EPP Protocol

How do I generate a new UDAI in EPP?

If a new UDAI is requested by the registrant a simple <domain:update> command can be sent with a <domain:chg> element and an <domain:authinfo> child element with an empty <domain:pw> element. This will trigger an update of the UDAI, for example:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
  <command>
    <update>
      <domain:update xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
        <domain:name>internetnz.net.nz</domain:name>
        <domain:chg>
          <domain:authInfo>
            <domain:pw></domain:pw>
          </domain:authInfo>
        </domain:chg>
      </domain:update>
    </update>
  </command>
</epp>

The new UDAI is returned in a service message which can be retrieved by running a poll command.

Why can't I retrieve a domain:pw using domain:info?

In .nz a domain:info command will not return the current domain password. This is a side effect of how we store the domain password/UDAI.

The SRS system was designed around the expectation that should a domain password/UDAI code be misplaced then a new code would be generated upon request rather than returning the existing password/UDAI.

In this situation the most sensible design from a security perspective was for us to store the domain passwords/UDAI codes using salted cryptographically secure hashes/one-way encryption as per best practices for storing passwords. This means we are unable to return the original password.

Why can't I set my own domain:pw on a domain?

Under existing .nz systems and policies the registry is responsible for the system-generated UDAIs and we have no provision to allow a registrar to set a UDAI even if this UDAI would meet our UDAI generation criteria.

We are currently reviewing these implementation details.

How do I set nameserver IP glue in .nz EPP?

You will need to make calls to domain:update with domain:rem and domain:add elements for the domain:ns records you need to update. Each nameserver can have two domain:hostAddr glue records, one for ipv4 and one for ipv6.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
  <command>
    <update>
      <domain:update xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
        <domain:name>exampledomain.ac.nz</domain:name>
        <domain:add>
          <domain:ns>
            <domain:hostAttr>
              <domain:hostName>ns2.exampledomain.ac.nz</domain:hostName>
              <domain:hostAddr ip="v4">1.2.3.4</domain:hostAddr>
              <domain:hostAddr ip="v6">1080:0:0:0:8:800:200C:417A</domain:hostAddr>
            </domain:hostAttr>
          </domain:ns>
        </domain:add>
      </domain:update>
    </update>
    <clTRID>updatedomain-2014-06-24-example</clTRID>
  </command>
</epp>

As a quick reminder the glue is only used if the nameservers for the domain are "in-bailiwick" (i.e. the nameservers for a domain are under the domain itself). If you provide glue for nameservers which are not in-bailiwick then this will be silently dropped by SRS.