
Top-level domain name registry service on Google App Engine (registry.Google) - r_singh
https://github.com/google/nomulus
======
CydeWeys
I see someone paid attention all the way through to the end of my Google I/O
presentation ;)

Nomulus is the platform we use to host all 46 of our top-level domains,
including most notably .app which launched last week. Nomulus runs on Google
App Engine and uses Cloud Datastore for data persistence. It handled the rush
of registrations during the launch of .app just fine, handling a peak of
30,000 registrations in the first 3 minutes (that would be all the registrars
sending in their preorders).

In addition to providing registration services, which only registrars interact
with, the registry platform also powers the domain availability check seen on
[https://get.app](https://get.app) and the domain WHOIS query seen on
[https://www.registry.google](https://www.registry.google) . These are the
only services provided by the registry platform that the average person uses
directly; everything else goes through domain registrars. Every time you
create or update a .app domain at your registrar, your registrar is sending us
an EPP command to effect those changes. See RFCs 5730-5734 for more info on
the exact mechanism.

If anyone has any questions about the code, I can help with them.

~~~
runnr_az
Thx for putting this out there. Really super cool. I'm thinking about doing
"something" in the TLD world, this is great to have as a reference. Of course,
I'd have to think long and hard right now before committing to 100% reliably
running a project like this vs farming it out to an Afilias or whomever, but
maybe it'll come in handy.

~~~
CydeWeys
You could always farm it out to start off with to vet the sanity of your idea,
and then transition to (or build out) a self-hosted variant if it goes well.

------
chatmasta
Pretty cool they’re open sourcing this, but now it will be much easier for
malicious actors to find bugs in the service. A security compromise of such a
system would be catastrophic. Is it worth the risk of open sourcing in this
case?

~~~
zitterbewegung
Well if you have a million eyes looking at the source code maybe you would
find more bugs. On the other hand before you release something that you want
to open source it might be a good idea to do a security analysis of the code.

------
astrodust
Pretty sure scooping .dev violates their "Do No Evil" mandate, especially when
after breaking Puma, Pow and a host of other tools, plus forcing HSTS on it in
Chrome, they don't even offer it for sale.

~~~
Jaruzel
Google abandoned that mandate _years_ ago.

~~~
lern_too_spel
How can it abandon a mandate that never existed? It's "Don't be evil," which
has an entirely different meaning. Due to opportunity cost, everything you do
can be considered at least a little bit evil, so "Do no evil" is not even
possible.

------
tenaciousDaniel
I just bought my first .app domain a few days ago. Very excited for this.

------
ddtaylor
Is there any logic to me being triggered that .google is a TLD now?

~~~
astrodust
ICANN ran out of fucks to give a decade ago.

