This section describes the .nz version of the EPP XML protocol used as the communication layer between registrar client software and the SRS.
InternetNZ has an EPP server which communicates with SRS via a lightweight internal language. After establishing an EPP connection registrars are still able to access the systems through the original SRS XML method, however we do not recommend that registrars operate both - an EPP and SRS XML interface - at the same time.
- EPP Commands
- .nz Specific EPP rules
- Migration from SRS to EPP
Transport and Security¶
Communication to the EPP server is only possible via an encrypted TLS connection over standard TCP/IP sockets.
The certificate used for the communication has to be signed by the NZRS Certificate Authority:
When connecting you to the EPP server InternetNZ will request a CSR (Certificate Signing Request) that we will sign and return to you as your client certificate. The CSR needs to satisfy these requirements:
Key Size: 2048 to 8192 bits.
Certificate Common Name (CN): environment.regid.registrar name.epp.
Server Certificate Validity: will be set to 2 years.
Supported Algorithms: RSA Public Key + SHA256 Signature.
InternetNZ will return a signed client certificate which you will need to use to establish an SSL connection to our EPP server.
- The EPP server currently supports connections via.
IP address(es) used for communication with the EPP server need to be whitelisted by us. If registrars change or add IP addresses for communication with the EPP server they will need to notify firstname.lastname@example.org
Registrars also require a password and login id. The login id is the registrar’s id provided by InternetNZ. The initial password is also provided by us but can be changed by the registrar with the <login> command.
InternetNZ requires a minimum key length of 2048-bits on all new EPP client certificates.
Connection and Rate Limits¶
We allow up to 10 concurrent authenticated EPP sessions per registrar to help protect the EPP proxy from runaway processes and other unanticipated situations.
Each authenticated session has a maximum lifetime of 1 day, after which the EPP proxy will automatically close the connection.
EPP registrars are also governed by the standard SRS rate limit. This limit is currently set to a maximum of 15 requests per registrar per second.
Servers and Ports¶
Namespaces and Schemes¶
Host Objects are not supported under .NZ EPP
All EPP XML instances must begin with an <epp> element. This element identifies the start of an EPP protocol element and the namespace used within the protocol. The <epp> start element and the associated </epp> ending element is applied to all structures sent by both clients and servers.
Example “start” and “end” EPP elements:
English (en) - as per RFCs ‘default’ language