-
What is .US?
.US is “America’s Internet Address.” It is the official country code top-level domain (ccTLD) for the United States within the
global domain name system (DNS).
-
What makes .US unique
and why do I need it?
.US is the only means of establishing an American address
on the Internet. Now, all U.S. residents, government entities,
public service organizations, and businesses can establish an
American identity on the Internet with a short memorable domain
name. (e.g., johnsmith.us, publicservice.us, mycompany.us).
Market research has shown that .US names are very popular
with consumers for applications like email, digital identity,
and personal web sites. Government and public interest organizations
use .US addresses to enable citizen-centric e-Gov applications
and to serve the needs of the American people. Finally, businesses
use .US domain names to promote themselves as American
companies to inspire consumer confidence and to encourage consumers
to “buy American.”
-
Who can register
a .US domain name?
Any U.S. citizen or resident, as well as any business or organization,
including federal, state, and local government with a bona fide
presence in the United States can register a .US domain
name.
One of the following eligibility requirements must be met:
-
A natural person (i) who is a citizen or permanent resident
of the United States of America or any of its possessions
or territories or (ii) whose primary place of domicile is
in the United States of America or any of its possessions,
or
-
Any entity or organization that is incorporated within
one of the fifty (50) U.S. states, the District of Columbia,
or any of the United States possessions or territories or
(ii) organized or otherwise constituted under the laws of
a state of the United States of America, the District of
Columbia, or any of its possessions or territories, or
-
An entity or organization (including federal, state, or
local government of the United States, or a political subdivision
thereof) that has a bona fide presence in the United States.
See Section B.3.1 of the Neustar proposal to the Department
of Commerce for details concerning what constitutes a “bona
fide presence.“
-
What is the price of a .US
domain name?
Market-based retail prices for .US domain names are established
by .US-Accredited Registrars and their resale channel
partners. The pricing structure is an annual subscription fee;
multi-year subscriptions are available.
-
Now that I have my
.US domain name, how and when can I send and receive email using
my new .US address?
Most retail providers of web addresses also provide email services.
Your personalized .US email account can typically be
(1) set up during the registration process when you register
your domain name, or (2) added to your account afterward at
the retailer's website.
-
Where can I register
a second level .US domain name?
Second level domain name registrations are available through
.US-accredited Registrars
and their resale channel partners.
-
How do I transfer my .US
domain name?
Domain name transfers fall in one of two categories:
-
Registrant Transfer or Name Change—Each Registrar
has unique requirements for making changes to the registrant
field of a domain name. Registrants must contact the sponsoring
Registrar for information regarding Registrant Name Changes
and/or Transfers. The sponsoring Registrar appears in line
3 of each domain name's WHOIS record (www.whois.us).
-
Registrar-to-Registrar Transfer—.US
Registry rules require that a domain name be registered
for a minimum of 60 days, and be in PAID status with the
current sponsoring Registrar before it can be transferred
to another Registrar. If your domain name meets these requirements,
contact your current sponsoring Registrar and request for
the <AUTHINFO> code, which the gaining Registrar
needs in order to initiate the transfer process for your
domain. Sponsoring Registrars can obtain this code by sending
a <DOMAIN_INFO> EPP command to their Registry.
-
What is an <AUTHINFO>
code?
An <AUTHINFO> code is a six- to 16-character "password"
assigned by a sponsoring Registrar. It identifies your domain
name in the Registry. No domain name transfer request can be
successfully executed without this password.
Registrars are contractually required to provide this code
upon registrant request. Registrants are advised to protect
their <AUTHINFO> codes to avoid unauthorized transfers
of domain names.
-
What are
some of the expected changes to .US?
Since 2002, .US registrations are available at the second level (e.g., johnsmith.us, publicservice.us, mycompany.us). Formerly, names were only available in the “locality space” at the third level and lower (e.g., arlington.va.us, co.arlington.va.us, and Ems.co.arlington.va.us).
Neustar brings operational and technical efficiencies to .US
through our highly secure, highly reliable next-generation registry
architecture. This industry-leading service platform will also
enable innovative, value-added services within .US.
-
How will current
Delegated Managers be affected?
Delegated Managers continue to play their role in the “locality space.” Currently, no new delegation requests are being accepted.
Neustar has requested contact information from each of the existing Delegated Managers. Delegated Managers are required to meet existing and new
operational procedures designed to improve the overall operational efficiency and improve service to domain name holders within the locality domain
space.
-
11. What happened to .US domain names that existed prior to the 2002 launch of 2nd level?
Existing .US registrants (domain name holders) within
the “locality space” retain rights to their existing
Internet addresses. In fact, existing domain name holders benefit
from many of the operational improvements and improved security
and service levels Neustar has introduced within .US.
-
Who can become
a .US-Accredited Registrar?
Any organization that meets the .US Accreditation criteria
can be a Registrar for .US domain names. The accreditation
documents are posted on the Registrars
section of this web site.
-
What is a
reserved name?
A reserved name is a name that is not available for general
public registration, but rather is subject to additional rules,
restrictions or processes.
-
Where can I
see a list of reserved .US names?
See http://www.Neustar.us/registrars/.
In addition to the specific names contained in this reserved
name file, the following categories of names are also reserved:
- All numbers five digits and higher
- All numbers in the format five digits-four digits (zip codes)
- All telephone numbers including toll-free numbers
- Tagged domain names—all labels with hyphens in the
third and fourth character positions (e.g. "bq--kn2n4h4b")
-
Why are some .US
names reserved?
Names are reserved to protect important local and national naming
resources to reserve spaces within .US for future enhancement
of the domain and to protect technical Internet interoperability.
Policy changes relative to the reserved list are subject to
Department of Commerce review and approval prior to implementation.
-
Why does
my domain name have the term "unknown contacts" in
the WHOIS?
Neustar began administering the .US top-level domain
space in November 2001. Much of the data that existed prior
to then was either incomplete or, in some cases, nonexistent.
Therefore, when we completed the .US WHOIS to include
locality-based domains, it reflected (and continues to reflect)
the incomplete data, and needs to be updated by the registrant.
-
How do I update/change my .US Locality Domain Name information that is reflected in the WHOIS database?
With all of the .US locality based domains now displayed in a public WHOIS, we request that you provide us with the information listed below for any contact and name server changes. This process protects your domain name data from being accessed by an unauthorized party.
If your domain is a 3rd level, and you have not already done so, you must submit a signed copy of the Delegated Manager Agreement instead of the .US Domain Registration Agreement.
Send your completed paperwork via regular mail to:
.US Locality Registry
Neustar Customer Service
1650 Lyndon Farm ct.
Louisville, KY 40223
Upon receipt of your original properly endorsed documents, we will complete the requested updates and issue you a password to make future changes without having to send us the above paperwork again, unless it is for a different domain name. If you lose your password, you must submit the paperwork again for any desired changes to your domain name.
-
How do I modify a .US Reserved Domain Names?
Contacting Customer Support at the e-mail address that follows, which can be used in order to make modifications of .US Reserved Domain Names. Customer Support will provide a Contact and Server Change Form and the necessary process to document the changes required. Please direct questions to: support.us@Neustar.us. If you wish to speak with a customer service representative please call +1 571-434-5728.
-
How do I change a Permanently Reserved .US Domain Name to resolve on the Internet?
A Domain Name that has been established as a Permanent Domain Name Reservation will need to be activated through the purchase of a Lifetime Registration. Please direct questions to: support.us@Neustar.us.If you wish to speak with a customer service representative please call +1 571-434-5728.
-
How long does it take to process my contact or
nameserver change request?
If all information is filled out correctly and we have received
the authorized documents, these are generally processed in 3
to 5 business days.
-
Which locality domains are included in the .US WHOIS?
Second-, third-, fourth-, fifth- and sometimes sixth-level domain names
are included.
-
I have a third/fourth/fifth/sixth-level
locality .US domain name, but I can't find it in the .US WHOIS.
How can I correct this?
First, check in WHOIS which currently manages the parent of your domain name. You can also send us (
support.us@Neustar.us) an email, along with your domain name, and we will advise on whom to contact.
-
Can I place the .US logo on my personal/political/noncommercial
website?
Yes, provided the conditions stated in the .US
Brand Identity Guidelines are sufficiently met. Contact
support.us@Neustar.us
to request a zipfile containing a variety of .US logos
in different sizes; the zipfile also contains a document detailing
terms and conditions for the use of the .US logo.
-
What is PendingDelete Status
When deleted, all domains that have been registered for more than 5 days are initially placed on PendingDelete status before being purged from the Registry database and made available for registration. The exception to this rule is domains that are deleted within the first 5 days of the initial registration. These domains will be purged immediately, and not be placed in PendingDelete status. Domains remain on PendingDelete status for a period of 35 days before being purged, unless they are "redeemed" by the registrar. This period is known as the Redemption Grace Period (RGP). See below for more information on RGP and domain redemptions.
-
What is the Redemption Grace Period (RGP)
The Redemption Grace Period is the 35 days following the deletion of a domain. The purpose of RGP is to allow registrars and/or registrants to correct for inadvertent deletions. During the first 30 days of the Redemption Grace Period, registrars may request the Registry to redeem a deleted domain, and thus restore it to its original disposition prior to deletion. Redemptions may NOT be performed during the final 5 days of the RGP. The whois record indicates if a domain is eligible for redemption. Domains that are eligible are marked "PendingDelete (RESTORABLE)". A domain that is "PendingDelete (SCHEDULED FOR RELEASE)" cannot be redeemed. All redemption requests must be submitted through your registrar.
-
How can I obtain a list of domains scheduled for release
Reports containing domains scheduled for release can be found here.
-
What is DNSSEC?
DNSSEC stands for Domain Name System (DNS) Security Extensions, which enable DNS clients (resolvers) to (1) validate origin authentication of DNS data; (2) confirm data integrity; and (3) authenticate denial of existence..
-
What problem does DNSSEC solve?
DNSSEC helps to prevent DNS cache poisoning. Cache poisoning is a corruption of the DNS that enables the spread of viruses, worms, and other malicious files/content. Cache poisoning occurs when data is provided to a caching name server that did not originate from an authoritative Domain Name System (DNS) source. Once a DNS server receives non-authentic data and caches it for future use, it will then supply that non-authentic data to its client servers. The impact of cache poisoning on end users is that they may be directed to IP addresses they did not intend to reach, and may not be aware of the associated risks.
-
What problem does DNSSEC NOT solve?
DNSSEC does not solve Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks on any system. DNSSEC does not prevent incorrect data entry into a zone (if the IP address is entered wrong, it will not be corrected). DNSSEC's improvement to other applications is limited to ensuring that applications get correct/authenticated information (such as addresses) and nothing more. Phishing attacks are still possible through carefully crafted email and spam delivery, sensitive information such as credit card numbers on a web server are not protected by DNSSEC.
-
How does DNSSEC work?
DNSSEC uses cryptographic electronic signatures to determine the authenticity of data. DNS clients that are DNSSEC-enabled will validate any DNS response received by automatically checking the authenticity of the cryptographic signatures. If the signatures are missing or don’t match, the response is not validated and the DNS will not pass the false information on to the user.
-
What's the process for implementing DNSSEC?
At this time, Neustar is implementing DNSSEC at the .US TLD registry level. Our .US-accredited registrars will be able to register DNSSEC information on their customers’ behalf in the .US registry.
-
Does DNSSEC at the TLD registry-level impact the signing of the root zone, and vice-versa?
Neustar's signing of the .US TLD zone will not impact or interfere with the signing of the root zone. With a signed .US TLD, the introduction of a signed root zone will be a seamless transition that will not require any incremental development work by registrars and registrants who support and utilize DNSSEC in .US prior to the root zone signing.
-
When will DNSSEC be available to .US registrars?
Neustar will invite a small group of interested and capable registrars to participate in a production beta phase (not OT&E) in early 2010. Neustar will also issue an updated Registrar Toolkit in early 2010 and will then open DNSSEC to all registrars, likely at the end of Q1 or early Q2 2010. If you are interested in participating in our Q1 beta phase, please contact Neustar Registrar Support at support.us@neustar.us for more information. NOTE: Neustar will also support DNSSEC for .BIZ in Q2 2010.
-
Are registrars required to implement DNSSEC?
.US accredited registrars are not required to implement DNSSEC at this time. Support for DNSSEC is optional but recommended to help secure and prevent cache poisoning in the .US domain.
-
When will DNSSEC be available to registrants?
.US registrants should contact their registrar of record to determine if and when they will support DNSSEC. A reasonable time-frame would be Q2 or Q3 of 2010.
-
How is a DNSSEC query formed?
A DNSSEC query is formed by a DNS resolver. Recent versions of BIND have already been forming DNSSEC queries but have not been reacting to the resulting DNSSEC responses. In order to react to the DNSSEC responses in a way that makes use of DNSSEC, resolvers need to be configured with a DNSSEC public key. Currently, resolvers of US domains will need to have the US DNSSEC public key when it is available. When the root zone is signed and fully functional, the root DNSSEC public key will be needed (instead).
-
How does a registrant sign a zone?
If the registrant is using a DNS managed service provider, they should contact the provider for instructions to turn on DNSSEC. If the registrant is operating their own DNS set up, there are a number of steps to perform. First, make sure the tools in use are capable of DNSSEC. This may mean upgrading the DNS software. Second, after preparing and documenting a plan, create cryptographic key pairs and enter them in the zone. Third, run a DNSSEC zone signer (dependent on the tools in use) to generate the first signed zone. The process of signing will have to be repeated as the signatures will have a limited lifetime. The final step is to publish the zone.
-
Where can more information be found?
The best general collection of information on DNSSEC can be found at this website:
www.dnssec.net
