Top-level domain name registry service on Google Cloud Platform
Find a file
gbrodman ee5a2d3916
Include internal registrars in the console (#2821)
This allows us to also check / modify the CharlestonRoad registrar in
the console, and also allows us to test actions (like password reset)
using that registrar in the prod environment.
2025-09-05 20:37:23 +00:00
.github/workflows Try to fix CodeQL java actions (#2583) 2024-10-03 19:54:26 +00:00
common Tag more junit versions to <6.0 (#2809) 2025-08-22 02:55:59 +00:00
config Remove user FKs from console history tables (#2729) 2025-03-25 20:47:47 +00:00
console-webapp Sort registrars list in console (#2820) 2025-09-05 18:44:17 +00:00
core Include internal registrars in the console (#2821) 2025-09-05 20:37:23 +00:00
db Tag more junit versions to <6.0 (#2809) 2025-08-22 02:55:59 +00:00
docs Update RDAP response profile + tech impl guide versions (#2778) 2025-07-09 21:02:33 +00:00
gradle/wrapper Upgrade to Gradle 8.13 (#2720) 2025-03-15 00:30:32 +00:00
integration Use nomulus-gke tagging mechanism in sql-int tests (#2702) 2025-03-04 04:05:53 +00:00
java-format Update version of google-java-format (#2766) 2025-06-06 18:11:54 +00:00
jetty Update proxy resources, increase ssl handshake timeout (#2819) 2025-09-05 18:09:55 +00:00
load-testing Update gradle dependency locks (#2806) 2025-08-19 16:17:47 +00:00
networking Update proxy resources, increase ssl handshake timeout (#2819) 2025-09-05 18:09:55 +00:00
prober Tag more junit versions to <6.0 (#2809) 2025-08-22 02:55:59 +00:00
processor Update gradle dependency locks (#2806) 2025-08-19 16:17:47 +00:00
proxy Update proxy resources, increase ssl handshake timeout (#2819) 2025-09-05 18:09:55 +00:00
release Fix the schema-verifier in Cloud Build (#2812) 2025-08-25 17:17:49 +00:00
services Tag more junit versions to <6.0 (#2809) 2025-08-22 02:55:59 +00:00
util Add time-limited logs to Epp Login flow to test increased latency (#2810) 2025-08-22 20:30:53 +00:00
.gcloudignore Remove Ofy (#1863) 2022-12-02 22:28:33 -05:00
.gitignore Re-enable Java 17 features (#2333) 2024-02-21 20:04:07 +00:00
.java-version Compile Nomulus with Java 21 (#2344) 2024-03-04 19:31:08 +00:00
appengine_war.gradle make the deploy task deploy to GKE (#2734) 2025-03-31 22:38:53 +00:00
AUTHORS Change all references to Domain Registry to Nomulus 2016-10-14 16:58:07 -04:00
build.gradle Fix console build for GKE (#2713) 2025-03-11 00:03:12 +00:00
buildscript-gradle.lockfile Build Nomulus with Java 17 (#2255) 2024-01-09 15:56:37 -05:00
CONTRIBUTING.md Add Google Java Style Guide info and link to CONTRIBUTING.md 2016-11-15 11:01:16 -05:00
CONTRIBUTORS Add Aman to CONTRIBUTORS (#2586) 2024-10-04 22:46:25 +00:00
dependencies.gradle Tag more junit versions to <6.0 (#2809) 2025-08-22 02:55:59 +00:00
dependency_lic.gradle Upgrade to Gradle 7.0 (#1712) 2022-07-26 11:41:27 -04:00
gradle.lockfile Upgrade to Gradle 8.10.1 (#2533) 2024-09-11 21:36:12 +00:00
gradle.properties Add indexes on domainRepoId to DomainHistoryHost and PollMessage (#2380) 2024-03-26 16:44:14 +00:00
gradlew Upgrade to Gradle 8.12 (#2630) 2025-01-08 18:43:10 +00:00
gradlew.bat Upgrade to Gradle 8.10.1 (#2533) 2024-09-11 21:36:12 +00:00
java_common.gradle Compile Nomulus with Java 21 (#2344) 2024-03-04 19:31:08 +00:00
LICENSE Fix a typo (#174) 2019-07-15 17:49:22 -04:00
nom_build Create a nom_build wrapper script (#508) 2020-03-10 16:32:14 -04:00
nomulus-logo.png Update Nomulus logo 2017-05-23 17:22:49 -04:00
package-lock.json Also load domains for domain checks of type renew/transfer (#2207) 2023-11-03 14:33:34 -04:00
package.json Update GCL dependency to avoid security alert (#1139) 2021-05-17 13:21:26 -04:00
projects.gradle Make GKE networking work more properly (#2531) 2024-08-22 13:10:56 +00:00
README.md Update README (#2717) 2025-03-14 15:46:42 +00:00
rollback_tool An automated rollback tool for Nomulus (#847) 2020-10-29 10:37:20 -04:00
SECURITY.md Add SECURITY.md security policy (#1257) 2021-07-26 17:35:59 -04:00
settings.gradle Create a load testing EPP client (#2415) 2024-05-23 21:37:34 +00:00
show_upgrade_diffs Added "show_upgrade_diffs" script (#981) 2021-03-09 07:48:06 -05:00
utils.gradle Use Flyway to deploy SQL schema to non-prod (#255) 2019-09-06 16:29:49 -04:00
vnames.json Update kythe vnames mapping (#1944) 2023-02-27 17:09:57 -05:00

Nomulus

Internal Build FOSS Build License Code Search
Build Status for Google Registry internal build Build Status for the open source build License for this repo Link to Code Search

Nomulus logo

Overview

Nomulus is an open source, scalable, cloud-based service for operating top-level domains (TLDs). It is the authoritative source for the TLDs that it runs, meaning that it is responsible for tracking domain name ownership and handling registrations, renewals, availability checks, and WHOIS requests. End-user registrants (i.e., people or companies that want to register a domain name) use an intermediate domain name registrar acting on their behalf to interact with the registry.

Nomulus runs on Google Kubernetes Engine and is written primarily in Java. It is the software that Google Registry uses to operate TLDs such as .google, .app, .how, .soy, and .みんな. It can run any number of TLDs in a single shared registry system using horizontal scaling. Its source code is publicly available in this repository under the Apache 2.0 free and open source license.

Getting started

The following resources provide information on getting the code and setting up a running system:

If you are thinking about running a production registry service using our platform, please drop by the user group and introduce yourself and your use case. To report issues or make contributions, use GitHub issues and pull requests.

Capabilities

Nomulus has the following capabilities:

  • Extensible Provisioning Protocol (EPP): An XML protocol that is the standard format for communication between registrars and registries. It includes operations for registering, renewing, checking, updating, and transferring domain names.
  • DNS interface: The registry provides a pluggable interface that can be implemented to handle different DNS providers. It includes a sample implementation using Google Cloud DNS, as well as an RFC 2136 compliant implementation that works with BIND. If you are using Google Cloud DNS, you may need to understand its capabilities and provide your own multi-AS solution.
  • WHOIS: A text-based protocol that returns ownership and contact information on registered domain names.
  • Registration Data Access Protocol (RDAP): A JSON API that returns structured, machine-readable information about domain name ownership. It is essentially a newer version of WHOIS.
  • Registry Data Escrow (RDE): A daily export of all ownership information for a TLD to a third party escrow provider to allow take-over by another registry operator in the event of serious failure. This is required by ICANN for all new gTLDs.
  • Premium pricing: Communicates prices for premium domain names (i.e., those that are highly desirable) and supports configurable premium registration and renewal prices. An extensible interface allows fully programmatic pricing.
  • Billing history: A full history of all billable events is recorded, suitable for ingestion into an invoicing system.
  • Registration periods: Qualified Launch Partner, Sunrise, Landrush, Claims, and General Availability periods of the standard gTLD lifecycle are all supported.
  • Brand protection for trademark holders (via TMCH): Allows rights-holders to protect their brands by blocking registration of domains using their trademark. This is required by ICANN for all new gTLDs.
  • Registrar support console: A self-service web console that registrars can use to manage their accounts in the registry system.
  • Reporting: Support for required external reporting (such as ICANN monthly registry reports, CZDS, Billing and Registration Activity) as well as internal reporting using BigQuery.
  • Administrative tool: Performs the full range of administrative tasks needed to manage a running registry system, including creating and configuring new TLDs.
  • Secure storage of cryptographic keys: A keyring interface is provided for plugging in your own implementation (see configuration doc for details), and an implementation based on Google Cloud Secret Manager is available.
  • TPC Proxy: Nomulus is built on top of the Jetty container that implements the Jakarta Servlet specification and only serves HTTP/S traffic. A proxy to translate raw TCP traffic (e.g., EPP) to and from HTTP is provided. Instructions on setting up the proxy are available. The proxy can either run in a separate cluster and communicate to Nomulus public HTTP endpoints via the Internet, or as a sidecar with the Nomulus image in the same pod and communicate to it via loopback.

Additional components

Registry operators interested in deploying Nomulus will likely require some additional components that need to be configured separately.

  • A way to invoice registrars for domain name registrations and accept payments. Nomulus records the information required to generate invoices in billing events.

  • Fully automated reporting to meet ICANN's requirements for gTLDs. Nomulus includes substantial reporting functionality, but some additional work will be required by the operator in this area.

  • System status and uptime monitoring.

Outside references