Beruflich Dokumente
Kultur Dokumente
Page 1 of 19
co.za Registrar Test Procedure Ver 0.6 Revision Date: 15 February 2011
Page 2 of 19
co.za Registrar Test Procedure Ver 0.6 Revision Date: 15 February 2011
Page 3 of 19
co.za Registrar Test Procedure Ver 0.6 Revision Date: 15 February 2011
Table of Contents
Introduction............................................................................................................................ 4 Disclaimer...............................................................................................................................4 Registrar Requirements......................................................................................................... 4 Test System............................................................................................................................5 Registrar Testing Functionality...........................................................................................5 Command Examples......................................................................................................... 8 Login.............................................................................................................................. 8 Logout.......................................................................................................................... 11 Addendum 1.........................................................................................................................12 Generating a Public Key.................................................................................................. 12 Using Java keytool...................................................................................................... 12 Using OpenSSL for clients connecting to the server...................................................12 Converting a binary certificate to an OpenSSL compatible certificate........................12 Addendum 2.........................................................................................................................13 References.......................................................................................................................13 Addendum 3.........................................................................................................................14 Sample scripts and clients. ............................................................................................. 14 Java Client................................................................................................................... 14 Python Client............................................................................................................... 14 PHP Client................................................................................................................... 15 Perl Client.................................................................................................................... 15 Addendum 4.........................................................................................................................16 Testing Domain Creation................................................................................................. 16 Addendum 5.........................................................................................................................18 Proposed Project Plan..................................................................................................... 18 Addendum 6.........................................................................................................................19 Glossary...........................................................................................................................19 Addendum 7.........................................................................................................................20 Document Version History............................................................................................... 20 Version 0.1 12 March 2010...........................................................................................20 Version 0.2 15 March 2010...........................................................................................20 Version 0.3 5 May 2010................................................................................................ 20 Version 0.4 12 May 2010.............................................................................................. 20 Version 0.5 31 January 2011........................................................................................ 20
Page 4 of 19
co.za Registrar Test Procedure Ver 0.6 Revision Date: 15 February 2011
Introduction
This document provides an overview of the co.za EPP Registry/Registrar project. The document includes a set of Registrar EPP testing procedures. The testing procedures will initially be based on the implementation of the project and may change as the co.za Registry project progresses. The interface between the registrar and registry is based on the Extensible Provisioning Protocol (EPP) as outlined in the IETF Standard No 69 covering RFCs 5730 to 5734. The test procedures cover the following:1. Connection, authentication and security checks for the Registrar connection to the Registry. 2. EPP domain provisioning commands within the co.za domain registration policy framework. This document will be updated to cover the transition to running live and will be extended with any further Registrar testing procedures including Registrar management functionality. Please send all comments/corrections to eppdev@dnservices.co.za for incorporation in this document.
Disclaimer
Successful compliance with the test and configuration procedures outlined in this Document does not constitute an automatic right of access to the final Registry system. Prospective registrars must first complete all aspects of the accreditation process, including the conclusion and signature of a Registrar Accreditation Agreement, prior to being issued an Accreditation Certificate. All Rights Reserved.
Registrar Requirements
To connect to the co.za Registry Test System (RTS) requires the following 1 Registration Send an email to eppdev@dnservices.co.za providing the following 1.1 Name of registrar, five or more character alphanumeric password, contact person name, email address and telephone number. Two registrar test accounts (registrar1 and registrar2) will be provided each with the same password to allow testing of the EPP transfer function. 1.2 Optional registrar public key attached in a zip file. The public key will be used for the secure connection of both registrar test accounts. See Addendum 1 for details on generating a public key. 2 Registrar client software either self developed in accordance with the required standards or any off the shelf client software such as available at the following: 2.1 co.za sample EPP clients http://registry.coza.net.za/doku.php?id=technical 2.2 http://search.cpan.org/~gbrown/Net-EPP-0.13/lib/Net/EPP/Client.pm 2.3 http://code.google.com/p/perl-net-epp/ 2.4 http://www.epp.org.ua/functionality 2.5 https://www.centralnic.com/company/labs/php 2.6 http://www.verisign.com/domain-name-services/current-registrars/epp-sdk
Page 5 of 19
co.za Registrar Test Procedure Ver 0.6 Revision Date: 15 February 2011
Test System
The co.za RTS connection details are as follows: 1. Host name regphase3.dnservices.co.za 2. Port number 3121 (epp-temp)
Page 6 of 19
co.za Registrar Test Procedure Ver 0.6 Revision Date: 15 February 2011
Object
Validation Implementation
Possible EPP Result Codes 1000,2307,2501 1000, 2302 1000, 2302 2101
Notes
Asynchronous create only Supported via a domain create or update Asynchronous update only Supported via a superordinate domain update
update
yes yes no
delete
yes yes no
1001, 2303,2304 1000, 2303, 2304, 2305 2101 Supported via a superordinate domain update or delete
renew
yes yes no
coza policy coza policy coza policy 2101 Supported via a superordinate domain update Includes subordinate hosts (in bailiwick) Hosts aret transferred with superordinate Contacts are copied when a domain object is transferred
transfer
domain
yes
coza policy
1001, 2301
host
no
coza policy
2101
contact
no
coza policy
2101
Page 7 of 19
co.za Registrar Test Procedure Ver 0.6 Revision Date: 15 February 2011
Object
Validation Implementation
Notes
domain
yes
coza policy
host contact check domain host contact info domain host contact logout
coza policy 1300, 1301 coza policy yes yes yes yes yes yes yes 1000 1000 1000 1000 1000 1000 1500
Page 8 of 19
co.za Registrar Test Procedure Ver 0.6 Revision Date: 15 February 2011
Command Examples
The EPP command examples are available at http://registry.coza.net.za/doku.php?id=epp_example_messages
Page 9 of 19
co.za Registrar Test Procedure Ver 0.6 Revision Date: 15 February 2011
Addendum 1
Generating a Public Key
To connect to the co.za RTS and to take advantage of maintaining a session across multiple connection instances without the need for a login on each command set the RTS must be provided with a public key as generated by the registrar and for which the registrar will use the corresponding private key. Several methods exist for generating keys including the following:Using Java keytool The keytool key generation utility, as provided with the Java 1.6 release available at http://java.sun.com or http://openjdk.java.net, for generating a keystore containing the required public and private key is used in the following steps: 1. Ensure that the keytool or equivalent key generation utility is in the path. This is typically the same directory where the java executable resides. 2. Generate the keystore containing the private and public keys on the registrar server as follows:
keytool -genkey -keyalg RSA -validity 365 -keystore certs -storepass \ changeit -keypass mypassword -alias registrarname
Using OpenSSL for clients connecting to the server The ssl private and public keys can be created using openssl toolkit available with most modern Linux distributions may be used as follows: 1. Ensure that the openssl toolkit is installed and is in the path. 2. Create the private key, add a public certificate and secure it
openssl genrsa 1024 > eppcert.pem openssl req -new -x509 -nodes -sha1 -days 365 -key eppcert.pem >> \ eppcert.pem chmod 400 eppcert.pem
Converting a binary certificate to an OpenSSL compatible certificate It may be required to convert a public key as generated by the java keytool utility into an openssl compatible certificate. This may be done in bash on a unix system as follows:
( echo '-----BEGIN CERTIFICATE-----' base64 -w 64 rar.public.crt echo '-----END CERTIFICATE-----' ) > rar.public.cer
Page 10 of 19
co.za Registrar Test Procedure Ver 0.6 Revision Date: 15 February 2011
Addendum 2
COZA EPP Extensions
The coza policy outlines the need for command and object extensions over and above the base EPP implementation. This addendum provides the specification for these extensions with notes on the policy changes. The following section details the Auto-Renew, CancelPendingAction, and Domain Listing extensions as well as the applicable responses.
Command Extensions
Command extensions expand the base EPP command mechanisms {create, update, delete, check, info, transfer, renew} with the schemas for the extensions available at http://registry.coza.net.za/doku.php?id=technical in the epp-schemas-1.0.zip archive. Auto-Renew This boolean flag switches auto-renew on or off. By default the coza policy defines that all domains will auto-renew until disabled or deleted. Auto-renew automatically renews a domain lifetime for a following period as defined by server policy. The auto-renew command extension is only applicable to the following Domain commands: create update info
CancelPendingAction EPP fails to define any mechanism to cancel a pending update should the update be undesirable or the Registrant opposes the update in any way. If this flag is provided with an Event name (based on server policy) the server will set the pending action status to cancelled thereby preventing the previous action from running. The CancelPendingAction command extension is only applicable to the following Domain/Contact command: update
Domain Listing A complete domain listing is available when a contact info command is requested by the owning Registrar, this listing specifies which domains the contact is responsible for and on what level {ownership, contact}. The domain listing is only applicable to the following Contact command: info
Registrar Balance A Registrar balance check is available when a contact info command is requested by the owning Registrar, this balance will include un-invoiced amounts for the Registrar account within the financial system. The contact balance is only applicable for the following Contact command:
Page 11 of 19
co.za Registrar Test Procedure Ver 0.6 Revision Date: 15 February 2011
info
TransferQuote A quotation for a Domain Transfer based on the period remaining. The transferQuote is only available when performing the following Domain command: info
Response
A response will be returned after success or failure of the abve commands. This response will detail the result message with an attribute 'result' defining success as below:
<cozaData> <detail result=success>The command completed successfully</detail> </cozaData>
And failure:
<cozaData> <detail result=failure>The domain does not exist</detail> </cozaData>
Page 12 of 19
co.za Registrar Test Procedure Ver 0.6 Revision Date: 15 February 2011
Addendum 3
Sample scripts and clients.
To facilitate testing and provide a starting point for registrars creating their own epp client software the system is bundled with sample xml files containing epp commands and several example epp client programs written in various languages. The sample bundle is available for download at http://registry.coza.net.za and are stored in the test/examples directory. Java Client The java epp client is a simple utility for sending epp commands to the RTS. It supports TLS 1.0 and sessions. The client requires the Java JRE 1.6 or greater. Usage may be obtained using:
java -jar epp-client.jar help
Usage is as follows:
java -jar epp-client.jar h reg-test.dnservices.co.za login.xml check_domain.xml
Usage is as follows:
./epp.py --host=reg-test.dnservices.co.za login.xml check_domain.xml
This command uses the python ssl module which limits it to python 2.6 and newer. The program supports SSL certificate keys if they are provided. For older versions of python from 2.3 upwards the python ssl module needs to be installed separately as follows: Download from http://pypi.python.org/pypi/ssl/1.15, untar in a separate directory, and run:
python setup.py install
Page 13 of 19
co.za Registrar Test Procedure Ver 0.6 Revision Date: 15 February 2011
Its mode of operation can only be changed by editing the program. Errors are produced using the php pear library which must also be installed. The class includes support for SSL client certificates. Perl Client The program requires the perl Net::EPP:Client library to be installed. On Ubuntu versions 10 and later the library can be installed using:
sudo apt-get install libnet-epp-perl
On other distributions of Linux or other operating systems use cpan as a user with the necessary privileges eg. root.
cpan
If its the first time cpan is run the program will ask various questions, the defaults can usually be accepted. At the cpan prompt enter the following
install install Net::EPP::Client
to install the library. cpan will probably ask to install several other related packages. Allow it to do so. Once the package is installed running:
epp.pl help
will bring up a command usage. Usage typically involves copying and editting the sample xml scripts and then running them. For example:
./epp.pl --host=reg-test.dnservices.co.za login.xml check_domain.xml
Page 14 of 19
co.za Registrar Test Procedure Ver 0.6 Revision Date: 15 February 2011
Addendum 4
Testing Domain Creation
The sub-domain test.dnservices.co.za has been made available for testing. For testing purposes make sure any domains are under test.dnservices.co.za, eg: example.test.dnservices.co.za. Any glue records to be exported should also appear under test.dnservices.co.za. Eg ns1.example.test.dnservices.co.za. The test.dnservices.co.za zone is rebuilt every 15 minutes. To test that a domain is being exported use dig under unix, linux, freebsd etc, for example:
dig @test.dnservices.co.za ns example.test.dnservices.co.za ; <<>> DiG 9.7.0-P1 <<>> @ test.dnservices.co.za ns example.test.dnservices.co.za ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60190 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;example.test.dnservices.co.za. IN NS
;; AUTHORITY SECTION: example.test.dnservices.co.za. 86400 IN NS ns1.example.test.dnservices.co.za. example.test.dnservices.co.za. 86400 IN NS ns2.example.test.dnservices.co.za. ;; ADDITIONAL SECTION: ns1.example.test.dnservices.co.za. 86400 IN A 192.168.0.1 ns1.example.test.dnservices.co.za. 86400 IN AAAA fc00::1 ;; ;; ;; ;; Query time: 23 msec SERVER: 160.124.24.121#53(160.124.24.121) WHEN: Wed May 5 15:46:08 2010 MSG SIZE rcvd: 127
Another popular tool to use to check is nslookup which works on all the unix like operating systems as well as Microsoft Windows:
nslookup - 160.124.24.121 > set type=ns > example.test.dnservices.co.za Server: 160.124.24.121 Address: 160.124.24.121#53 Authoritative answers can be found from: example.test.dnservices.co.za nameserver = ns2.example.test.dnservices.co.za. example.test.dnservices.co.za nameserver = ns1.example.test.dnservices.co.za. ns1.example.test.dnservices.co.za internet address = 192.168.0.1 ns1.example.test.dnservices.co.za has AAAA address fc00::1
Page 15 of 19
co.za Registrar Test Procedure Ver 0.6 Revision Date: 15 February 2011
(Hit Ctrl-D to exit under unix or Ctrl-Z under windows) These lookups will work on local name servers as soon as propagation has completed as for any newly registered domain.
Page 16 of 19
co.za Registrar Test Procedure Ver 0.6 Revision Date: 15 February 2011
Addendum 5
Proposed Project Plan
The following table provides an overview of the project status and estimated timelines: Phase 1 2 3 Start Date January 2010 1 March 2010 April/May 2010 End Date March 2010 March/April 2010 June/July 2010 Duration 2 3 months 2 Months 6 8 months Comment Complete testing phase RAR Testing Started May 2010 RAR Offline Testing Started 19 July 2010 Legacy RAR synchronisation project started January 2011 RAR live testing Maintenance
January 2011
March/April 2011
2 4 months
5 6
June/July 2011 -
2 3 months Lifetime
Once the system is live and operational further extensions will be considered including the implementation of DNSSEC.
Page 17 of 19
co.za Registrar Test Procedure Ver 0.6 Revision Date: 15 February 2011
Addendum 6
Glossary
. . . . EPP Extensible Provisioning Protocol. RTS Registry Test System. RAR Accredited Registrar. Legacy RAR UniForum SA.
Page 18 of 19
co.za Registrar Test Procedure Ver 0.6 Revision Date: 15 February 2011
Addendum 7
References
1. IETF Standard Number 69 (RFC 5730 to 5734). (http://ietf.org) 2. UniForum SA Published Policies for CO.ZA Registrar Accreditation version 6, 15 March 2010. (http://registry.coza.net.za/doku.php?id=published_policies_and_procedures).
Page 19 of 19
co.za Registrar Test Procedure Ver 0.6 Revision Date: 15 February 2011
Addendum 8
Document Version History Version 0.1 12 March 2010
1. Document Release.