For those unfamiliar with a zone file, it is the set of data that a registry (COM, NET, ORG, BIZ, INFO, ...) publishes via the DNS to help computers locate the names and addresses of name servers for domains registered in a TLD. Internet users commonly use domain names and search results (which identify domain names in hyperlinks/URLs), and thus access individual domain information published in TLD zone files millions (billions) of times daily. A second form of zone file access provides anticrime organizations, businesses, law enforcement and researchers with a means to download the entire zone file "in bulk". These organizations apply the bulk zone data in many ways, and among the most important of these applications are efforts to combat phishing, spam, brand and trademark infringements, and other malicious uses of domains.
To obtain access to TLD zone data in bulk, an individual or organization must sign an agreement with a registry and agree to the registry's terms of service. The terms are not onerous but are present to ensure that the data are not used for malicious or harmful purposes. Today, there are fewer than 20 generic TLD (gTLD) registries, none of these have more than 1000 consumers of bulk zone data, and each gTLD offers zone file access in its own way, according to its own terms of service. Many applications of bulk zone data require access to all gTLD zones, and dealing with 20 access agreements and file access arrangements is manageable. Since the ICANN community is considering an expansion of the number of top level domains, this current bi-lateral and case-by-case arrangement for zone file access begs a question:
Would the current zone file access arrangement scale to large numbers of TLDs?
I've been collaborating with a remarkable group of individuals (in ICANN-speak, "stakeholders") on an Advisory Group tasked to study ways to improve and protect access to top level domain (TLD) zone files. The group is specifically studying models for managing agreements (contracts in the brick-and-mortar world) and electronic access to TLD zone data (e.g., file transfer) that would be efficient, would scale well to large numbers of consumers and TLDs, and would provide opportunities for uniformly monitoring and controlling access. The concept paper proposes several alternatives to bi-laterally arranged access: a (i) secure access to a local repository of all zone files, secure access, (ii) a "secure extranet" provider that proxies connections between an authenticated consumer and registry zone transfer servers, (iii) a clearinghouse agent who manages contracts and zone access credentials on behalf of all registries, who operate more uniform zone transfer service, and (iv) an enhancement of the existing bi-lateral arrangements, where standards for access are defined and implemented by all registries.
Early in this article, I called this group remarkable and here's why: despite the diversity among the members, the group has managed to discuss numerous techno-tricky and business-sensitive issues professionally and has published a thoughtful concept paper in an admirably short time frame. You need only take a look at the US Congress (either house, choose...) to appreciate how rarely the combination of professionalism and consensus-building are present in a group where the word "policy" is spoken with any frequency, and rarer still when the group is able to deliver an intelligible work product in a timely manner.
The Zone File Access concept paper is posted for public comment through 8 April 2010. I encourage you to read the paper and comment to [email protected].
Kudos to the ZFA Advisory Group, may you become the poster child for policy-related activities in ICANN and beyond.