Hacker News new | past | comments | ask | show | jobs | submit login
Top-level domain name registry service on Google App Engine (registry.Google) (github.com)
62 points by r_singh 10 months ago | hide | past | web | favorite | 18 comments

I see someone paid attention all the way through to the end of my Google I/O presentation ;)

Nomulus is the platform we use to host all 46 of our top-level domains, including most notably .app which launched last week. Nomulus runs on Google App Engine and uses Cloud Datastore for data persistence. It handled the rush of registrations during the launch of .app just fine, handling a peak of 30,000 registrations in the first 3 minutes (that would be all the registrars sending in their preorders).

In addition to providing registration services, which only registrars interact with, the registry platform also powers the domain availability check seen on https://get.app and the domain WHOIS query seen on https://www.registry.google . These are the only services provided by the registry platform that the average person uses directly; everything else goes through domain registrars. Every time you create or update a .app domain at your registrar, your registrar is sending us an EPP command to effect those changes. See RFCs 5730-5734 for more info on the exact mechanism.

If anyone has any questions about the code, I can help with them.

Thx for putting this out there. Really super cool. I'm thinking about doing "something" in the TLD world, this is great to have as a reference. Of course, I'd have to think long and hard right now before committing to 100% reliably running a project like this vs farming it out to an Afilias or whomever, but maybe it'll come in handy.

You could always farm it out to start off with to vet the sanity of your idea, and then transition to (or build out) a self-hosted variant if it goes well.

Pretty cool they’re open sourcing this, but now it will be much easier for malicious actors to find bugs in the service. A security compromise of such a system would be catastrophic. Is it worth the risk of open sourcing in this case?

Well if you have a million eyes looking at the source code maybe you would find more bugs. On the other hand before you release something that you want to open source it might be a good idea to do a security analysis of the code.

Won't it also be easier for non-malicious actors to find bugs and report them responsibly?

Pretty sure scooping .dev violates their "Do No Evil" mandate, especially when after breaking Puma, Pow and a host of other tools, plus forcing HSTS on it in Chrome, they don't even offer it for sale.

That's a pretty low bar for "evil"

I suppose they could get the .evil domain, that might lower the bar a bit more.

As with .dev, they'll acquire .evil, thus ensuring no one (else?) can do .evil.

Stay tuned.

It's not trivial to launch a new gTLD. No evil involved, just work.

Google abandoned that mandate years ago.

How can it abandon a mandate that never existed? It's "Don't be evil," which has an entirely different meaning. Due to opportunity cost, everything you do can be considered at least a little bit evil, so "Do no evil" is not even possible.

It's true, the Schmidt Doctrine pretty much threw that out the window.

I just bought my first .app domain a few days ago. Very excited for this.

Is there any logic to me being triggered that .google is a TLD now?

ICANN ran out of fucks to give a decade ago.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact