This is the DNSSEC policy of Afilias, the Back End Service Provider for the .GODADDY TLD.

1. INTRODUCTION

1.1. Overview

This document was created using the template provided under the current practicing documentation. This document comprises the practices utilized by Afilias to operate DNS zones as it relates to the DNS Security Extensions. Unless stated otherwise within this document, these statements pertain to all TLD zones under Afilias auspice that have been signed.

1.2. Document name and identification

Afilias DNSSEC Practice Statement (DPS)

Version 1.04

1.3. Community and Applicability

This section describes the various “stakeholders” of the functionality provided by DNSSEC and a signed TLD.

1.3.1. The TLD Registry

Afilias operates in two distinct modes: (1) As a Registry Operator (RO), where the TLD has been directly delegated to Afilias by ICANN, and (2) as a Back End Service Provider (BESP), where Afilias operates and performs the functions of maintaining the zone, on behalf of another entity (which acts as the RO). In the case where Afilias is the RO for a zone, Afilias is also acting as the BESP.

The Registry is expected to perform the following functions:

Generate the Key Signing Keys (KSK) for the zone.

Generate the Zone Signing Keys (ZSK) for the zone.

Sign the ZSK using the KSK.

Sign the relevant Resource Records of the zone using the ZSK.

Update the ZSK and KSK as needed.

Send Delegation Signer (DS) Resource records to ICANN for inclusion into the root zone.

Receive DS Resource Records from accredited registrars, and update the zone accordingly.

Update the WHOIS information accordingly.

1.3.2. Accredited Registrars

Registrars that are accredited by a given TLD RO are required to make changes to the zone using one of two mechanisms: (1) via EPP, or (2) via a Web Administration Tool. The Web Administration Tool is an Afilias provided front end to EPP, so, in effect, all changes to the registry are made via EPP. For DNSSEC, registrars are expected to maintain Delegation Signer (DS) records with Afilias on behalf of their customer, the registrant.

1.3.3. Registrants

Registrants are responsible for ensuring that their second level zones are properly signed and maintained. They must also generate and upload DS records for their signed zones to their registrar (who, in turn, sends these into Afilias).

1.4. Specification Administration

1.4.1. Specification administration organization

Afilias maintains this specification.

1.4.2. Contact Information

Questions or concerns regarding this DPS, or the operation o