Skip to main content
Resources

Results of the First gTLD Registry Compliance Audit

On 30 June 2006, ICANN completed its first gTLD Registry Compliance Audit. This audit was based on requirements contained in the Public Whois Specifications in ICANN's gTLD Registry and Sponsorship Agreements. Each registry's audit was individually tailored based on specific requirements in the relevant agreement (e.g., "thick" versus "thin" registry models)[1]. This audit was the first in a series of upcoming audits, published to ensure openness and transparency of ICANN's registry compliance program.

Background Information

In 2005, ICANN posted an outline for its Contractual Compliance Program to explain the purpose of designing a comprehensive compliance program and to lay out the elements necessary to ensure its success. The program encompasses a new staff function dedicated to ensuring a thorough audit of all parties on all areas enumerated in the agreements as ICANN performs routine compliance checks throughout the year.

The overall goal of the compliance program is to ensure that both ICANN and its contracted parties fulfill the requirements set forth in the agreements between the parties. In achieving this goal, ICANN intends to:

  • Demonstrate the openness and transparency of ICANN's operations
  • Provide fair and equitable treatment in applying compliance efforts
  • Establish clear and easy-to-use channels for communication on compliance matters
  • Supplement staff knowledge and enable greater responsiveness to changes in the environment
  • Enhance clarity and certainty for the community about the agreements
  • Identify potential areas for reform to be considered by the ICANN community

In accordance with the goals of the program, the proposed budget for the fiscal year 2006-2007 (http://www.icann.org/en/announcements/proposed-budget-2006-07-cln.pdf) provides that ICANN will expand the corporate compliance program, including the system for auditing gTLD Registry and Sponsorship Agreements and Registrar Accreditation Agreements. In addition, the 2006-2009 Strategic Plan emphasizes the necessity of a fully staffed and fully equipped compliance department (see http://www.icann.org/en/announcements/strategic-plan-22jun06.htm#challenges).

Compliance Audit Process

Preparation for the gTLD Registry Compliance Audit included advance notification to the registries and sponsors explaining what the audit would entail and alerting them to the two week auditing period from June 19- 30 2006.

The testing began with a random selection of three domain name records per gTLD to query, in order to check for availability of Whois service and display of required fields in the output. Following this, queries were performed on contact records, nameserver records, and registrar records, and these results checked for display of required fields. In testing for display of required fields, results for a given type of query tended to be repetitive within a TLD, making duplicative audits of a large sample size unnecessary. The explanatory terms and conditions provided with Whois results after querying a record were also reviewed to ensure compliance with each registry agreement.

The statistics provided below are based on results compiled from web-based[2] and port 43[3] lookups of data elements required in the Public Whois Specifications[4] of the registry agreements. Accuracy of the Whois information displayed by registries was not checked in testing for display of required fields.[5]

The following categories were tested:

  • Availability of web-based and port 43 lookup service
  • Display of required fields in domain record query for web-based and port 43 access
  • Display of required fields for contact record query for web-based and port 43 access
  • Display of required fields for nameserver record query for web-based and port 43 access
  • Display of required fields for registrar record query for web-based and port 43 access
  • Terms and Conditions for web-based and port 43 queries

At the conclusion of the audit, each registry or sponsor was given its results, an explanation of any areas in need of reform, and a deadline to respond. Prior to publication of these results, the registries and sponsors were offered an opportunity to submit initial feedback for improvement of the compliance program as it moves forward.

Audit Summary:

The table below shows the number of issues identified in each category.

Registries tested in each category Name of Category Tested # of reported issues (web-based) # of reported issues (port 43)
14 Availability of Whois lookup service 0 0
14 Domain Record Query 6 5
14 Nameserver Record Query 6 6
14 Contact Record Query 5 3
14 Registrar Record Query 9 9
14 Terms and Conditions 3 3
  Total Number of Reported Problems 29 26

Registries and sponsors reported back that corrective action is being taken based upon:

  • Modifications by registry and sponsor technical staff
  • Time required to request and secure amendments to the registry agreements with ICANN

The table below shows the number of issues that have been resolved to date.

ICANN will provide updates of problem areas corrected using subsequent tables to reflect problems that have been resolved.

Category Tested # of reported issues # of items resolved # of Items in process of resolution # of Items still pending
Availability of web-based and Port 43 Whois service 0 0 0 0
Domain Record Whois Output - Web-based 6 1 2 3
Domain Record Whois Output - Port 43 5 1 2 2
Nameserver Record Whois Output - Web-based 6 2 2 2
Nameserver Record Whois Output - Port 43 6 2 2 2
Contact Record Whois Output - Web-based 5 1 1 3
Contact Record Whois Output - Port 43 3 0 1 2
Registrar Record Query - Web-based 9 2 4 3
Registrar Record Query - Port 43 9 2 4 3
Terms and Conditions – Web-based 3 1 1 1
Terms and Conditions – Port 43 3 1 1 1
Total problems identified: 55 13 20 22

As ICANN proceeds with the implementation of a standardized compliance schedule, the initial results from the gTLD Registry Compliance Audit and collective feedback from the registry community will serve to improve the procedures of the Compliance Program.

[1] Registries or sponsors have the ability to store Whois data for a domain name in two ways, "thin" or "thick." A thin domain record will contain the name of the registrar, nameservers, and term of the registration. A thick domain record will provide the above data as well as contact data associated with the registration.

[2] All of the registry operators provide a front-end web interface to allow user access to the Whois service (commonly known as web-based lookup).

[3] A protocol TCP Port 43 (commonly known as port 43 service is used to supply Whois information). This is an older protocol that provides a direct method of accessing information.

[4] Depending on the agreement, Public Whois specifications can either be found in Appendix O, Attachment 15, or Appendix S. See http://www.icann.org.en/registries/agreements.htm.

[5] There is no contractual requirement for registries to ensure accuracy of Whois data provided by registrars.

A note about our terms of service:

We have updated our electronic terms of service to provide greater transparency and align with laws applicable to us. Learn more.

This site uses cookies to deliver an efficient user experience and to help us see how the site is used. Learn more.OK

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."