Applicant Information

Does or will this RSP have a publicly verifiable, 3rd party certification (e.g. ISO 27001) held directly by the organization and relevant to the registry services under application?

Yes

Does or will this RSP have processes and controls to manage physical access to infrastructure and systems, including building access controls, security cameras and/or other sensors, physical environmental monitoring and safety equipment, and alarm systems related to the physical infrastructure?

Yes

Does or will this RSP have processes and controls to manage non-physical access to infrastructure, including network access from both internal systems and external Internet systems, intrusion detection systems, security information and event management systems, network firewalls, network segmentation and isolation, user identification and authentication, and authorization schemes?

Yes

Does or will this RSP have processes and controls pertaining to the selection of vendors and equipment suppliers, management and maintenance of assets while in use, procurement of assets, and safe disposal of assets?

Yes

Does or will this RSP routinely renew and keep safe all cryptographic material necessary for the operation of the RSP?

Yes

Does or will this RSP secure (e.g. encryption, tamper detection, etc…) at-rest data relevant to the operation of the RSP, including but not limited to DNSSEC if applicable?

Yes

Does or will this RSP secure (e.g. encryption, tamper detection, etc…) in-transit data relevant to the operation of the RSP, including but not limited to DNSSEC if applicable?

Yes

If applicable, does or will this RSP have security controls for data in virtualized environments, including controls relevant to both on-premises or private virtualization environments as well as public clouds, network isolation, memory isolation, process isolation, and hypervisor access controls?

Yes

Does or will this RSP have a senior executive primarily in charge of and responsible for security?

Yes

Does or will this RSP conduct background checks, both initial and on-going, of personnel and vendors relevant to the registry services under application?

Yes

Describe the solutions and mitigations to be used to thwart Distributed Denial of Service (DDOS) attacks against the authoritative DNS services.

The dataplane components of Google’s authoritative DNS services are integrated with proprietary DoS protection libraries. These enable the detection, monitoring and blocking of attacks. The scale and distribution of these dataplane components is such that the vast majority of attacks can be absorbed without intervention (either by automation or human operators). Google also has defense in depth through blocking of abusive traffic in the network, before it even reaches DNS frontends.

Does or will this RSP comply with BCP 38?

Yes

Does or will this RSP implement routing security of some nature, such as automated route filters, RPKI route origin validation, or other operational practices defined by the Internet Society and Global Cyber Alliance's Mutually Agreed Norms for Routing Security (MANRS)?

Yes

Does or will this RSP have documented, regular, and active practices for the maintenance of hardware relevant to the registry services under application?

Yes

Does or will this RSP have documented, regular, and active practices for the maintenance, upgrading, and patching of software relevant to the registry services under application?

Yes

Does or will this RSP have documented, regular, and active practices for the lifecycle of hardware relevant to the registry services under application?

Yes

Does or will this RSP have documented, regular, and active practices for the secure development of software?

Yes

Does or will this RSP have documented contingency plans for extraordinary scenarios regarding the maintenance of hardware relevant to the registry services under application?

Yes

Does or will this RSP have documented contingency plans for extraordinary scenarios regarding the maintenance, upgrading, and patching of software relevant to the registry services under application?

Yes

Does or will this RSP have documented contingency plans for extraordinary scenarios regarding the lifecycle of hardware relevant to the registry services under application?

Yes

Does or will this RSP have documented contingency plans for extraordinary scenarios regarding the development of software?

Yes

Does or will this RSP use Infrastructure-as-Code (IaC) to manage all systems relevant to operation of the registry services under application?

Yes

Does or will this RSP use automated orchestration to manage all systems relevant to the operation of the registry services under application?

Yes

Describe the methods resiliency for DNS, including the use of anycast, primary and secondary DNS authoritative servers, and hidden DNS zone transfer servers.

Cloud DNS provides the resiliency required for the operation of a gTLD by operating on a globally-distributed, redundant footprint at all layers of the stack: network backbone, L3 network load balancing, DNS frontend serving and DNS database. The Cloud DNS API is used to perform updates to zone data, with authorization and authentication performed using Google Cloud’s central Identity and Access Management solution (https://cloud.google.com/iam/docs). Cloud DNS API changes are committed to the equivalent of a hidden master, then updates are distributed globally to serving frontends. Updates are distributed internally using Google’s proprietary RPC protocol, including mutual authentication (similar to mTLS) between all servers in the stack. Anycast is used to direct requests from users to nearby datacenters with network load balancing infrastructure, from where those requests are further load-balanced across DNS frontends. In case of failures traffic can be quickly steered to healthy frontends within the datacenter or to other datacenters by network administrators.

Does or will this RSP have at least two Tier III (as defined here: https://uptimeinstitute.com/tiers) or equivalent data centers having no inter-dependencies for DNS zone distribution?

Yes

Does or will this RSP have at least two Tier III or equivalent data centers having no inter-dependencies for global DNS anycast service?

Yes

Does or will this RSP have enough coverage of DNS service to accommodate failures of any DNS point-of-presence to maintain minimum Service Level Requirements?

Yes

Does or will this RSP implement RFC 1034 (“DOMAIN NAMES - CONCEPTS AND FACILITIES”)?

Yes

Does or will this RSP implement RFC 1035 (“DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION”)?

Yes

Does or will this RSP implement RFC 1123 (“Requirements for Internet Hosts -- Application and Support”)?

Yes

Does or will this RSP implement RFC 1982 (“Serial Number Arithmetic”)?

Yes

Does or will this RSP implement RFC 2181 (“Clarifications to the DNS Specification”)?

Yes

Does or will this RSP implement RFC 3226 (“DNSSEC and IPv6 A6 aware server/resolver message size requirements”)?

Yes

Does or will this RSP implement RFC 3596 (“DNS Extensions to Support IP Version 6”)?

Yes

Does or will this RSP implement RFC 3597 (“Handling of Unknown DNS Resource Record (RR) Types”)?

Yes

Does or will this RSP implement RFC 4343 (“Domain Name System (DNS) Case Insensitivity Clarification”)?

Yes

Does or will this RSP implement RFC 6891 (“Extension Mechanisms for DNS (EDNS(0)))”?

Yes

Does or will this RSP implement RFC 7766 (“DNS Transport over TCP - Implementation Requirements”)?

Yes

Does or will this RSP implement RFC 5001 (“DNS Name Server Identifier (NSID) Option”)?

Yes

Does or will this RSP operate DNS service according to RFC 6168 (“Requirements for Management of Name Servers for the DNS”)?

No - Proprietary controls equivalent to RFC 6168 exist: 2.1.2. Name Server Discovery: Google’s DNS frontends are deployed using proprietary cluster orchestration software (Borg) and registered with Google’s proprietary load-balancer. These integrations render them discoverable both by our network load balancers, and by all other software components that need to communicate with them. 2.1.3. Configuration Data Volatility: Google Cloud DNS supports both static zones, and those with very high update rates. 2.1.4. Protocol Selection: Beyond the DNS protocol itself, all components in the Google Cloud DNS serving stack support exactly one other protocol: our proprietary RPC protocol, using well-defined internal APIs. 2.1.5. Common Data Model: the data model used by Google Cloud DNS is documented in its public API (https://cloud.google.com/dns/docs/reference/rest/v1). 2.1.6. Operational Impact: there is sufficient redundancy in the Google Cloud DNS serving stack that the operations described in the RFC can be performed without any impact on internet-facing serving capability. 3.1.1. Needed Control Operations: all of the operations outline in the RFC can be performed with RPC calls against various component of the Cloud DNS serving stack 3.1.2. Asynchronous Status Notifications: the only long-running operations in the Google Cloud DNS serving stack are invisible to customers, and thus there are no “async + status check” operations in its public API. 3.2. Configuration Requirements: all the supported operations here are part of the Cloud DNS public API. 3.3. Monitoring Requirements and 3.4. Alarm and Event Requirements: All software involved in the Google Cloud DNS serving stack implements a standard RPC interface integrating it with Google’s monitoring and alerting systems. Metrics related to availability, latency and error rates are continuous monitored by these systems, with alerts defined to page SRE on-callers on any anomalous behavior.

Does or will this RSP operate DNS service according to RFC 8906 (“A Common Operational Problem in DNS Servers: Failure to Communicate”)?

Yes

Does or will this RSP operate DNS service according to RFC 9199 (“Considerations for Large Authoritative DNS Server Operators”)?

Yes

Does or will this RSP operate DNS service according to RFC 9210 (“DNS Transport over TCP - Operational Requirements”)?

Yes

Does or will this RSP meet the standards established in the Service Level Agreements defined in Specification 10 of the ICANN Registry Agreement (version 2024) with regard to DNS?

Yes

Does or will this RSP compartmentalize (e.g. virtualization) the DNS service in such a manner that each compartment (e.g. containers, virtual machines, physical machines) is dedicated to DNS (excluding system services such as monitoring, remote access and NTP)?

Yes

Does or will this RSP monitor all unique DNS servers of all anycast nodes?

Yes

Does or will this RSP operate authoritative DNS servers according to the IANA Technical Requirements for Authoritative Name Servers (https://www.iana.org/help/nameserver-requirements)?

Yes

Does or will this RSP meet the standards established in Specification 10 of the ICANN Registry Agreement (version 2024) with regard to DNS and IPv4?

Yes

Does or will this RSP meet the standards established in Specification 10 of the ICANN Registry Agreement (version 2024) with regard to DNS and IPv6?

Yes

Does or will this RSP regularly exercise DNS Service continuity actions?

Yes

Does or will this RSP be capable of transferring all applicable operations to another RSP as defined by the Material Subcontracting Arrangement Technical Questions?

Yes

Does or will this RSP participate in coordinated Emergency Back-end Registry Operator (EBERO) transitions, including but not limited to maintaining the DNSSEC chain of trust, of hosted gTLDs when the business relationship of this RSP and the Registry Operator is not in good standing?

Yes

Does or will this RSP monitor for faults inside its own network?

Yes

Does or will this RSP monitor for faults from a point outside any of its own networks?

No - Google monitors its Maglev-based network load-balancers with probers that encapsulate packets to a “fake peer” interface on every peering device. This exercises the full ingress and egress path from a vantage point identical to that of an autonomous system peering directly with AS15169, including (for example) the ingress ACL and egress SDN. Independently of this, each of the Cloud DNS VIPs is monitored by anycast probes originated in approximately 30 Google datacenter locations distributed worldwide. Every authoritative nameserver process is monitored independently with GRE-encapped probes. We believe that this scheme gives equivalent monitoring coverage (with substantially better fidelity) to externally-originated probes.

Does or will this RSP have documented processes for aggregation and triage of faults?

Yes

Does or will this RSP have documented processes to mitigate faults once detected?

Yes

Does or will this RSP have processes to minimize faults during maintenance of systems, including both automated processes and manual change control processes?

Yes

Does or will this RSP have personnel capable of reacting to and mitigating faults 24 hours per day of every day of every year of service?

Yes

Provide documentation regarding any RSP functions currently being served for any gTLD, the domain names of the gTLDs, and all service disruptions for each gTLD in the past six months, where a service disruption is defined by Specification 10 of the ICANN Registry Agreement (2024).

In the past six months, we had no failures across our current portfolio of 46 TLDs: app dev page ing zip day meme mov how boo foo dad nexus rsvp esq phd new soy channel xn--q9jyb4c prof goog google meet youtube gle play gmail here android docs eat fly chrome drive dclk guge ads hangout prod search gbiz xn--flw351e cal map xn--qcka1pmc