew application, an 'U'pdate or a 'D'eletion.
1a. Complete domain name:
1b. Action - [N]ew, [U]pdate, or [D]elete :
DOMAIN REGISTRANT and BILLING The name and postal address of the domain registrant.
2. 2a. Domain Registrant:
2b. Registrant Postal address:
2c. Registrant Street address:
2e. [I]nvoice or [A]ccount (Default I):
2f. Organisation to be billed or account no. :
2g. Email to send invoices to:
61Registration process
Item 2i must contain the Postal Address for Tax Invoicing purposes. (Phone and Fax numbers must
be in E.164 format - ie +27.113140077 Numbers can have an optional extension part - ie
+27.113140077x200)
2i. Invoice Addr: 2j. Registrant Phone No.:
2k. Registrant Fax No. :
2l. Registrant e-mail :
2n. VAT No. for 2f :
3. CNAME - This section is no longer in use Should you be updating information other than the
CNAME information for a current CNAME registration, leave the following three fields exactly the
same as the current registration (Details can be found at http://whois.co.za/whois.shtml). If you
are migrating a CNAME registration to a Nameserver registration (Section 6) leave the following
blank.
3b. Full CNAME :
3c. Sub alias 1:
3d. Sub alias 2:
62Registration process
4. ADMINISTRATIVE CONTACT It is necessary to provide details of a person who deals with the administrative matters of the registrant
for .co.za domains. (Postal address, delimited by comma's, as described in Section 2 above) (Phone and Fax numbers must be in
E.164 format - ie +27.113140077 Numbers can have an optional extension part - ie +27.113140077x200)
4a. Name (last, first):
4b. Title/position:
4c. Organisation:
4d. Postal Addr:
4e. Phone Number:
4f. Fax Number:
4g. Email:
5. TECHNICAL CONTACT It is necessary to provide details of a person who deals with the technical matters of the registrant for .co.za
domains. (Postal address, delimited by comma's, as described in Section 2 above) (Phone and Fax numbers must be in E.164 format -
ie +27.113140077 Numbers can have an optional extension part - ie +27.113140077x200)
5a. Name (last, first):
5b. Title/position:
5c. Organisation:
5d. Postal Addr:
5e. Phone Number:
5f. Fax Number:
5g. Email:
63Registration process
6. NAMESERVERS FOR THIS DOMAIN
Domain administrators should provide at least two independent nameserver hosts for the requested domain. Please ensure that the servers are
in physically separate locations and on different sections of the Internet. Nameserver records only require glue address records when the
nameserver is a child of the domain being registered. Any glue address records that are provided for nameservers that are not a child of the
domain being registered will be ignored. More than one glue address record may be specified for a single nameserver record as a comma
delimited list. All nameservers should be operational before submitting this application. There is a limit of five nameservers for the .co.za zone.
'FQDN' is the Fully Qualified Domain Name of the host. *** IF YOU DO NOT KNOW SOMETHING - ASK YOUR ISP ***
6a. Primary server FQDN:
6b. Primary server IPv4 glue:
6c. Primary server IPv6 glue:
6e. Secondary server FQDN:
6f. Secondary server IPv4 glue:
6g. Secondary server IPv6 glue:
6i. Secondary server FQDN:
6j. Secondary server IPv4 glue:
6k. Secondary server IPv6 glue:
6m. Secondary server FQDN:
6n. Secondary server IPv4 glue:
6o. Secondary server IPv6 glue:
6q. Secondary server FQDN:
6r. Secondary server IPv4 glue:
6s. Secondary server IPv6 glue:
64The Need
The .ZA Market As It Stands, 2018
Current Operators
510 Registrar: 409 Local Registrars and 101 international
Gauteng 203 Western Cape 119 Northern Cape 1
Limpopo 3 KZN 43 North West 4 Eastern Cape 18
FreeState 6Businesses that can benefit from domain name
services
• Small and Medium Enterprises (SMME's).
• Informal trading business Owners.
• Individuals.
• NGO's
• Any Individual /organisation that need a
professional Online Identity Address
66What do you need to start • Laptop/PC • Website • Reliable Internet Connectivity • Telephone ( Providing Support to clients) • Understanding of the domain name business
Reseller process
.ZA domain Accredited Registrars:
https://www.zadna.org.za/za-registrars/
68GOV.ZA AC.ZA
Alternative Dispute Resolution
• ZADNA has an Alternative Dispute Resolution (ADR) process to allow aggrieved
parties to lodge disputes of .za domain names.
ADR INFORMATION PAGE
https://www.zadna.org.za/content/page/za-adr-process/
WHAT CONSTITUTE A DISPUTE
Abusive registration
Domain name registration which is registered to take unfair
advantage of another person’s rights, or to be detrimental to, or
infringing, another person’s rights.
Offensive registration
Names such as www.menaredogs.co.za are considered offensive
70Domain name registration policies
ZA General Policy
• ZADNA published the ZA General Policy in 2015
• Overarching Policy over .ZA. Policy confirms the key principles, practices and standards that
will govern the registration of Second Level Domains.
• Confirms key principles, standards and practices that underpin the registration and
management of Domain Names in the .ZA SLDs
ZA SLD Technical Standards
• ZADNA published the ZA SLD Technical Standards in 2015
.ZA DNSSEC POLICIES
• .ZADNA has developed and finalised the .ZA DNSSEC Policy & Practice Statement (DPS).
.ZA SLD Operating Agreement
• Agreement between the Regulator and Registry Operator.
• Intended to regulate the Registry Operation FrameworkThank you
info@zadna.org.za
www.zadna.org.za
+27 010 020 3910
72You can also read
