Review of a major project in the service of an essential infrastructure of the French Internet.
As an Operator of Essentials Services, Afnic manages the infrastructure of 20 TLDs, including the .fr domain which has nearly four million domain names. On 1 October, all the registry and domain name management services of the .fr and French overseas TLDs were migrated onto a new infrastructure. This migration was the culmination of a major overhaul project which was carried out in stages and involved numerous stakeholders. Its objective was to offer our clients registry and domain name management services to the very best standards of performance and security and to continue to develop the attractiveness of the .fr TLD. At stake for us was the entire overhaul of the system thanks to our in-house expertise in order to retain full control of a major infrastructure of the French Internet.
A project carried out in close coordination with clients
When the project was kicked off, Afnic carried out an analysis and an inventory of needs with a large group representing its registrar and registry clients. This approach relied in particular on a focus group, which provided the elements essential to the construction of a workable roadmap. As users, clients were also called upon to validate elements at the time of designing interfaces. They were then able to test the various functionalities and give their feedback to the teams. These continuous interactions allowed regular adjustments to be made in line with the various clients’ operational requirements.
Deployment in stages
The migration of the registry and domain name management systems was carried out in three key stages:
- An initial migration for holders with dot-brand TLDs in the spring of 2020
- A second migration for holders with geographic TLDs in September 2021
- A third migration for the .fr and French overseas TLD services on 1 October 2022
Thanks to these gradual deliveries, this sequencing allowed us to validate and progressively enrich the fundamental components of the overhaul, namely the administration interface of the TLD for the registry and the domain name management interface for the registrars. Each deployment was accompanied by training and support for users to facilitate take-up of the new tools.
Services meeting the very best performance standards
This project was an opportunity to make performance improvements to the registry and domain name management system, particularly in the processing times of operations, which are now 5 to 20 times faster than before. The system has also been designed flexibly to absorb increases in volume. Another important new feature: the development and provision of an application programming interface (API) for the registrars. This new functionality allows distributors of domain names to automate certain domain name operations, thus facilitating their day-to-day work.
Security, an absolute priority
Security is a key commitment of Afnic, as reflected by the ISO 27001 certification of its infrastructure. Day after day, we rely on a continuous improvement approach and an Information Security Management System (ISMS) to constantly reinforce the security of the domain name management system. The security and protection of personal data were essential aspects of this project, having been integrated from the outset. This “by design” approach is illustrated in particular by the improvement in the management of access to the services (robustness of passwords, dual authentication) and a strengthening of protection against cyberattacks and incidents by means of infrastructures using cutting-edge technologies, such as Kubernetes.
The choice of a complete rewrite in the interests of French digital sovereignty
Faithful to its mission as the French centre of resources and expertise on the DNS and domain name technologies, and after evaluating the solutions and technologies present in the market, Afnic decided to completely rewrite its registry systems. Integrating modern languages, architectures and database systems perfectly in line with the state of the art and conforming scrupulously to IETF standards for registry services, the new .fr registry system is entirely “made in France” and thus constitutes an essential building block, managed end-to-end, in French digital sovereignty.
By facilitating the management of domain names and strengthening the resilience of the infrastructure, this new registry system contributes to the attractiveness of .fr as a trusted, simple, competitive and secure TLD at the service of users. It also provides other TLD registries with a turnkey technical solution in support of their development projects. In pursuit of its goal of operational excellence, Afnic will regularly add new functionalities and improvements to this new registry system.
Afnic is the acronym for Association Française pour le Nommage Internet en Coopération, the French Network Information Centre. The registry has been appointed by the French government to manage domain names under the .fr Top Level Domain. Afnic also manages the .re (Reunion Island), .pm (Saint-Pierre and Miquelon), .tf (French Southern and Antarctic Territories), .wf (Wallis and Futuna) and .yt (Mayotte) French Overseas TLDs.
In addition to managing French TLDs, Afnic’s role is part of a wider public interest mission, which is to contribute on a daily basis, thanks to the efforts of its teams and its members, to a secure and stable internet, open to innovation and in which the French internet community plays a leading role. As part of that mission, Afnic, a non-profit organization, has committed to devoting 11% of its Revenues from managing .fr Top Level Domain to actions of general interest, in particular by transferring €1.3 million each year to the Afnic Foundation for Digital Solidarity.
Afnic is also the back-end registry for the companies as well as local and regional authorities that have chosen to have their own TLD, such as .paris, .bzh, .alsace, .corsica, .mma, .ovh, .leclerc and .sncf.
Established in 1997 and based in Saint-Quentin-en-Yvelines, Afnic currently has nearly 90 employees.