| Ref: | RAR |
| Title: | Roles & Responsibilities |
| Date Issued: | 14 October 2002 |
| Status: | REPLACED by v 2.0 |
| Version: | 1.1 |
1.1 This policy sets out the Domain Name Commissioner's ("DNC") expectations of all parties involved in the Shared Registry System ("SRS"): InternetNZ, .nz Registry Service ("NZRS"), registrars, and registrants.
1.2 It clearly establishes the standards of behaviour required to operate in the .nz domain name space ("DNS"), and the consequences of breaching these standards.
2. Background
2.1 InternetNZ has responsibility within New Zealand for the .nz DNS, and has implemented a SRS for the management of .nz domain name registrations and the operation of the DNS.
2.2 A SRS establishes a single register for registering domain names and associated technical and administrative information. The registration of domain names and modification of information associated with that name on the register can be effected only by authorised registrars.
2.3 Registrars are responsible for managing their relationship with registrants. There is no communication between NZRS and registrants.
3 Roles and Responsibilities - Registrar
3.1 There are registrar obligations and responsibilities detailed in the Authorisation Agreement, the Connection Agreement, and the .nz Registrant Agreement Core Terms and Conditions. These responsibilities set out the standard of behaviour required to operate in the .nz DNS. The core clauses of these agreements are listed in Appendix 1. In addition to the specific clauses listed in Appendix 1, other general principles are listed to clarify the expectations and standards of registrars involved in the SRS.
Registrars will:
3.2 Behave ethically and honestly and operate in good faith according to established standards.
3.3 Promote the confidence of registrants by maintaining fair and open competition, including not colluding with other registrars when setting pricing structures.
3.4 Only register a domain name at the request of a domain name registrant.
3.5 Not register domain names on their own behalf unless they are/will be using that domain name themselves.
3.6 Not undertake any action that results in preventing any legitimate domain name registration.
3.7 Not send a renewal notice, or anything that could reasonably be construed to be a renewal notice, to a registrant, unless the registrar is the registrar-of-record for that domain name.
3.8 Make reasonable efforts to advise the registrant of the need to renew, preferably at least 30 days prior to expiry.
3.9 Not make an offer to a registrant for whom they are not currently the registrar-of-record, for domain name services unless:
3.11 Take action to discourage any activities by its employees which contravene any of the provisions in the Authorisation Agreement, the Connection Agreement, or the Registrant Agreement or any of the .nz Policies and Procedures.
3.12 Establish a dispute and complaint resolution process that is clearly publicised and readily available to their customers. If this is not covered fully in the registrar's Terms and Conditions Agreement it should at least be referred to, with a clear reference to the detailed process.
3.13 Ensure they are able to address any issues raised by their registrants in line with the service standards specified in their terms and Conditions. The DNC is not responsible for handling general inquiries from registrants and will direct any such inquiries back to the appropriate registrar.
3.14 Ensure that registrants are fully notified if the registrar decides to transfer on bulk the domain names allocated to them to another registrar. This should include clearly identifying who the new registrar will be, any changes to Terms and Conditions, and a statement that if they do not want their domain name to transfer to the new registrant they are able to effect a transfer to another registrar at any time.
3.15 Ensure that any organisation working through the registrar's systems operates in a manner consistent with the behaviour required of registrars. Note - registrars are responsible for all actions of any person or organisation acting as "resellers" through the authorised registrar.
4. Roles and Responsibilities - Registrant
4.1 The obligations and responsibilities of the registrant are detailed in the Registrar - Registrant Agreement. This document sets out the standard of behaviour required to operate as a .nz domain name holder. The following general principles have been provided to assist the registrant in meeting the expectations of all the parties involved in the SRS.
4.2 Registrants are reminded that there is no obligation on a registrar to accept any registrant, or responsibility for managing any domain name.
4.3 The core requirements on registrants are to keep all their information current and accurate, and to pay, as they become due, all the charges associated with their domain name.
4.4 Once a name has been listed the registrant may specify further sub-domains that can appear to the left of the listed name. These sub-domains are outside the scope of InternetNZ policy and are the responsibility of the registrant. They are however, expected to be in the spirit of RFC1591.
5 Roles and responsibilities of Registry (NZRS)
5.1 NZRS's obligations and responsibilities are detailed in the Connection Agreement. The core clauses of this document are available in Appendix 1.
5.2 NZRS is also bound by the requirements detailed in a Service Level Agreement between it and InternetNZ.
6. Roles and Responsibilities of InternetNZ
6.1 The obligations and responsibilities of InternetNZ are detailed in the Authorisation Agreement. This document sets out the standard of behaviour expected by InternetNZ in their day-to-day relationships with NZRS and the registrars. The core clauses of these documents are available in Appendix 1.
6.2 The Office of the DNC will oversee the SRS and ensure an open, competitive and fair market.
6.3 The Office of the DNC will:
This section refers only to those sanctions that the DNC may impose. It complements measures specified in the Agreement, and .nz Policies and Procedures, and should be read in conjunction with all of these.
7.1 Sanctions may be imposed in the form of suspensions, directions to reverse transaction(s), directions to undertake transactions, or registrar de-authorisation.
7.2 They are enforced by the DNC on behalf of InternetNZ.
7.3 Sanctions Applicable to Registrants:
8.1 A range of information about .nz policies, the shared registry system, registrant rights, and domain names in general is publicly available on the Internet. This includes:
1.1 Comply with all obligations as set out in the Connection Agreement, the Authorisation Agreement, and the Registrant Agreement.
1.2 Comply with all NZRS's policies, directions, and instructions concerning access to the register and use of their interface with the register.
1.3 Accurately and completely disclose all terms and conditions associated with domain name registration and management in the .nz DNS including price and billing information to actual and prospective registrants.
1.4 Maintain all documentation regarding activities as a registrar for not less than 7 years, and in particular, all instructions from registrants regarding their domain names.
1.5 Maintain all records relating to transactions, correspondence, and communications with us for a period of not less than 7 years.
1.6 Maintain a record of .nz domain names registered in their name, any entity in which they have an interest, or any entity which has an interest in them, and provide this to InternetNZ on request.
1.7 Make available to InternetNZ, or anybody authorised to act on the behalf of InternetNZ, all information requested by them about activities performed as a registrar, and provide access to premises during normal business hours for that purpose.
1.8 Advise InternetNZ and NZRS if the registrar or their officers are adjudicated bankrupt, have a receiver appointed for any of their assets, go into liquidation, are convicted of an offence involving dishonesty, fraud, misuse of funds, misuse of information, or are found to have breached the Privacy Act.
1.9 Notify InternetNZ in writing of cancellation of authorisation status providing two months notice.
1.10 Supply the domain name data in the format required by the technical specifications.
1.11 Access the register for the sole purpose of managing the domain names for which they are the designated registrar.
1.12 Provide information requested by NZRS regarding obligations pursuant to the Connection Agreement within 7 days.
1.13 Notify NZRS immediately where they lose or wish to change their identification and/or logon information.
1.14 Comply with the minimum technical requirements published on InternetNZ’s web site and use people with an appropriate level of training, experience, and skill to respond to and fix all technical problems concerning your use of the register and all links connected to it.
1.15 Provide a reliable daily data backup and archive of all registration data.
1.16 Establish and maintain security procedures to prevent malicious or accidental disruption of operations including loss, wrongful access, misuse, or unauthorised disclosure of information.
1.17 Notify InternetNZ immediately where the security of identification and/or register access identifier is compromised.
1.18 Protect NZRS against any legal action taken because of the receipt or use of their services by the registrant or someone the registrant is responsible for or has a relationship with.
1.19 Not engage in any direct or indirect activity which is designed to bring, or has the effect of bringing, the management of the .nz domain space into disrepute.
1.20 Carry out activities in a prudent and competent manner and according to best practice standards to prevent technical failure, breach of security, and disruption to the register, or any of the services NZRS provides.
1.21 Maintain status as a registrar authorised by InternetNZ and a reliable and secure connection with the register.
1.22 Specify the time for processing new applications so registrants are aware of the standard; i.e.: process any new .nz domain name registrations with the register within [ hours] from the time the registrar receives all the information required to complete a registration if it is within the registrar's advertised business hours of [ ] [ ], and otherwise within [hours].
1.23 Initiate an update process which, following a transfer updates domain name details as required (e.g. Name Server List, Administrative and Technical Contact Details).
1.24 Maintain a business operation necessary for, and technical equipment capable of, handling the volumes of transactions managed by them.
1.25 Pay any sum of money owing to InternetNZ.
1.26 Arrange upon cancellation of the Authorisation Agreement for the transfer of registered domain names, for which they are the designated registrar, to a new registrar(s), and the notification of this to each registrant for whom they act.
1.27 Ensure everyone they are responsible for, or have a business relationship with, in relation to their role as an authorised registrar complies with all the above clauses.
1.28 Make registrants aware of the nature of the relationships around a DNS registration.
1.29 Foster adequate competition to provide registrants with genuine choice.
1.30 Inform registrants about InternetNZ and its activities.
1.31 Have an agreement with each registrant for whom they act which contains the minimum standard terms required by InternetNZ. Any additional terms added by the registrar must not be inconsistent with those rights and obligations. Each registrant needs to have signed up to the agreement and this needs to be recorded in a way that provides for details of the acceptance to be referred to at a later time.
1.32 Notify any registrant for whom they act that use of the domain name may breach third party legal rights. That it is the registrant’s responsibility, as a condition of registration of the domain name, to satisfy itself that such legal rights are not infringed; to protect the registrar, InternetNZ, and everybody who has the benefit of this agreement, from any claim arising out of the domain name being registered to that person.
1.33 Comply with the registrant's lawful directions regarding their .nz domain name in a diligent and timely manner. (e.g. registration, registration period, cancellation amendment, transfer, inaccuracy of information and any technical support and billing matters).
1.34 Provide to the registrant, or someone the registrar reasonably believes to be acting on their behalf, confirmation of their domain name registration including details of the domain name, their registrar, the registration period, the Unique Domain Authentication ID ("UDAI"), and obligations of the registrant, for no charge.
1.35 Ensure registrant receives adequate proof of identity when they ask to cancel a domain name, transfer a domain name to a new registrant and provide the UDAI to a registrant. And, where the registrant is an organisation, that they have the authority to request that transfer/cancellation.
1.36 Provide one months notice before canceling the Registrant Agreement.
1.37 Establish procedures that enable registrants to transfer to a new registrar without interruption in the use of their domain name and follow the .nz policies set by Internet NZ regarding that topic.
1.38 Use a registrant's personal information only as authorised by them.
1.39 Take all reasonable steps to safeguard and protect all information about registrants stored in their databases and system(s).
2. Roles and Responsibilities of Registrants
2.1 Comply with all of the obligations as listed in the Registrant Agreement:
2.2 Ensure all information given to the registrar is accurate and complete.
2.3 Keep the registrar informed of changes to this information.
2.4 Confirm the information held on the register associated with their domain name through doing a "whois" search on the register.
2.5 Ensure their use of a domain name will not infringe anybody’s intellectual property rights, and protect the registrar, and everybody the registrar is in any business relationship with to provide services to the registrant, from any such claim.
2.6 Ensure the registrar's services are used for a lawful purpose only.
2.7 Ensure that their use of any domain name registered to them does not interfere with other users of the Internet.
2.8 Ensure that any order of any authority having jurisdiction regarding any domain name registered to that registrant is complied with.
2.9 Pay any outstanding fees to the releasing registrar when transferring to a new registrant.
2.10 Ensure everyone they are responsible for, or who uses a domain name registered by them, meets the duties here listed.
2.11 Take complaints about the registrar up with the registrar in the first instance before presenting it to the DNC who will decide whether to investigate it.
2.12 Raise any claim or dispute within 60 days from the date the relevant service was supplied to them.
3. Roles and Responsibilities of NZRS
3.1 Hold the details of name holders for the technical operation of the DNS as an addressing system.
3.2 Exercise its responsibilities in a fair, open, transparent, and timely manner.
3.3 Enter into a registry - registrar agreement with any authorised registrar seeking such an agreement on the terms specified by the Connection Agreement.
3.4 Notify registrars when they have met the access requirements and are permitted access to the register.
3.5 Ensure that no registrar's authorisation status or Connection Agreement will be cancelled without the written consent of InternetNZ.
3.6 Write safeguards into the contract with InternetNZ to ensure that registrars are given a reasonable period of notice to rectify any deficiencies/faults.
3.7 Provide registrars with the level of technical and customer service support required by the InternetNZ - Registry agreement.
3.8 Take reasonable steps to protect a registrar's personal information against loss or unauthorised access, use, disclosure or other misuse.
3.9 Ensure all transaction formats have an additional optional field for registrars to record whatever information is relevant to them for audit purposes. For example, a registrar might choose to record their own user ID for the staff member who issued the transaction. This field will not be stored in the register.
3.10 Apply a rate limiting registrar queries, which will only be applied if response times to registrars in general appears to be affected by heavy loading from a few.
3.11 Extract billing details from the register on a daily basis, which will enable registrars to query their billing transaction items progressively during the month, receiving accurate, up to date information at any time.
3.12 Provide a registrar implementation package, including sample code and technical specifications, to enable registrars to develop their interface with the register. Registrars however will be fully responsible for the effectiveness, efficiency, accuracy, and operation of their own interface.
3.13 Notify InternetNZ should it limit access to NZRS and supply the nature and reason for the limitation.
3.14 Go through the appropriate contact point when an issue arises which requires name holder awareness. In the case of a mediated relationship, this is through the registrar appointed by the name holder to manage their details.
3.15 Not claim any intellectual property rights regarding data supplied by or through registrars except as laid out in the Connection Agreement.
3.16 Act only as a registry of information and have no direct relationship with any domain name holders.
3.17 Maintain the register in line with the requirements of the InternetNZ - Registry agreement.
3.18 Use people with sufficient technical training, experience and skills to respond to and fix all problems associated with the register and its links.
3.19 Comply with the terms of agreements between registrars and registrants, and the Privacy Act 1993, in the management of personal information held on the register.
3.20 Attend the Registry-Registrar Committee meetings convened by InternetNZ.
3.21 Log all changes to data in the register, date and time stamp, and identify the entity (specific registrar, registry) responsible for the change.
3.22 Provide a batch transfer facility for situations where, for example, a registrar's business is sold to another authorised registrar.
3.23 Transfer all domain names managed by one registrar to another by changing the Designated Registrar field.
3.24 Notify both the releasing and gaining registrars, itemising the transferred domain names. This process will not include domain names that have been locked. NZRS will need to manually transfer any locked domain names.
3.25 Generate a new Unique Domain Authentication ID for each domain name and this will be included in the notification to the gaining registrar (but not the releasing registrar).
3.26 Develop an automated process to perform the housekeeping tasks necessary to manage cancelled domain names. This process will be capable of running as a scheduled job (possibly daily) or being initiated by NZRS on an ad hoc basis.
3.27 Create a system to check all cancelled domain names that are pending release. If the domain name has passed out of its pending release period it will be released, thus becoming available for anyone else to register. Domain names that have been locked will not be released.
3.28 Remove domain names from the register when they are released. In the unlikely event that a released domain name has not had its final billing (up to and including the month in which it was cancelled), the system will ensure that the billing is completed.
3.29 Create new registrars in the system.
3.30 Allocate a new password to a registrar.
3.31 Update registrar details.
3.32 Ensure the security for the system conforms to industry best practice standards current at the time of implementation, to secure the data in the register against damage, loss or unauthorised access.
3.33 Ensure the security system is able to grant or deny specific users (the registrars and NZRS) access to specific processes.
3.34 Be able to reproduce all details associated with a domain name at any specified point in time. This includes an inquiry about a domain name or registrar details, and the full change history of any domain name or registrar, for a specified period.
3.35 Hold all transaction records in perpetuity. These transactions will be stored in their native XML format.
3.36 Provide an archiving process that breaks the log into separate files based on an appropriate time period.
3.37 Keep statistics on all transactions made on the system, including all queries and changes to data. The statistics logged will include the:
3.39 Provide a facility whereby NZRS are automatically notified of activities recorded in the activity log that meet certain customisable parameters. For example, this would immediately highlight a situation where a registrar was 'spamming' the register, possibly denying other registrars normal levels of access.
3.40 Consult on any amendments to policies through the Registry-Registrar Standing Committee, except where the integrity of NZRS systems is at significant risk. All changes to policies will be notified to Registrants by email and by posting them on www.nzrs.net.nz before the date they become effective.
3.41 Notify changes to the system and provide one month's notice.
4. Roles and Responsibilities of InternetNZ
4.1 Exercise responsibilities in a fair, open, transparent and timely manner.
4.2 Protect and promote the needs of current and future users of the Internet and the DNS in New Zealand.
4.3 Promote and encourage robust competition.
4.4 Encourage Internet access, accessibility, diversity, useability, education, and affordability.
4.5 Maintain an active oversight and management of the .nz DNS.
4.6 Comply with obligations as set out in the Registry Contract.
4.7 Apply standards and policies justifiably and equitably.
4.8 Manage the .nz DNS in line with IANA policy documents.
4.9 Adapt policies and develop local policy for the .nz DNS in consultation with stakeholders.
4.10 Publicise any amendments to .nz policies before implementing them. All changes to .nz policies will be posted on an InternetNZ web site and registrars will be notified by email before the date the amendments become effective.
4.11 Create second level domain ("2LD") policy to cater for "communities of interest" appropriate to the .nz DNS.
4.12 Carry out additional third party checks to confirm the information provided by the registrar in support of their authorisation application.
4.13 Establish a Standing Committee comprising representatives of registrars, NZRS, and InternetNZ to resolve technical issues regarding the technical specifications of the register, its interfaces, and the management of the .nz DNS.
4.14 Regularly convene a committee of representatives to discuss issues regarding the management of the .nz DNS.
4.15 Take all reasonable precautions to protect personal information against loss or unauthorised access or use, disclosure or other misuse.
4.16 Contact registrars and send information to them through the Internet wherever possible, to the e-mail address specified by them.
4.17 Notify registrar's when they have met the preliminary requirements.