FAQs

Ensure that your ICANN accreditation is in good standing to include the most recent Registrar Accreditation Agreement (RAA) and other required ICANN documentation. » More information

Use the Online Registrar Management System (ORMS) to submit your application for accreditation with Public Interest Registry. Please contact the Operations team with your request. For specific information see more on becoming a registrar.

Beginning in 2013, new domain extensions, or generic Top Level Domains (gTLDs), will change how the world uses the web. People will have the option of choosing memorable and intuitive domain names specific to their online objectives and activities. New TLDs should help consumers know what to expect from the websites they visit, making it easier to find sites relevant to them. These new gTLDs will be launched worldwide, joining the likes of .org, .com, and .net. Among the proposed new gTLDs are .ngo, for Non-Governmental Organisatons, and .ong, the domain name representing the Romance language version of NGO.

A domain name registry maintains and operates the master database for a given top-level domain (TLD), such as .ORG, .OPR, .机构, and .संगठन. The registry ensures that each domain name registered with the associated domain extension is unique so that registrants can use them for their individual chosen purposes without interference or competition. The registry also generates a “zone file”, which allows computers to route Internet traffic to and from .ORG, .OPR, .机构, and .संगठन domain names around the world. Public Interest Registry is the registry for the .ORG, .OPR, .机构, and .संगठन TLDs.

Following the Internet compliance rules outlined by the Internet Corporation of Assigned Names and Numbers (ICANN), registries such as Public Interest Registry do not accept domain name registrations directly from the public. Instead, registrars, the “retailers” that essentially register domain names on behalf of registrants, will submit the registration requests to the registries. Registrants are people or organizations that would like to register and use a domain name.

As of Q1 2014, there are approximately 328 top level domains. Of these, there are 22 gTLDs (.com, .org, etc.), 294 associated with country codes, and 12 special-purpose TLDs used for testing and infrastructure.

gTLD is one of the categories for Top-Level Domain Names. It stands for “generic” top-level domain, such as .ORG, .com, and .net. Other popular categories are ccTLD (country codes), which are managed or controlled by the particular country, and IDNs (Internationalized Domain Names). Domain names are either “open” or “closed”: anyone can register for an open domain name, while closed domain names require an application process.

Anyone may look up information regarding a .ORG, .OPR, .机构, and .संगठन domain name using the WHOIS lookup.

General Availability terms are 1 – 10 years. Registration term begins when the domain name becomes active. Domains registered during Sunrise will have a minimum period of 5 years.

Some registrars that have been accredited by the Internet Corporation for Assigned Names and Numbers (ICANN) have – “resellers”. The registrar provides its resellers with the tools, such as back-end systems and customer service, required to register domain names. Using its registrar’s systems, the reseller then has the ability to offer domain names to whomever it wishes, such as the general public.

If a site that offers domain names is not on our list of authorized registrars, it may be a reseller. If you look up a domain name in the WHOIS, it will display the name of Public Interest Registry-authorized registrar (not the name of its reseller) in the “Sponsoring Registrar” field.

Originally the Root Zone was limited to a set of characters conforming to US-ASCII (American Standard Code for Information Interchange) or “Latin” alphabets. This changed with the introduction of Internationalized Domain Names (IDNs), which introduced top-level domains (TLDs in different scripts and enabled Internet users to access domain names in their own language.

Public Interest Registry is a nonprofit organization that currently operates the .ORG, .OPR, .机构, .संगठन, .NGO and the .ONG domains.

As our name implies, we exist to serve the public interest online. Our globally diverse team is committed to providing a stable online platform where everyone has a voice. As an advocate for collaboration, safety and security on the Internet, Public Interest Registry’s mission is to empower the global noncommercial community to use the Internet more effectively, and to take a leadership position among Internet stakeholders on policy and other issues relating to the domain naming system.

More than 10.8 million domain names are currently registered with .ORG.

General Availability terms are 1 – 10 years. Registration term begins when the domain name is registered. Domains registered during Sunrise will have a minimum period of 5 years.

.NGO|.ONG support DNS Security Extensions (DNSSEC). DNSSEC is a secure version of DNS.

Cache poisoning, the unauthorized access and modification of DNS caches to intentionally spoof websites, hijack email, and even steal passwords has been a major vulnerability. DNSSEC ensures cache poisoning is prevented, that DNS data cannot be forged and that data originating from its stated source is not modified in transit.

Public Interest Registry was the first generic Top-Level Domain (gTLD) registry to fully deploy DNSSEC.

There is no system for reserving names. However, ICANN requires that each new gTLD registry have a “Sunrise Period” before the opening of the general availability of registrations. During this period, a trademark holder has the ability to claim a domain name registration corresponding to its trademark. Please note that entities with valid trademarks must first be registered with Trademark Clearinghouse (TMCH). If there is more than one owner of a particular trademark (e.g., in different areas of the world), and more than one claims a registration, the first to apply will get the registration. An NGO that has registered its organization’s name as a trademark will be eligible to take advantage of this process. NGOs that have not registered their names as trademarks will be able to register their name during the general availability on a first-come, first-served basis following the Sunrise Period.

Once the .NGO|.ONG domains are available, contact a registrar accredited with Public Interest Registry. It’s important to note that both .NGO and .ONG are not included in one registration. This means, if you register .NGO, you will need to secure .ONG separately, and vice versa.

Public Interest Registry has been working closely with the NGO community and leading NGO associations around the world to develop a process to validate applicants for a .NGO domain. We believe that working with the NGO community on a global basis is important in both reaching out to the NGO community and validating their inclusion in the .ngo domain.

Seven criteria are used to define an NGO or ONG for the purpose of validation:

1. Focused on acting in the public interest. Whether in support of education or health, the environment or human rights, members of the .NGO/.ONG community work for the good of humankind and/or the reservation of the planet and do not promote discrimination or bigotry.
2. Non-profit making/non-profit-focused entities. While many NGOs and ONGs engage in commercial activities or generate revenue in support of theirs missions, members of the .NGO/.ONG community do not recognize profits or retain earnings.
3. Limited government influence. Recognizing that many .NGO/.ONG organisations have important interactions with government, not least for reasons of funding (which may include receipt of some government funding in support of their programs,) members of the .NGO/.ONG community decide their own policies, direct their own activities and are independent of direct government or political control.
4. Independent actors. Members of the .NGO/.ONG community should not be political parties nor should be a part of any government. Participation in the work of a .ngo|.ong is voluntary.
5. Active Organisations. Members of the .NGO/.ONG community are actively pursuing their missions on a regular basis.
6. Structured. Members of the .NGO/.ONG community, whether large or small, operate in a structured manner (e.g., under bylaws, codes of conduct, organizational standards, or other governance structures.)
7. Lawful. Members of the .NGO/.ONG community act with integrity within the bounds of law.

NGOs and ONGs participating as members in the .NGO/.ONG community must certify that they adhere to the above .NGO/.ONG Eligibility Criteria.

The .OPR, .机构, and .संगठन domain names will follow the same lifecycle rules as other existing domains such as .ORG. The phases of the lifecycles are:

• Domain creation
• 5-day Add Grace Period
• Registration period
• Domain expiration
• 0-45 days Auto-Renew Grace Period
• Domain Deletion
• 30-day Redemption Grace Period
• 5-day Pending Delete Period

There are no restrictions based on geography. Registrants are not required to demonstrate non-profit status.

As part of ICANN’s Pre-Delegation Testing (PDT) of all new gTLDs, it is a requirement that all registries offer and support DNSSEC throughout the lifecycle of all domains. Therefore, .орг, .机构, and .संगठन support DNS Security Extensions (DNSSEC). DNSSEC is a secure version of DNS.

Cache poisoning, the unauthorized access and modification of DNS caches to intentionally spoof websites, hijack email, and even steal passwords has been a major vulnerability. DNSSEC ensures cache poisoning is prevented, that DNS data cannot be forged and that data originating from its stated source is not modified in transit.

Public Interest Registry was the first generic Top Level Domain registry to fully deploy DNSSEC for .ORG.

There are two different types of .ORG IDNs. The Domain Name System (DNS) initially only supported the Latin characters a through z, A through Z, 0 through 9, and the hyphen. However in 2003 new standards were introduced that enabled the conversion of non-ASCII characters to the left of the dot – these characters could either be Latin letters with diacritics (e.g. ñ or â) or scripts that do not use the Latin alphabet such as Chinese or Cyrillic. The right of the dot (.ORG) remained in Latin characters.

What has changed with the new generic Top Level Domain (gTLD) IDNs is the addition of a multilingual translation service at the front end (the user’s browser) to supplement the DNS. This means that non-Latin characters can now be used on both sides of the dot, providing a completely non-Latin domain name.

Technically, when an IDN is input, the web browser algorithmically converts it into a combination of ASCII characters (known as Punycode). For example, the IDN for McDonald’s Russia (макдональдс.рф) is converted to the Punycode equivalent https://xn--80aalb1aicli8a5i.xn--p1ai/. It is this Punycode string that is sent to the name server, and when an IDN is initially registered, it is this Punycode address that is stored within the name server. This is how the domain name is found on the Internet.

A DNSSEC registration must include the public key information. This information is put in to a Delegation Signer (DS) record (either by the DNS operator or perhaps the registrar) and submitted to the registry by the registrar using the DNS Security extensions for EPP. Click here for more info.

Under ordinary circumstances key rollovers are not visible to end-users. The transition from one key to another is handled automatically by the DNS and validating resolvers, as long as the actual zone signer properly manages the key pairs and enters the changing keys in to the DNS as needed.

DNSSEC uses several mathematical formulas (cryptography) to “sign” a zone. These signatures are subject to cryptanalysis. It is therefore possible for an attacker to learn the private key in a key pair even though that key has never been disclosed, either through “brute force” or other types of attacks. Every attack requires time to complete. Periodically changing the key decreases the length of time an attacker has to attempt the compromise.

A key rollover occurs whenever it is necessary to change the private key used to sign a zone or the public key used to validate a zone. This can occur for planned or unplanned reasons. Planned rollovers occur as an ordinary part of key management procedures, similar to changing a password on a regular basis. Unplanned rollovers occur whenever a private key has been compromised.

In DNSSEC the keys come in pairs — a private key (held only by the signer of the zone, which is usually the DNS operator who may be the registrar if you are providing DNS services to your customers) and a public key (distributed to the public through the DNS). The private part of the key pair is used to sign the zone. Validating resolvers use the public part of the key pair to validate the digital signature created when the zone is signed.

A DNS resolver is the program on a user’s computer that sends the query to the DNS. Once a response is received, the resolver returns the response back to the end user’s application. A validating resolver is a resolver that checks the digital signatures created and made available by domain name owners who want to protect their domains.

• You must actively maintain the extra DNSSEC data, including securing the DNSSEC private key data used to sign zones.
• If the key information is compromised, you must take immediate action to rollover (replace) the key.
• You may have to educate your customers on how to make their software DNSSEC-aware.
• There have been a few reported cases of bugs in network gear, such as routers, switches, and wireless access points that require end-users to upgrade their network gear in order to resolve signed domain names.

• DNSSEC zones prevent man-in-the-middle attacks. Any customer with a DNSSEC-aware resolver will not be at risk from this attack.
• DNSSEC is backwards compatible with the existing DNS infrastructure. Customers that are not using DNSSEC will not see any adverse effect. While they won’t get the protection, they’ll continue to access domain names just as they always have.
• DNSSEC is the foundation of providing the safe and secure Internet of the future, including secure web browsing and adding additional security services to a wide variety of Internet services (e.g., email, voice-over-IP, etc.).

The DNS is a critical Internet infrastructure protocol and virtually everything that users do on the Internet depends on it. Protecting the DNS to ensure that users are connecting with the services they expect to be communicating with is the foundation of a safe and secure Internet.

The latest versions of BIND and NSD are DNSSEC aware, usually by simply setting a configuration-option. For end user applications, such as web browsers and email applications, you should contact your software provider. For more information on how to deploy DNSSEC, visit the DNSSEC Deployment website and DNSSEC HOWTO, a tutorial in disguise

Please contact your registrar to implement DNSSEC for your domain. For a list of .орг, .机构, and .संगठन accredited registrars as well as .org DNSSEC accredited registrars, click here.

Administration of a DNSSEC signed zone is more complex than that of an unsigned zone. Zone maintenance in the non-DNSSEC environment simply involves changing records as required and updating the serial number of the zone with each change. In many networks this is an automated process. However, in the DNSSEC environment this action alone would result in the invalidation of the zone data. Therefore, in addition to updating records and serial numbers the zone itself must be resigned. Care must be taken to keep keys and signatures current and not let signatures expire. If the zone is compromised either by malicious intent or neglect, the Zone Data Administrator must take actions to restore the zone’s place in the DNSSEC authentication chain.

Zone-signing is the process of cryptographically signing the authoritative data within a zone file. This process adds new records to the zone, which allows resolvers to verify the origin, authenticity and integrity of the DNS responses. .ORG, .орг, .机构, and .संगठन zones have been, and any future new gTLDs will be, NSEC3 (RFC 5155) signed.

Each piece of a domain’s DNS information has a digital signature attached to it. When a user enters the domain in a browser, the resolver, using keys in a similar manner to TLS/SSL, verifies the signature. If it does not match, the resolver discards the response and waits for another.

DNSSEC ensures that the information in the response you receive is the same information the registrant of the domain name wants you to receive. When a registrant registers a domain name on the Internet, they will also be able to have the domain name secured via DNSSEC. By sending in additional information to their registrar, registrants can “sign” a domain name, thus ensuring that all DNS responses are digitally signed via DNSSEC. By checking the digital signature, a DNS resolver is able to check if the information is identical (correct and complete) to the information the registrant wants you to receive.

DNSSEC is designed to protect Internet resolvers (clients) from forged DNS data, such as that created by DNS cache poisoning. Currently, a DNS resolver sends a query out to the Internet and then accepts the first response it receives, without question. If a malicious system were to send back an incorrect response, the resolver would use this address until its cache expired. This is bad enough if it’s a single user’s computer that gets this bad data, it’s much worse if it’s another name server that answers queries for an ISP – affecting thousands of users.

DNSSEC is an addition to the Domain Name System (DNS) protocols; it is designed to add security to the DNS to protect it from certain attacks, such as any data modification attack (e.g. cache poisoning). It is a set of extensions to DNS, which provide origin authentication of DNS data, data integrity and authenticated denial of existence.

The Domain Name System Security Extensions (DNSSEC) as described in [RFC4033], [RFC4034], and [RFC4035] define new records and protocol modifications to DNS that permit security-aware resolvers to validate DNS Resource Records (RRs).

Public Interest Registry has introduced rate-limiting logic on the WHOIS Port 43 server and similar rate-limiting logic on the Public Interest Registry website. Public Interest Registry monitors all IP addresses accessing the WHOIS Port 43 server. All traffic is logged, and rate-limit validation logic is applied to limit access by any given IP address. If a unique IP address exceeds the limit, the query will be stopped, and the error message will be displayed. Users who submit queries to the public WHOIS port 43 are limited to 10 queries per minute.

The registry WHOIS system pulls the expiration date from our registry database. Because the auto-renewal process is conducted daily in the registry database, WHOIS will publish the auto-renewed dates If the registrant does not renew the registration with his/her registrar, the registrar may delete the registration in the registry database.

When a domain name reaches its expiration date and is not renewed by the registrar, the registry system performs an auto-renew on the domain name. The auto-renew extends the expiration date for one year whether or not the registrar has received payment from the registrant. For example:

Example.org, example.орг, example.机构, or example.संगठन, is set to expire on April 25, 2004. The following events will occur:

1. The registry auto-renews domain names the day after they expire. If the registrar does not renew this domain name with their registry prior to April 25, the registry will auto-renew the domain name for one year on April 26.
2. The registry auto-renews domain names the day after they expire. Therefore, on April 26, the registry will auto-renew the domain name for one year.
3. On April 26, the new expiration date will read April 25, 2005.
4. The registrar then has 45 days during which they may delete the registration and receive a credit for the registry fee.

To verify if your domain name has recently been auto-renewed, Ccheck the “Last Update Date” field in WHOIS. If this field states that your domain name was last updated the day after it expired, your name probably was auto-renewed.

No. This policy addresses the illegal and abusive use of domain names of a technical nature. It is not a substitute for current remedies to resolve intellectual property disputes involving domain names and websites. This policy does not replace the ICANN Uniform Dispute Resolution Policy (UDRP).

Public Interest Registry takes every possible step to ensure registrants are protected. While security best practices prevent Public Interest Registry from publicly stating how we investigate reports of abuse, our goal is always to protect registrants. Domains suspected as abusive will be investigated. Public Interest Registry works closely with the registrar to ensure the appropriate action is taken to resolve the abuse. If it appears a website has been compromised Public Interest Registry will take steps in accordance with our Abuse Policy to prevent further abuse.

It is our goal that only those who abuse the domain system and engage in illegal or fraudulent activity will be affected by this policy. Ordinarily, there should be no change in your relationship with your registrar or the operation of your domain.

The Domain Name Anti-Abuse policy is enacted under the clear, long standing, contractual authority of Public Interest Registry pursuant to Section 3.6.5 of every Public Interest Registry Registry-Registrar Agreement.

If the domain name has expired before it is deleted and enters RGP and then it is restored, the registrar’s account is debited for the RGP fee and the one-year renewal fee. If the domain name has NOT expired prior to deletion and entering RGP and then it is restored, the registrar’s account is debited the RGP fee, but the renewal fee is charged only if a “renew” is requested explicitly or the domain was deleted within the 45-day Auto-Renew Grace Period. When at all commercially reasonable, the domain name will be reinstated, with temporary restrictions, within five calendar days of the restore request. It is up to each registrar whether to charge the registrant for the renewal fee in addition to an RGP fee.

Once the 30-day RGP for a domain name has passed, it cannot be restored. RHP serves as a notice period for registrars regarding the pending availability of the domain name.

Public Interest Registry does not determine the fees that registrars charge their customers. However, the registrar incurs extra costs each time it invokes the RGP process. Registrars may charge a fee to restore a domain name through RGP at their discretion. You should contact your registrar to inquire about the fee being charged.

Once a registrar formally requests to restore a domain name, it must provide a special restore report to us within five days. This report must include background documentation and a reason for the restoration. If your registrar does not deliver the report within five days, the registry will return the domain to the RGP status (“Pending Delete – Restorable”), and the domain name once again will not resolve or support Internet services (e.g., website or email).

No. Once a domain name is placed in RGP, no Internet services for that domain name, including email, will work.

No. Once a domain name is placed in RGP, no Internet services for that domain name will work.

For a domain name to be released for registration, it must complete the 30-day RGP and the five-day RHP. In total, a domain name can be released for re-registration 35 days after it has been deleted by a registrar, provided that there has been no restore request received by the registry during the RGP. To calculate the date a deleted domain name will be available for registration, add 35 days to the “last updated on” date reflected in the WHOIS.

If your domain name has been placed in RGP, it is because your registrar requested to delete it. If you wish to redeem the domain name, you must contact your registrar immediately.

The sponsoring registrar for the domain name (as indicated in the WHOIS) is the ONLY registrar that can restore it. We cannot directly restore your domain name — it can act only on explicit instructions from the sponsoring registrar. Please note that your registrar may charge a fee for restoring the domain name.

If a domain name is in RLP, the “Status” field in the WHOIS will show the domain name as PENDING RESTORE.

If a domain name is in RHP, the “Status” field in the WHOIS will show the domain name as “PENDING DELETE SCHEDULED FOR RELEASE HOLD.”

If a domain name is in RGP, the “Status” field in the WHOIS will show the domain name as “PENDING DELETE RESTORABLE and HOLD.” All Internet services associated with the domain name will remain disabled.

Once a registrar formally requests to restore a domain name, the registrar must submit a Restore Report to Public Interest Registry within five days to fully restore the domain name from RGP. This five day period is referred to as Restore Lock Period (RLP). This means that the registrar cannot use the domain name until a restore report has been submitted and accepted. During this period the following domain statuses will be applied:

PENDING DELETE RESTORE

UPDATE PROHIBITED

DELETE PROHIBITED

RENEW PROHIBITED

TRANSFER PROHIBITED

If a registrar deletes a domain name and does not request that the domain name be restored during the 30-day RGP, it enters RHP. RHP lasts for five days, and during this time the domain name is locked and unable to be restored. After five days, it becomes available for re-registration. Once the domain name enters RHP, the prior registrant cannot request a restore. When a domain name is in RHP, its status is listed as PENDING DELETE SCHEDULED FOR RELEASE and HOLD. The domain is returned to the zone file during this period. If the Restore Report is not received from the registrar within 5 days, the domain is returned to a new 30-day RGP with status of: PENDING DELETE RESTORABLE.

RGP is a service that allows the registrar to restore a domain name that has been unintentionally deleted. This 30-day period begins after a registrar requests that the registry delete a domain name. When a domain name is in RGP, its status is listed as PENDING DELETE RESTORABLE and HOLD.

When a domain name enters RGP, it is removed from the registry zone file. As a result, any Internet services supported by the domain name will be disabled (e.g., email or a website). The registrant must act IMMEDIATELY if the domain name is to be restored.

After the 30-day RGP, the domain name enters the Redemption Hold Period (RHP).

Any domain name that does not have at least two name servers associated with it is listed as “Inactive”. This means that the domain name will not resolve on the Internet. Once you add two name servers through your registrar, the Inactive status will be taken off, and the domain name will resolve.

To make changes to your domain name, including changing name servers, renewing your domain name, transferring or deleting a domain name, please contact your registrar or reseller, who will then put the request through to the registry. Public Interest Registry, like all domain name registries, is not authorized to change records directly for registrants.

There are third parties that offer this service. Please contact your registrar or reseller for information on how to place a backorder on a domain name.

Each registrar and reseller uses a unique contact management system to manage usernames and passwords for each registrant. Please contact your registrar or reseller directly to obtain this information.

Your registration may have expired. When you register a domain name, you can register it for one to 10 years. When your registration expires, the registry will auto-renew the domain name for one year and debit your registrar’s account for the renewal fee. If your registrar does not receive your registration payment, your registrar can take one of several actions, including deleting or placing your domain name on “hold”. These actions will remove your domain name from the zone file, and all Internet services, including email, for that domain name will cease.

If the registrar deletes your domain name, you have 30 days from the date of deletion to contact your registrar to restore and renew it. See FAQs about the Redemption Grace Period for more information.

No, but the registrar you are transferring to can verify the auth code.

The auth code is a six-to-16-character code assigned by the current sponsoring registrar that serves as a password for the domain. Auth codes are asecurity measure that ensures that only the owner of the domain name can make transfers.

If you do not know your auth code, you can obtain it from your registrar. Registrars are contractually required to provide the auth code upon the request by the registrant.

Registrars can obtain the auth code for their domain names by sending a request to the registry. Registrars are able to obtain auth codes only for the domain names that they manage.

To transfer your domain name to a new registrar or registrant:

• Obtain the authorization code (auth code) from the current sponsoring registrar of the domain name. Please consult the WHOIS search to find out who the sponsoring registrar is.
• After you receive your auth code, supply it to the registrar to whom you wish to transfer the domain name.
• The new registrar should then initiate the transfer. Once initiated, the transfer will be completed within five 24-hour periods.
• Public Interest Registry advises that you change your auth code after a transfer. You can do this through the new registrar.
• The registrant should update the contact information through the sponsoring registrar. Public Interest Registry cannot do this for you; you must do it through the registrar.

You must contact your registrar or reseller to determine if anything can be done.