This section describes the .nz version of the EPP XML protocol used as the communication layer between registrar client software and the SRS.
InternetNZ has an EPP server which communicates with SRS via a lightweight internal language. After establishing an EPP connection registrars are still able to access the systems through the original SRS XML method, however we do not recommend that registrars operate both - an EPP and SRS XML interface - at the same time.
- EPP Commands
- .nz Specific EPP rules
- Migration from SRS to EPP
Transport and Security¶
- Communication to the EPP server is only possible via an encrypted TLS connection over standard TCP/IP sockets.
- The certificate used for the communication has to be signed by the NZRS Certificate Authority.
- When connecting you to the EPP server InternetNZ will request a CSR for your client certificate. Generate a CSR (Certificate Signing Request) with a minimum key-size of 2048-bits, and please use a CN which is unique to your registrar such as your domain or registrar ID.
- InternetNZ will return a signed client certificate which you will need to use to establish an SSL connection to our EPP server.
- The EPP server currently supports connections via:
- IP address(es) used for communication with the EPP server need to be whitelisted by us. If registrars change or add IP addresses for communication with the EPP server they will need to notify email@example.com
- Registrars also require a password and login id. The login id is the registrar’s id provided by InternetNZ. The initial password is also provided by us but can be changed by the registrar with the <login> command.
InternetNZ requires a minimum key length of 2048-bits on all new EPP client certificates.
Connection and Rate Limits¶
We currently allow 20 concurrent EPP connections per /24 net-block to help protect the EPP proxy from runaway registrar processes and other unanticipated situations.
EPP registrars are also governed by the standard SRS rate limit. This limit is currently set to a maximum of 15 (fifteen) requests per registrar per second.
Versions and Ports¶
EPP version: 1.0 Port: 700
Namespaces and schemes¶
EPP: urn:ietf:params:xml:ns:epp-1.0 Domain Object: urn:ietf:params:xml:ns:domain-1.0 Contact Object: urn:ietf:params:xml:ns:contact-1.0
Host Objects are not supported under .NZ EPP
All EPP XML instances must begin with an <epp> element. This element identifies the start of an EPP protocol element and the namespace used within the protocol. The <epp> start element and the associated </epp> ending element is applied to all structures sent by both clients and servers.
Example “start” and “end” EPP elements:
English (en) - as per RFCs 'default' language