Accessing the Registry EPP Service¶
EPP is a protected service, accessed by accounts configured with EPP as their Account Type. EPP communication between the Registrar and the Registry allows the Registrar to manage domains and their associated objects without using the web portal.
To use EPP, you must use an EPP account that you have created through the web portal. (see Registrar accounts)
Registrars must ensure that EPP requests meet EPP standards as defined by the following:
registry parses all incoming requests using a validating XML parser that reads the XML and validates XML syntax before processing the request.
General Information¶
Transport and Security¶
Communication to the EPP server is only possible via an encrypted (TLS) connection over TCP/IP port 700.
The next phase is to enable mTLS authentication as per the EPP standard outlined in RFC 5734.
To enable this InternetNZ will sign client certificates for the environments IRS OTE and IRS Production You will need to provide a CSR (Certificate signing request) with the following properties to ensure continued connectivity to the EPP service. Each environment will need a CSR signed by the NZRS Certificate Authority, the CSR has the following requirements
Key Size: 4096 to 8192 bits.
Algorithms: RSA Public Key + SHA256 Signature.
Certificate Common Name (CN): environment.regid.registrar name.epp.
- eg:
prod.1234.www.yourregistrarname.co.nz.epp
ote.1234.www.yourregistrarname.co.nz.epp
Server Certificate Validity: will be set to 2 years.
InternetNZ will return a signed client certificate which you will need to use to establish an SSL connection to our EPP server.
- The EPP server currently supports connections via.
TLSv1.2
Note
InternetNZ requires a minimum key length of 4096-bits on all new EPP client certificates.
IP whitelisting¶
Registrar are able to manage your own whitelisting for Portal, EPP and TBR use:
In the IRS Portal, click on the Admin menu. Click on Registrar settings. Scroll down to the bottom on the right hand side, there will be an IP Allowlist Settings.
Servers and Ports¶
Environment OTE |
Server/URL |
Port |
TCP/UDP: |
Description |
|
|---|---|---|---|---|---|
IRS Portal |
202.46.179.245 |
TCP |
HTTP over TLS |
||
EPP API |
epp.ote.irs.net.nz |
202.46.179.246 |
700 |
TCP |
EPP over TLS (mTLS in future) |
TBR |
tbr.ote.irs.net.nz |
202.46.179.247 |
700 |
TCP |
TBR over TLS (mTLS in future) |
WHOIS |
whois.ote.irs.net.nz |
202.46.179.248 |
43 |
TCP |
WHOIS over TLS (mTLS in future) |
RDAP |
rdap.ote.irs.net.nz |
202.46.179.248 |
443 |
TCP |
HTTP over TLS |
Namespaces and Schemes¶
Namespace |
Scheme |
XSD extensions supported by IRS: |
|---|---|---|
EPP |
epp-1.0, eppall-1.0, and eppcom-1.0 - RFC 5730 |
|
Domain |
domain-1.0 - RFC 5731 |
|
Host |
host-1.0 - RFC 5732 |
|
Contact |
contact-1.0 - RFC 5733 |
|
Registry Fee Extension 0.9 |
#fee-0.9 - RFC Draft: brown-epp-fees |
|
Registry Fee Extension 0.11 |
fee-0.11 - RFC Draft: regext-epp-fees |
|
IDN |
idn-1.0 - RFC Draft: eppext-idnmap |
|
Launch Phase Mapping |
launch-1.0 - RFC Draft: regext-launchphase |
|
Domain Registry Grace Period |
rgp-1.0 - RFC 3915 |
|
DNSSEC |
secDNS-1.1 - RFC 5910 |
Note
#Fee 0.9 is an earlier version of the Fee extension and 0.11 is the latest version
The following are the Fury-specific custom extensions:
Namespace |
Scheme |
Fury extensions supported by IRS: |
|---|---|---|
Fury Generic properties |
fury 2.0 - Generic properties |
|
Fury Registry Fee Extension |
fury-rgp-1.0 - RGP |
Operational Testing and Evaluation (OT&E) Environment¶
The OT&E Environment is now available see - IRS - Operational Testing Environment (OTE)
The OT&E environment mimics production and as such, it is strongly recommended that Registrars keep their test information unique and generic.
Registrars can work in the OT&E environment in both EPP and through the registry web portal.