EPP Protocol

This section describes the .nz version of the EPP XML protocol used as the communication layer between registrar client software and the SRS.

InternetNZ has an EPP server which communicates with SRS via a lightweight internal language. After establishing an EPP connection registrars are still able to access the systems through the original SRS XML method, however we do not recommend that registrars operate both - an EPP and SRS XML interface - at the same time.

Contents:

• EPP Commands
  • hello
  • greeting
  • login
  • logout
  • contact:check
  • contact:create
  • contact:info
  • contact:update
  • contact:delete
  • domain:check
  • domain:create
  • domain:info
  • domain:update
  • domain:delete
  • domain:transfer
  • domain:renew
  • poll
  • poll ack
• .nz Specific EPP rules
  • Contact objects
  • Domain objects
• Migration from SRS to EPP
  • Migration to Contact Handles

General Information

Transport and Security

• Communication to the EPP server is only possible via an encrypted TLS connection over standard TCP/IP sockets.

  • The certificate used for the communication has to be signed by the NZRS Certificate Authority:

  • When connecting you to the EPP server InternetNZ will request a CSR (Certificate Signing Request) that we will sign and return to you as your client certificate. The CSR needs to satisfy these requirements:

    • Key Size: 2048 to 8192 bits.

    • Certificate Common Name (CN): environment.regid.registrar name.epp.

    • eg:

      • prod.1234.www.yourregistrarname.co.nz.epp

      • ote.1234.www.yourregistrarname.co.nz.epp

      • rps.1234.www.yourregistrarname.co.nz.epp

    • Server Certificate Validity: will be set to 2 years.

    • Supported Algorithms: RSA Public Key + SHA256 Signature.

  • InternetNZ will return a signed client certificate which you will need to use to establish an SSL connection to our EPP server.

  • The EPP server currently supports connections via.

    • TLSv1.0

    • TLSv1.1

    • TLSv1.2

• IP address(es) used for communication with the EPP server need to be whitelisted by us. If registrars change or add IP addresses for communication with the EPP server they will need to notify registry@internetnz.net.nz

• Registrars also require a password and login id. The login id is the registrar’s id provided by InternetNZ. The initial password is also provided by us but can be changed by the registrar with the <login> command.

Note

InternetNZ requires a minimum key length of 2048-bits on all new EPP client certificates.

Connection and Rate Limits

We allow up to 10 concurrent authenticated EPP sessions per registrar to help protect the EPP proxy from runaway processes and other unanticipated situations.

Each authenticated session has a maximum lifetime of 1 day, after which the EPP proxy will automatically close the connection.

EPP registrars are also governed by the standard SRS rate limit. This limit is currently set to a maximum of 15 requests per registrar per second.

Servers and Ports

Environment	Server	Port
Production	epp.prod.srs.net.nz	700
Testing (OTE)	epp.test.srs.net.nz	700
RPS	epp.rps.srs.net.nz	700

Namespaces and Schemes

Namespace	Scheme
EPP	urn:ietf:params:xml:ns:epp-1.0
Domain	urn:ietf:params:xml:ns:domain-1.0
Contact	urn:ietf:params:xml:ns:contact-1.0

Warning

Host Objects are not supported under .NZ EPP

Extension Schemes

Namespace	Scheme
DNSSEC	urn:ietf:params:xml:ns:secDNS-1.1

Protocol Identification

All EPP XML instances must begin with an <epp> element. This element identifies the start of an EPP protocol element and the namespace used within the protocol. The <epp> start element and the associated </epp> ending element is applied to all structures sent by both clients and servers.

Example “start” and “end” EPP elements:

<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
   ...
</epp>

Version

1.0

Language

English (en) - as per RFCs ‘default’ language

Character Encoding

UTF-8