1. I'm using version 7.3 of the handle software. Should I upgrade to version 8.1?
Yes. We recommend you upgrade to the latest version.
2. I have a five digit prefix and I have prepaid the annual service fee. Do I have to get a prefix that begins with 20.500 in order to use version 8.1? Is there a new license and service agreement?
Your allotted prefix under the previous Handle System Service Agreement (HSSA) will stay the same. You may continue to request derived prefixes for these older prefixes. New prefix allotments will require agreement to the terms of a new License and a new Service Agreement in order to use the new software, but there are no additional fees required to upgrade.
3. May I request a temporary prefix for experimental purposes?
Upon request, temporary prefixes may be allotted for use in evaluating and testing the technology for an agreed trial period. Any registration or annual fees normally due would be waived for the trial period.
4. I want a lot of prefixes. Do I have to pay for each one?
HNR charges a $50 registration fee per prefix of the form 20.500.xxxxx that is only paid once, no matter how many derived prefixes of the form 20.500.xxxxx.x are created under that allotted prefix. Thus, one prefix would cost $50 to register and $50 per year to maintain. One prefix, plus four derived prefixes (e.g. 20.500.12345.6), would cost $50 to register and $250 per year to maintain. Derived prefixes may be requested at any time, as the need arises. If a large number of derived prefixes are resolvable only at a single local handle service, a special agreement is possible to arrange. The cost of registration of large numbers of prefixes is open to negotiation. Contact [email protected].
5. What is the simplest handle service installation configuration I can have?
The simplest service configuration is one site with one handle server. The installation comes with a hdl-setup script in the /bin which will prompt you to configure your handle service. The next simplest configurations consist of (1) one site with multiple handle servers at that site, or (2) one site with a single handler server and multiple secondary sites for replication and backup.
6. Do you have recommendations for hardware specifications for running a handle server?
Handle.Net software is Java-based and is run on Linux, Mac, and Windows hardware, among others. Handle server requirements are generally very low. CNRI has successfully run large and heavily used production servers on inexpensive commodity hardware such as Mac minis, as well as the smallest offerings on cloud services such as Amazon EC2 t2.micro instances. The CPU is generally never a bottleneck for handle servers; however, increased memory, and also faster disk I/O, can improve performance.
7. What are the config.dct, siteinfo.bin and the key files?
The config.dct is a file that contains all the configuration settings for a handle server, such as its IP address and server administration handles. It is located in your server directory. The siteinfo.bin file is generated when you run the hdl-setup script to configure your handle server. It contains the specific handle server configuration settings in binary format. Public/private key files are also generated when you run the hdl-setup script. They are initially used in conjunction with your allotted prefix for authentication but this can be changed later if desired. For instance, you can create an admin handle with a secret key.
8. What version of Java™ should I use?
Java version 6 is the minimum, Java version 8 is recommended. The servlets require the Java Servlet library which is available from Java.com in the Java Enterprise Edition (J2EE), or via downloading a servlet engine such as Apache Tomcat.
9. Can I install a handle service behind a firewall?
The server should be installed on a machine with an Internet presence, preferably outside an organization's firewall. If that is not possible, then ports 2641 and 8000 on the firewall need to be open to incoming and outgoing traffic. This is necessary because the handle clients, including but not limited to the handle web proxies, must be able to talk to your local server. Many networks are configured so that a server might have a different IP address for internal and external access. These addresses are typically in the ranges 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. If this is the case, the external IP address should be used when running the Setup/install so it will be in the prefix record. The internal IP address should be used in the the server's config.dct file.
If your handle service binds to LOCAL-IP, which a firewall/NAT uses to connect to PUBLIC-IP, and you have clients inside the firewall, then the possible answers are:
Have a firewall/NAT which can accept connections on PUBLIC-IP even from internal clients.
Configure the client to connect directly to LOCAL-IP instead of looking up the handle prefix information.
Configure the client's OS to connect to LOCAL-IP when connections to PUBLIC-IP are requested.
Configure the handle client to connect to LOCAL-IP when connections to PUBLIC-IP are requested, using .handle/local_addresses. The local_addresses file is a text file and requires the following format:
The outside (public) address goes first, then a tab, then the inside address. In version 8.1 a whitespace can be used instead of a tab. Note that SOCKS and HTTP proxy firewalls are not yet supported by the handle server.
10. How do I start/restart and stop my handle server?
To start the server use the following command from your hs/bin directory:
Handle servers create a file called "delete_this_to_stop_server". Delete that file and the server shuts down. To use the kill command for unix systems, find the process id and then 'kill process_id'. Windows-specific ways to stop processes will also work.
To restart the server you may have to first remove the lock file that is in your svr/txns directory if the server did not shut down cleanly. Then start the server using the command above.
11. How can I automatically start my handle server at machine start up?
You must store your keys unencrypted in order to do this. You are asked whether you want to store your keys encrypted during server installation. Choose "NO". Then create a script to start the handle server, and put that script in the same place as your other startup scripts. If you implement this after your initial installation, be sure to send the new sitebndl.zip file to the Handle.Net Registry Administrator at [email protected]. If you wish to retain your keys encrypted within the system, and choose "YES", you will have to manually restart the handle server at machine start up.
12. We're moving our handle service to new server hardware. Can you tell me what I need to do?
For versions 7.x and higher, copy the entire bdbje subdirectory to the new server assuming you don't want to have to recreate your existing handles. Run the hdl-setup script again, then send the new sitebndl to [email protected], and your prefix will be updated with the new service information. The final step will be for you to home your prefix on the new server as described in the README.txt file. In your email to [email protected], include your name, organization name, and the previously allotted prefix that needs to be updated, along with the new sitebndl.zip file.
13. If I want to permanently shut down my handle server and stop using handles, what do I need to do?
Please notify the HNR Administrator via email to [email protected] if you plan to shut down your server permanently.
14. Besides SQL databases, what other databases have been tried with the handle server?
CNRI uses Berkeley DB for its major handle installations, and if you plan to have over a million handles it is best to use Berkeley DB instead of the Java jdb file, and to use a multiple server implementation. The current version includes code that helps you connect the Berkeley DB to your handle server instance. Support for other databases is possible by providing a Java class to implement the net.handle.hdllib.HandleStorage interface to store and retrieve handles. You can also use a relational database as your store instead of the one provided in the distribution. Instructions are provided in the distribution, but the instructions assume you are knowledgeable about the relational database you intend to use.
15. If I'm using a custom database (other than the one that comes in the distribution), can I still do replication?
Yes and no. If the custom database is only modified using the handle admin tools included in the distribution, then replication/mirroring can also be done using the handle protocol. However, if an administrator make changes directly to the back-end database (for example, updating handle values using SQL) then replication using the handle protocol will not work, and mirroring, if it is required, will have to be done via a separate mechanism specific to that database.
16. What are the potential security risks that could arise from running a local handle service, and opening ports 8000 and 2641 to all incoming and outgoing requests? Does my handle server have to run on ports 2641 and 8000?
Security risks are not likely, because handle servers provide a limited handle lookup and administration service that is constrained to the handle database. There have been no vulnerabilities found or security-related bugs reported in the software in over 15 years. Port 2641 is the ICANN registered handle port. You may choose which ports you would like your handle server to run on during the installation but remember that no other processes, i.e., a web server, can be running on the same ports as your handle server.