Global NRENum.net Service Policy, Operations, and Governance
This document outlines the technical and organisational structure of the global NRENum.net service. The NRENum.net service started originally as a private pilot activity that has been taken over by TERENA (the predecessor of the GÉANT Association) as a community service under the auspices of the TERENA Task Force on Enhanced Communication Services (TF-ECS). The collaboration and coordination with the participating countries has initially been rather informal. Because of the wider deployment and growing use of NRENum.net, in 2013 the community requested to create a firmer basis for NRENum.net operations and governance worldwide. In 2014, TERENA changed its name to the GÉANT Association.
The GÉANT Association carries the responsibility for ensuring the correct and secure operations of the NRENum.net service performed by the NRENum.net Operations Team and governed by the Global NRENum.net Governance Committee. The GÉANT Association also supports the development of technical improvements to the NRENum.net service, and promotes the deployment of NRENum.net worldwide.
The GÉANT Association wants to base NRENum.net service governance and operations on a number of simple principles:
- The service governance and operations structure should be lightweight.
- Recognising the large variety in the organisation and funding of research and education (networking) in different countries and regions, rules imposed on the NRENum.net operations should be restricted to technical and administrative requirements that are necessary to ensure the smooth and secure operations of the root DNS service.
- The national (or regional) DNS operators should have the leading role in creating and maintaining the rules of the service.
- The GÉANT Association therefore wants to ensure that de-facto NRENum.net service governance is in the hands of representatives appointed by the NRENum.net community to the Global NRENum.net Governance Committee.
1. E.164 Telephone Number Mapping (ENUM) is a standard protocol that is the result of work of the Internet Engineering Task Force's (IETF's) Telephone Number Mapping working group. ENUM translates a telephone number into a domain name. This allows users to continue to use the existing phone number formats they are familiar with, whilst allowing the call to be routed using DNS. This makes ENUM a quick, stable and cheap link between telecommunications systems and the Internet.
2. IETF RFC 3761 discusses the use of the Domain Name System (DNS) for storage of E.164 numbers. More specifically, how DNS can be used for identifying available services connected to one E.164 number. The RIPE NCC provides DNS operations for "e164.arpa" (known as Golden ENUM tree) in accordance with the Instructions from the Internet Architecture Board.
3. The NRENum.net Service is an end-user ENUM service run by the GÉANT Association and the participating NRENs (National Research and Education Networking organisations) primarily for academia. NRENum.net is considered as a complementary service and a valid alternative to the Golden ENUM tree. The domain "nrenum.net" is being populated in order to provide the infrastructure in DNS for storage of E.164 numbers. The NRENum.net Service includes the operation of the Tier-0 root DNS(s) and the delegation of county codes to NRENum.net Registries. "NRENum.net" is a registered community trademark of the GÉANT Association.
4. NRENum.net tree refers to the DNS tree structure where:
a) Tier-0 root DNSs (technically one master and several secondary servers ensuring the reliability) are run by the hosting organisations (see the actual list of hosts on the NRENum.net Service homepage) and coordinated by the NRENum.net Operations Team.
b) Tier-1 DNSs are run by the NRENum.net (national or regional) Registries responsible for the country code(s) delegated.
c) Tier-2 and lower DNS sub-delegations MAY be implemented, regulated by the national service policies.
5. An NRENum.net Registry is an entity that is authorised by the NRENum.net Operations Team to operate the national or regional Tier-1 DNS and be responsible for the county code(s) delegated. In many countries there is a National Research and Education Networking organisation (NREN) that acts as the Registry of the country.
6. An NRENum.net Registrar is responsible for the number/block registration in the Tier-1 DNS and a number Validation Entity is responsible for the validation of the E.164 telephone numbers to be registered (see valid vs. virtual numbers). Note that the NREN MAY at the same time have the role of the NRENum.net Registry, Registrar, and Validation Entity for the country code(s) delegated.
7. A Registrant (end user) is an E.164 telephone number holder. Holders of E.164 numbers which want to be listed in the service MUST contact the appropriate NRENum.net Registrar.
8. Number (block) delegation is the technical process of assigning country codes (e.g., +36 for Hungary) to national registries (e.g., NIIF/HUNGARNET in Hungary) or number blocks under country codes to end users.
9. Number (block) registration is the technical process of configuring DNS and populating it with the appropriate ENUM records (i.e. adding NAPTR records to DNS) via registrars.
10. The ITU-T strictly regulates the number structure of valid E.164 telephone numbers and assigns number blocks to national authorities (telecom regulators) or recently to global entities directly. The national authorities can further delegate the number ranges to local operators within the country or region. A Virtual number has either a non-valid E.164 number structure (e.g., longer than 15 digits) or has a valid structure but is not assigned to any national authorities or operators. The number Validation Entity is responsible for checking the numbers to be registered to NRENum.net.
11. The Service Policy Document (see Appendix A) describes the technical and administration policy of the NRENum.net Service. The Tier-1 national or regional level number validation and registration policies are not included in the NRENum.net Service Policy Document and SHOULD be formulated and maintained by the registries, subject to the national service policies.
12. The Delegation Request Form (see Appendix B) MUST be used by a Registry Candidate to request country code delegation from the NRENum.net Service.
13. The Global NRENum.net Governance Committee (GNGC) is the highest-level strategic body responsible for the overall NRENum.net service definition, sustainability and long-term strategy, including formulating and recommending service governance principles and policies.
14. The NRENum.net Operations Team (OT) is responsible for the day-to-day operations of the Tier-0 root DNSs. The Operations Team also handles the country code delegation requests and may escalate technical/policy issues to the Global NRENum.net Governance Committee for discussion.
15. Key words used in this document to indicate requirement levels are to be interpreted as described in RFC 2119.
B. Composition and Roles
1. Global NRENum.net Governance Committee (GNGC):
1.1. GNGC members SHALL represent the various geographical service regions (where the service is available) such as Europe, North America, Latin America, Asia-Pacific, and Africa.
1.2. Members of the GNGC SHOULD be nominated jointly by the NRENum.net Registries of the geographical service regions and SHALL be appointed by the GÉANT Association for a two-year term of office; at the end of a term they MAY be appointed for a further two-year term.
1.3. The GNGC SHOULD take decisions by consensus among its members; if consensus cannot be reached, decisions SHALL be taken by simple majority.
1.4. The final responsibility of decisions SHALL be with the GÉANT Association; therefore any final decisions are taken by the GÉANT Association, based on the advice of the GNGC.
1.5. The GNGC will carry out the following tasks on behalf of the GÉANT Association:
a) GNGC SHALL formulate the text of the Service Policy Document and any later revisions of the Service Policy Document that may become necessary because of changes in technology or in the NRENum.net environment.
b) The GNGC SHALL consult the OT as well as the NRENum.net community (via the discussion mailing list) before finalising the text of a new version of the Service Policy Document.
c) GNGC SHALL investigate and discuss any appeals by an organisation or person and any delegation rejection, service policy violation, and re-delegation request case escalated by the OT and if necessary recommend the GÉANT Association to remove or re-delegate the country code, based on the results of the investigation.
2. NRENum.net Operations Team (OT):
2.1. The number of OT members SHOULD be kept small (initially 8 persons) in order to work efficiently and effectively.
2.2. Members of the OT SHALL be appointed by the GNGC in agreement with the GÉANT Association. The GÉANT Association MAY appoint prominent ENUM experts as non-voting members of the OT.
2.3. The OT SHOULD take decisions on technical issues by consensus among its members; if consensus cannot be reached, decisions SHALL be taken by simple majority.
2.4. Service policy and governance related issues MAY be escalated to the GNGC for discussion.
2.5. The OT will carry out the following tasks on behalf of the GÉANT Association:
a) The OT SHALL ensure the day-to-day technical operation of the NRENum.net Service.
b) The OT SHALL evaluate the Delegation Request Forms submitted by the Registry Candidates and decide on the approval or rejection within 2 weeks. In case of approval the OT MUST delegate the country code requested to the Registry (i.e. authorise the Registry to operate the Tier-1 DNS). In case of rejection OT MUST inform the Candidate about the reasons and MAY escalate the case to the GNGC for further discussion.
c) The OT MUST investigate complaints that suggest that any Registry acts in severe violation of the Service Policy Document and MAY recommend the GNGC removing the country code delegation if the service policy was violated in any way.
d) The OT SHOULD advise the NRENum.net community and especially the Tier-1 DNS operators about the proper technical operations and configurations of the DNS and any changing requirements.
3. The GÉANT Association will carry out the following tasks:
a) The GÉANT Association SHALL provide a secretary to the NRENum.net Service, provide the email and postal mail address and maintain the repository of documents issued and received by the GNGC and OT respectively.
b) The GÉANT Association SHALL appoint members of the GNGC (based on the nominations from the community) as well as non-voting subject matter experts of the OT, if appropriate.
c) The GÉANT Association SHALL host and maintain the NRENum.net Service homepage at http://nrenum.net, any necessary mailing lists, and keep the ownership of the "nrenum.net" domain. The current mailing lists are:
- general discussion mailing list: <discussion(at)nrenum(dot)net>
- delegation request submission address: <delegations(at)nrenum(dot)net>
- OT mailing list: <operations(at)nrenum(dot)net>
- GNGC mailing list: <gngc(at)nrenum(dot)net>
1. Any organisation or person MAY raise an appeal against a decision by the OT, the GNGC or the GÉANT Association concerning the NRENum.net service. Such appeals SHALL be submitted to the GNGC.
2. The GNGC SHALL investigate the case and SHALL formulate a recommendation, within a reasonable period of time depending on the complexity of the case, to the GÉANT Association about the decision to be taken on the appeal.
3. Before the GÉANT Association takes a final decision about the appeal, it SHALL enable the organisation/person that submitted the appeal to comment on the recommendation of the GNGC.
4. The decision then taken by the GÉANT Association SHALL be final.
D. Resources and Support
1. The participation in the NRENum.net Service is on voluntary basis with no compensation offered by the GÉANT Association.
2. The GÉANT Association MAY compensate the Tier-0 root DNS operators on an individual basis.
Appendix A - NRENum.net Service Policy
1. The NRENum.net Service is an end-user ENUM service run by the GÉANT Association and the participating NRENs primarily for academia. The service includes the operation of the Tier-0 root DNS (one master and several secondary servers) for the domain "nrenum.net" and the delegation process of county codes to NRENum.net registries.
2. Service participants MUST share the NRENum.net tree. The tree is considered to be public in the sense that it can be queried by anyone; however, only the NRENum.net registrars can populate the tree, which is in that sense private to the research and education community.
3. NRENum.net registries and registrars MAY share ENUM software. The software should be regarded as Open Source, unless otherwise specified. In that case, Terms and Conditions for the Intellectual property need to be in place from the Intellectual property holder.
4. Information about the configuration of DNS and other systems SHALL be hosted at http://www.nrenum.net/ maintained by the GÉANT Association.
5. The cost of the NRENum.net Service operation SHOULD be borne by the entities hosting the Tier-0 master and secondary DNSs and/or participating either in the GNGC or OT.
6. The operation of the Tier-1 national or regional DNS, the end user number validation and registration MUST be the responsibility of the delegated NRENum.net Registry and each Registry MUST bear the cost of its own participation in the NRENum.net Service.
1. In general, a request for country code delegation and to become the national NRENum.net Registry is expected to be submitted by the NREN of the country, but:
1.1. in case a country has more than one NREN submitting delegation requests at the same time, the entities MUST clarify their individual roles with regards to the NRENum.net. Delegation MUST NOT be split between NRENum.net registries (i.e. the integrity of the number block under the ITU-T country code MUST be maintained).
1.2. in case a country has no operational NREN or the NREN is not interested in joining the service, a university or academic association/consortium MAY participate in the service and become the NRENum.net Registry. Again, delegation MUST NOT be split.
1.3. in case a delegation request is received that is in conflict with an approved delegation, the OT SHALL reject the request and escalate the case to the GNGC. In case one or more delegation requests are received that are in conflict with an earlier delegation request that has not yet been decided upon, the OT SHALL reject all competing requests and escalate the case to the GNGC.
1.4. in case the NREN of a country has agreed to be represented by another NREN or international organisation, the two entities MUST clarify their individual roles with regards to NRENum.net.
In practice, the "30 days" rule will be applied by the GÉANT Association upon the recommendation of the GNGC:
- The GÉANT Association sends and eletronic and postal mail to the NREN(s) clarifying their position with regard to the NRENum.net service. The NREN has 30 days to reply to the GÉANT Association.
- In case of positive response, the NREN has an other 30 days to submit an official delegation request to the GÉANT Association and complete the technical requirements of the delegation.
- In case of succesfull delegation, the NREN has an other 30 days to sub-delegate zones to any respective/requesting institution.
If any of these 30 days notice periods were missed, the GÉANT Association keeps the right to re-delegate the country code to an other organisation following the same "30 days" rule.
2. The NRENum.net Registry MAY sub-delegate DNS operations under their domain, regulated by the national service policy of the given registry. However, the technical requirements of the sub-delegated DNS MUST be in line with the technical requirements defined in the NRENum.net Service Policy Document (see III.).
3. The NRENum.net Registry SHOULD have the role of the Registrar and number Validation Entity; however, those functions MAY be delegated to other entities, regulated by the national service policy of the given registry.
4. The NRENum.net Registry MUST fully support a future transition and provide all data when requested to ensure a swift re-delegation should the GÉANT Association decide to re-delegate a country code to a different entity.
III. Technical Requirements
1. Country code delegation to NRENum.net:
1.1. Delegation requests MUST be well-founded using the Delegation Request Form (see Appendix B) and in written format (electronic copy via e-mail is sufficient).
1.2. DNS zones subordinate to NRENum.net MUST be configured correctly (i.e. DNS state of the art) on at least two independent Domain Name Servers (primary and secondary).
1.3. In case DNSSec is used, the DNSSec Zone Signing Key hash (DS record) MUST be included in the delegation request.
2. Number (block) registration to NRENum.net:
2.1. Only well-formed (valid) E.164 numbers SHOULD be registered to the NRENum.net tree by the Registrar:
a) the Validation Entity is responsible for the validation of the E.164 numbers registered to the tree;
b) Virtual Numbers (e.g., short numbers or GDS) MAY be registered (under special conditions as agreed by the NRENum.net community).
2.2. Any DNS Resource Records MUST be valid (i.e. DNS state of the art).
3.1. An NRENum.net Registry MUST ensure that the Tier-1 DNSs delegated are running permanently and are configured correctly at any time.
3.2. DNS zones that cause operational problems MAY be temporarily removed from NRENum.net. GNGC SHALL decide about the removal based on the recommendation of the OT.
4.1 It is RECOMMENDED that NRENum.net tree delegations migrate to e164.arpa as soon as the Golden Tree is in production stage in the given country.
5. Querying NRENum.net:
5.1 If an entity queries more than one ENUM tree, the official e164.arpa tree SHOULD be queried first, and the NRENum.net tree SHOULD be queried right after the e164.arpa tree.
IV. Administrative Procedures
1. An NRENum.net Registry Candidate MUST send its delegation request to the email address for delegations (currently
2. The Delegation Request MUST be filled out according to the best knowledge of the Candidate. If information in a Delegation Request is found to be incorrect, then the OT MAY reject the Delegation Request or recommend the GNGC removing a country code delegation that was approved in response to the Request with incorrect information.
3. Delegation Requests SHOULD be answered within at most two weeks.
4. The OT MUST evaluate the request by checking the completeness of the Delegation Request Form and the correctness of the Tier-1 Domain Name Servers configuration (see section C.1).
4.1. If the result of the evaluation is positive (i.e. delegation approved), the Tier-0 master DNS host MUST insert the country code to the root DNS that is automatically propagated to the secondary DNSs. The OT SHALL inform the NRENum.net community about the new delegation.
4.2. If the result of the evaluation is negative (i.e. delegation rejected), the OT SHALL iterate with the candidate:
a) if the reason for rejection can be corrected (e.g., technical/configuration issue), the candidate MAY do the corrections and re-submit the request;
b) if the candidate objects to the correction proposed by OT, the OT MUST escalate the case to the GNGC for further discussion. The GNGC SHALL inform the candidate about the result of the discussion.
5. The candidate MAY appeal against the result of the delegation request to the GNGC (see section C. Appeals in the main text).
6. Every email exchange concerning Delegation Requests is archived by the GÉANT Association to reproduce the process in case of appeals.
V. Termination of service
1. GNGC SHALL evaluate the usage and usefulness of the NRENum.net Service run by the GÉANT Association every 5 years (first evaluation is due to end of 2017).
2. Upon the evaluation result, GNGC MAY recommend the termination of the NRENum.net Service (e.g., with service migration to another organisation) or the continuation of the service for another 5-year period.
3. In case of termination:
a) The GÉANT Association MUST inform the NRENum.net service community appropriately (give at least 6 months notice);
b) if GNGC recommends to migrate the service to another organisation, the GÉANT Association SHALL provide appropriate transitional support, which includes transfer of the domain name nrenum.net to the successor.
Appendix B - Delegation Request Form
What country are you representing?
Please specify the zone to be delegated e.g., 1.4.nrenum.net for Switzerland
Please specify your Domain Name Servers, where the zone should be delegated to (at least two (2))
What is the reason for not joining e164.arpa?
[ ] Country code not delegated in e164.arpa
[ ] e164.arpa. not operational
[ ] other reason, please specify: _______________________________________________
What are the plans concerning e164.arpa in your country? Is there a "roadmap" for starting an ENUM trial (or commercial service)?
I/We hereby declare that all information provided above is correct. We further declare that we have read the NRENum.net Service Policy Document, ad that we are going to comply with it.
Name of technical contact