Two modes of registrar access:
- Public queries to whois or DNS machines outside firewall
- Database modification access through the firewall
An initial email based protocol gives us a straightforward
well-understood security model. It also gives us a ready-made
transport protocol with queueing and fault recovery.
The firewall is configured very simply. It passes:
- email
- updates for zone data and whois data
Later it could be configured to pass a more efficient ad-hoc
protocol.
-
I have ignored business oriented processing -- billing and so on. It
is my belief that we should adopt policies that allow separation of
registration and billing.