Accessing the Registry EPP Service

EPP is a protected service, accessed by accounts configured with EPP as their Account Type. EPP communication between the Registrar and the Registry allows the Registrar to manage domains and their associated objects without using the web portal.

To use EPP, you must use an EPP account that you have created through the web portal. (see Registrar accounts)

Registrars must ensure that EPP requests meet EPP standards as defined by the following:

registry parses all incoming requests using a validating XML parser that reads the XML and validates XML syntax before processing the request.

General Information

Transport and Security

Communication to the EPP server is only possible via an encrypted (TLS) connection over TCP/IP port 700.

The next phase is to enable mTLS authentication as per the EPP standard outlined in RFC 5734.

To enable this InternetNZ will sign client certificates for the environments IRS OTE and IRS Production You will need to provide a CSR (Certificate signing request) with the following properties to ensure continued connectivity to the EPP service. Each environment will need a CSR signed by the NZRS Certificate Authority, the CSR has the following requirements

  • Key Size: 4096 to 8192 bits.

  • Algorithms: RSA Public Key + SHA256 Signature.

  • Certificate Common Name (CN): environment.regid.registrar name.epp.

  • eg:
    • prod.1234.www.yourregistrarname.co.nz.epp

    • ote.1234.www.yourregistrarname.co.nz.epp

  • Server Certificate Validity: will be set to 2 years.

  • InternetNZ will return a signed client certificate which you will need to use to establish an SSL connection to our EPP server.

  • The EPP server currently supports connections via.
    • TLSv1.2

Note

InternetNZ requires a minimum key length of 4096-bits on all new EPP client certificates.

IP whitelisting

Registrar are able to manage your own whitelisting for Portal, EPP and TBR use:

In the IRS Portal, click on the Admin menu. Click on Registrar settings. Scroll down to the bottom on the right hand side, there will be an IP Allowlist Settings.

Servers and Ports

Environment OTE

Server/URL

Port

TCP/UDP:

Description

IRS Portal

https://ote.irs.net.nz/portal/

202.46.179.245

TCP

HTTP over TLS

EPP API

epp.ote.irs.net.nz

202.46.179.246

700

TCP

EPP over TLS (mTLS in future)

TBR

tbr.ote.irs.net.nz

202.46.179.247

700

TCP

TBR over TLS (mTLS in future)

WHOIS

whois.ote.irs.net.nz

202.46.179.248

43

TCP

WHOIS over TLS (mTLS in future)

RDAP

rdap.ote.irs.net.nz

202.46.179.248

443

TCP

HTTP over TLS

Namespaces and Schemes

Namespace

Scheme

XSD extensions supported by IRS:

EPP

urn:ietf:params:xml:ns:epp-1.0

epp-1.0, eppall-1.0, and eppcom-1.0 - RFC 5730

Domain

urn:ietf:params:xml:ns:domain-1.0

domain-1.0 - RFC 5731

Host

urn:ietf:params:xml:ns:host-1.0

host-1.0 - RFC 5732

Contact

urn:ietf:params:xml:ns:contact-1.0

contact-1.0 - RFC 5733

Registry Fee Extension 0.9

urn:ietf:params:xml:ns:fee-0.9

#fee-0.9 - RFC Draft: brown-epp-fees

Registry Fee Extension 0.11

urn:ietf:params:xml:ns:fee-0.11

fee-0.11 - RFC Draft: regext-epp-fees

IDN

urn:ietf:params:xml:ns:idn-1.0

idn-1.0 - RFC Draft: eppext-idnmap

Launch Phase Mapping

urn:ietf:params:xml:ns:launch-1.0

launch-1.0 - RFC Draft: regext-launchphase

Domain Registry Grace Period

urn:ietf:params:xml:ns:rgp-1.0

rgp-1.0 - RFC 3915

DNSSEC

urn:ietf:params:xml:ns:fee-0.11

secDNS-1.1 - RFC 5910

Note

#Fee 0.9 is an earlier version of the Fee extension and 0.11 is the latest version

The following are the Fury-specific custom extensions:

Namespace

Scheme

Fury extensions supported by IRS:

Fury Generic properties

urn:ietf:params:xml:ns:fury-2.0

fury 2.0 - Generic properties

Fury Registry Fee Extension

fury-rgp-1.0 - RGP

Operational Testing and Evaluation (OT&E) Environment

The OT&E Environment is now available see - IRS - Operational Testing Environment (OTE)

The OT&E environment mimics production and as such, it is strongly recommended that Registrars keep their test information unique and generic.

Registrars can work in the OT&E environment in both EPP and through the registry web portal.