Complete Backend Registry Services for TLD Operators
ADG provides the complete technical infrastructure needed by Top-Level Domain operators — from global DNS Anycast to DNSSEC key management — all of which have passed ICANN's rigorous RSP Program evaluation.
What Is a Registry Service Provider?
A Registry Service Provider (RSP) is a technical backend service provider that manages the day-to-day operations of a Top-Level Domain (TLD). When an organization obtains the right to manage a TLD from ICANN — such as .brand, .company, or even a country-code TLD — they have two options: build the entire technical infrastructure themselves, or partner with an ICANN-evaluated RSP.
The RSP handles all critical technical aspects: DNS resolution answering billions of queries daily, domain provisioning systems (EPP/SRS) for domain registration and management, WHOIS/RDAP services for public domain data queries, DNSSEC cryptographic signing for DNS security, and Data Escrow for registrant data protection.
ICANN maintains a list of evaluated RSPs meeting strict technical standards. As of 2025, only 28 RSPs worldwide have passed this evaluation. PT AIDI Digital Global is one of them — and the only one based in Southeast Asia.
Why Choose an RSP Over In-House Infrastructure?
- Reduce initial investment and operational infrastructure costs
- Leverage experienced team expertise in registry operations
- Accelerate time-to-market — launch a TLD in 60–90 days
- Guaranteed SLA commitments, including uptime and response times
- ICANN compliance built-in, including Data Escrow and EBERO readiness
- Focus on business and domain strategy, not infrastructure management
Five Critical Services Operated by ADG
Each service has been independently evaluated by ICANN and meets the highest operational standards of the global registry industry.
Technical Specifications
- 30+ Anycast nodes across 6 continents (via .id Registry global infrastructure)
- SLA: 99.999% availability (< 5 minutes downtime per year)
- UDP & TCP DNS support (RFC 1035, RFC 7766)
- EDNS0 support with 4096-byte payload
- DNS query logging & analytics
- Automated zone management & propagation
- DDoS protection: 1 Tbps backbone capacity
ADG Registry Platform Architecture
Our system is designed with high availability, security-by-design, and compliance-first principles.
Platform Architecture
High Availability
Every component has full redundancy. Databases use active-passive replication with automatic failover. DNS runs on 30+ independent nodes. EPP has hot standby.
Security-by-Design
All communication uses TLS 1.3 minimum. Cryptographic keys stored in HSM. System access uses MFA and role-based access control. Audit log for every operation.
Compliance-First
Architecture designed to meet ICANN requirements from the start, not as an afterthought. Data Escrow, EBERO readiness, and SLA monitoring are integrated into the core platform.
Service Level Agreement Commitments
ADG's SLA is designed to exceed ICANN's minimum standards, providing reliable contractual guarantees for TLD operators.
| Service | ICANN Minimum | ADG SLA | ADG Target |
|---|---|---|---|
| DNS Resolution | 99.99% | 99.999% | 99.9999% |
| EPP/SRS | 99.9% | 99.99% | 99.999% |
| WHOIS (Port 43) | 99.9% | 99.99% | 99.999% |
| RDAP | 99.9% | 99.99% | 99.999% |
| DNSSEC Signing | 100% | 100% | 100% |
| Data Escrow Deposit | Weekly | Daily incremental + Weekly full | Daily incremental + Weekly full |
RPO < 1 Hour
Recovery Point Objective: maximum data loss of 1 hour in worst-case scenario
RTO < 4 Hours
Recovery Time Objective: full service recovery within 4 hours
24/7 NOC
Network Operations Center active around the clock with on-call escalation
Incident Response Times
| Severity | Description | Initial Response | Update Frequency | Resolution Target |
|---|---|---|---|---|
| P1 — Critical | Entire service down or data loss | 15 minutes | Every 30 minutes | 4 hours |
| P2 — High | Significant degradation of one critical service | 30 minutes | Every 1 hour | 8 hours |
| P3 — Medium | Minor degradation, workaround available | 2 hours | Every 4 hours | 24 hours |
| P4 — Low | Cosmetic issue or enhancement request | 8 hours | Daily | 5 business days |
Transparent Pricing, Tailored to Your Needs
We believe in pricing transparency. RSP service costs depend on domain volume, TLD complexity, and additional services required.
"ADG's pricing follows the per-domain per-tier model common in the RSP industry, with a one-time setup fee and monthly/annual billing based on active domains. Each tier includes all 5 critical ICANN services — no hidden fees for features that should already be included."
Starter
For New TLDs & Brand TLDs
- Full 5 core services (DNS, EPP, WHOIS/RDAP, DNSSEC, Escrow)
- Shared infrastructure
- Standard SLA
- Email support + 24/7 NOC
- Setup fee: per agreement
- Per-domain per-year: volume-based
Professional
For Growing TLDs
- Full 5 core services
- Dedicated infrastructure options
- Enhanced SLA
- Dedicated account manager
- Custom EPP extensions support
- Priority incident response
Enterprise
For Large Registries & ccTLDs
- Full 5 core services
- Fully dedicated infrastructure
- Premium SLA with financial penalties
- Dedicated NOC team
- Custom integrations & APIs
- On-site support available
- Strategic partnership model
From Signature to Go-Live in 60–90 Days
ADG's onboarding process is designed for efficiency without sacrificing rigor. A dedicated team guides you through every stage.
Pre-Engagement
Discuss requirements, conduct technical assessment, and compile proposal. We understand your TLD — domain policies, target market, registrar partners, and specific technical needs.
Environment Setup
Provision DNS zone on 30+ Anycast nodes, set up EPP/SRS instance, configure WHOIS/RDAP, and generate DNSSEC keys in HSM.
Configuration
Configure TLD-specific domain policies: pricing, grace periods, reserved names, premium domains. Onboard registrar partners.
OT&E Testing
Operational Test & Evaluation — registrars test EPP connections, domain operations, and DNSSEC validation in staging environment.
ICANN PDT
Coordinate Pre-Delegation Testing with ICANN: verify DNS, EPP, WHOIS/RDAP, DNSSEC, and Data Escrow compliance.
Go-Live
DNS delegation to root zone, production cutover, and full monitoring activation. Your TLD is now officially live on the internet.
Stabilization
Intensive monitoring, performance fine-tuning, knowledge transfer, and handover to regular operations mode.
The 60–90 day timeline applies to standard new TLDs. Migration from another RSP requires 90–120 days due to data migration and parallel run. Brand TLDs (.brand) with low volume can be faster (45–60 days).
Full Compliance with ICANN RSP Handbook
ADG has been evaluated and meets all requirements of the ICANN RSP Handbook v1.2.2 (March 2025). Below is the mapping of requirements to our implementation.
| ICANN Requirement | Handbook Section | ADG Implementation | Status |
|---|---|---|---|
| Governance & Organization | MAIN.1 | Formal organizational structure, complete SOP, documented security policies | ✅ Compliant |
| Personnel Security | MAIN.1.11–12 | 3-level background checks, penetration testing plan, key ceremony personnel clearance | ✅ Compliant |
| EPP/SRS Operations | MAIN.3–4 | Full EPP RFC compliance, 99.99% SLA, concurrent connection support | ✅ Compliant |
| WHOIS/RDAP Service | MAIN.5 | Port 43 + RDAP, thick model, data protection-aware redaction | ✅ Compliant |
| Data Escrow | MAIN.6 | Daily incremental + weekly full, ICANN-approved agent, PGP encryption | ✅ Compliant |
| Data Protection | MAIN.7 | Local data protection compliance, breach notification within 72 hours, privacy policy | ✅ Compliant |
| Abuse Prevention | MAIN.8–9 | Documented abuse prevention policy, rights protection mechanisms | ✅ Compliant |
| Registry Continuity | MAIN.11 | EBERO plan, service transition plan, business continuity procedures | ✅ Compliant |
| Capacity Planning | MAIN.13 | Capacity planning document, scalability roadmap, load testing | ✅ Compliant |
| DNS Operations | DNS.1–4 | 30+ Anycast nodes, 99.999% SLA, 1 Tbps DDoS protection | ✅ Compliant |
| DNSSEC Operations | DNSSEC.1–4 | FIPS 140-2 HSM, KSK annual/ZSK quarterly rotation, DPS published | ✅ Compliant |
Who Needs ADG's RSP Services?
New gTLD Operator
Scenario
You have secured a new TLD right from ICANN and need the technical infrastructure to launch it.
How ADG Helps
We provide all 5 critical services, guide you through Pre-Delegation Testing, and bring your TLD live in 60–90 days without you building a single server.
Migration from Another RSP
Scenario
You're unsatisfied with your current RSP — SLA not met, slow support, or costs too high.
How ADG Helps
ADG's team executes zero-downtime migration with parallel run, 100% data validation, and rollback plan. We ensure a seamless transition for your registrants.
ccTLD Backend
Scenario
A country-code TLD operator wants to outsource the backend technical infrastructure to focus on policy and regulation.
How ADG Helps
ADG provides complete backend infrastructure while the ccTLD operator retains full control over domain policies and registrar relationships.
Brand TLD (.brand)
Scenario
A global company wants to launch a .brand TLD for branding, email, and exclusive digital presence.
How ADG Helps
Brand TLDs have low volume but require high reliability. ADG provides managed services that are cost-effective with accelerated onboarding (45–60 days).
Frequently Asked Questions
Ready to Get Started?
Discuss your TLD needs with ADG's team. We'll prepare a customized proposal tailored to your specific requirements — no commitment necessary.
Email Inquiry
[email protected]Direct Contact
Dimaz Maulana — [email protected]
Office Location
Icon Business Park Unit L3, BSD City, Tangerang 15345, Indonesia
Operating Hours
Monday–Friday 09:00–18:00 WIB | NOC 24/7
Learn More
ICANN RSP Evaluation Program
Complete information about ICANN's RSP evaluation program and list of evaluated RSPs.
ICANN RSP Handbook
The primary reference document governing technical and operational requirements for RSPs.
Contact ADG Team
Discuss your specific needs and receive a customized proposal.