Thx for putting this out there. Really super cool. I'm thinking about doing "something" in the TLD world, this is great to have as a reference. Of course, I'd have to think long and hard right now before committing to 100% reliably running a project like this vs farming it out to an Afilias or whomever, but maybe it'll come in handy.
You could always farm it out to start off with to vet the sanity of your idea, and then transition to (or build out) a self-hosted variant if it goes well.
I see someone paid attention all the way through to the end of my Google I/O presentation ;)
Nomulus is the platform we use to host all 46 of our top-level domains, including most notably .app which launched last week. Nomulus runs on Google App Engine and uses Cloud Datastore for data persistence. It handled the rush of registrations during the launch of .app just fine, handling a peak of 30,000 registrations in the first 3 minutes (that would be all the registrars sending in their preorders).
In addition to providing registration services, which only registrars interact with, the registry platform also powers the domain availability check seen on https://get.app and the domain WHOIS query seen on https://www.registry.google . These are the only services provided by the registry platform that the average person uses directly; everything else goes through domain registrars. Every time you create or update a .app domain at your registrar, your registrar is sending us an EPP command to effect those changes. See RFCs 5730-5734 for more info on the exact mechanism.
If anyone has any questions about the code, I can help with them.
Well if you have a million eyes looking at the source code maybe you would find more bugs.
On the other hand before you release something that you want to open source it might be a good idea to do a security analysis of the code.
Won't it also be easier for non-malicious actors to find bugs and report them responsibly?
Pretty cool they’re open sourcing this, but now it will be much easier for malicious actors to find bugs in the service. A security compromise of such a system would be catastrophic. Is it worth the risk of open sourcing in this case?
That's a pretty low bar for "evil"
I suppose they could get the .evil domain, that might lower the bar a bit more.
As with .dev, they'll acquire .evil, thus ensuring no one (else?) can do .evil.
It's not trivial to launch a new gTLD. No evil involved, just work.
Google abandoned that mandate years ago.
How can it abandon a mandate that never existed? It's "Don't be evil," which has an entirely different meaning. Due to opportunity cost, everything you do can be considered at least a little bit evil, so "Do no evil" is not even possible.
It's true, the Schmidt Doctrine pretty much threw that out the window.
Pretty sure scooping .dev violates their "Do No Evil" mandate, especially when after breaking Puma, Pow and a host of other tools, plus forcing HSTS on it in Chrome, they don't even offer it for sale.
I just bought my first .app domain a few days ago. Very excited for this.
ICANN ran out of fucks to give a decade ago.
Is there any logic to me being triggered that .google is a TLD now?