EPP¶
How do I reset my EPP users password?¶
Log in to the portal as an admin user and go to the Admin > Users section. Search for the EPP user and click on the username when that is displayed.
Enter and confirm the new password in the Reset Password section at the bottom right and then click the green Update User button at the top of the left-hand menu panel. You should see “The command executed successfully” shown in green at the top right of the page.
What is the password profile for IRS EPP users?¶
Passwords for EPP user accounts must be sixteen (16) characters in length and consist only of alphanumeric characters (lowercase a to z, uppercase A to Z, or numerals 0 to 9), underscores, hyphens, and special characters.
Note
EPP user account passwords cannot use the ampersand (&) character.
What is the EPP Connection limit?¶
EPP is limited to 300 connections per Registrar.
What is the transaction limit in EPP?¶
There is no transaction limit in EPP.
What is the EPP Timeout?¶
EPP session time out after 5 minutes without any activity.
What is the TBR Connection limit?¶
TBR is limited to 10 connections per Registrar.
What is the TBR Transaction Rate limit?¶
TBR connections are limited to one transaction per second.
Why can’t I connect to EPP?¶
Please check the following.
You have and are using valid EPP user account login details.
The IP address you are connecting from has been added to the IP allowlist for EPP access.
You have and are using a current signed TLS certificate issued by us for the connection.
Note
If you have checked all the above and still cannot connect, please email registry.replacement@internetnz.net.nz; please include any details of your issue, including all and any error messages you receive.
How do I get a signed SSL certificate for EPP access?¶
Registrars need to create a CSR and send it into registry.replacment@internetnz.net.nz
Are there any new EPP extensions?¶
Yes, there are a number of standard extensions as listed below; however note we are yet to confirm whether we will use them all:
contact-1.0 - RFC 5733
domain-1.0 - RFC 5731
epp-1.0, eppall-1.0, and eppcom-1.0 - RFC 5730
fee-0.9 - RFC Draft: brown-epp-fees
fee-0.11 - RFC Draft: regext-epp-fees
host-1.0 - RFC 5732
idn-1.0 - RFC Draft: eppext-idnmap
launch-1.0 - RFC Draft: regext-launchphase
mark-1.0 and signedMark-1.0 - RFC 7848
rgp-1.0 - RFC 3915
secDNS-1.1 - RFC 5910
The following are the custom extensions:
fury 2.0 - Generic properties
fury-rgp-1.0 - RGP
Is there a list of and explanation for error messages and codes?¶
In the portal help under Supplementary Documents there is a Error Codes and Messages section detailing these.
How do I Re-Activate a domain that is in ‘pendingDelete’ state?¶
You will need to do a restore request (which can be done using a domain update) but you also need to do a restore report command.
Restore request example
<?xml version='1.0' encoding='UTF-8'?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
<command>
<update>
<domain:update xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
<domain:name>testdomain3.nz</domain:name>
<domain:chg/>
</domain:update>
</update>
<extension>
<rgp:update xmlns:rgp="urn:ietf:params:xml:ns:rgp-1.0">
<rgp:restore op="request"/>
</rgp:update>
</extension>
<clTRID>ABC-12345</clTRID>
</command>
</epp>
Restore report example
<?xml version='1.0' encoding='UTF-8'?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
<command>
<update>
<domain:update xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
<domain:name>testdomain3.nz</domain:name>
<domain:chg/>
</domain:update>
</update>
<extension>
<rgp:update xmlns:rgp="urn:ietf:params:xml:ns:rgp-1.0">
<rgp:restore op="report">
<rgp:report>
<rgp:preData>Pre-delete registration data goes here. Both XML and free text are allowed.</rgp:preData>
<rgp:postData>Post-restore registration data goes here. Both XML and free text are allowed.</rgp:postData>
<rgp:delTime>2003-07-10T22:00:00.0Z</rgp:delTime>
<rgp:resTime>2003-07-20T22:00:00.0Z</rgp:resTime>
<rgp:resReason>Registrant error.</rgp:resReason>
<rgp:statement>This registrar has not restored the Registered Name in order to assume the rights to use or sell the Registered Name for itself or for any third party.</rgp:statement>
<rgp:statement>The information in this report is true to best of this registrar's knowledge, and this registrar acknowledges that intentionally supplying false information in this report shall constitute an incurable material breach of the Registry-Registrar Agreement.</rgp:statement>
<rgp:other>Supporting information goes here.</rgp:other>
</rgp:report>
</rgp:restore>
</rgp:update>
</extension>
</command>
</epp>
Do an EPP domain info or use the portal to get the delTime and resTime details.
The preData and postData elements can be as below.
<rgp:preData>Not Applicable</rgp:preData>
<rgp:postData>Not Applicable</rgp:postData>
How do I change the hosts assigned to a domain?¶
You need to remove the existing hosts and add the new ones. This can be done using a domain update including a “domain:add” directive and a “domain:rem” directive as shown below.
<update>
<domain:update xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
<domain:name>domain.nz</domain:name>
<domain:add>
<domain:ns>
<domain:hostObj>ns1.new-ns.nz</domain:hostObj>
<domain:hostObj>ns2.new-ns.nz</domain:hostObj>
</domain:ns>
</domain:add>
<domain:rem>
<domain:ns>
<domain:hostObj>ns1.old-ns.nz</domain:hostObj>
<domain:hostObj>ns2.old-nz.nz</domain:hostObj>
</domain:ns>
</domain:rem>
</domain:update>
</update>
How can I check if an authcode provided is valid¶
You can test if an authcode provided by a different registrar is valid by running a domain info EPP command including the authcode as provided, for example.
<?xml version="1.0" encoding="UTF-8"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
<command>
<info>
<domain:info xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
<domain:name>testdomain.nz</domain:name>
<domain:authInfo>
<domain:pw>Ht9URLqxuZj7Goij</domain:pw>
</domain:authInfo>
</domain:info>
</info>
<clTRID>TEST-12345</clTRID>
</command>
</epp>
If you get back a full domain info response as per the example below, then the authcode is correct
<response>
<result code="1000">
<msg>Command completed successfully</msg>
</result>
<resData>
<domain:infData>
<domain:name>testdomain.co.nz</domain:name>
<domain:roid>91101-INZ</domain:roid>
<domain:status s="ok"/>
<domain:registrant>tim-jqbv</domain:registrant>
<domain:contact type="admin">test-jqbv</domain:contact>
<domain:contact type="tech">test-jqbv</domain:contact>
<domain:ns>
<domain:hostObj>ns1.test9.nz</domain:hostObj>
<domain:hostObj>ns2.test9.nz</domain:hostObj>
</domain:ns>
<domain:clID>997</domain:clID>
<domain:crID>997</domain:crID>
<domain:crDate>2022-03-24T23:01:51.854Z</domain:crDate>
<domain:upID>CIRA_RAR_1</domain:upID>
<domain:upDate>2023-04-24T01:36:23.018Z</domain:upDate>
<domain:exDate>2024-03-24T23:01:51.854Z</domain:exDate>
</domain:infData>
</resData>
<extension>
<fury-rgp:rgpInfo>
<fury-rgp:rgpStatusEnd>2024-03-24T23:01:51.854Z</fury-rgp:rgpStatusEnd>
</fury-rgp:rgpInfo>
<fury:info>
<fury:properties>
<fury:property>
<fury:key>PRIVACY</fury:key>
<fury:value>PUBLIC</fury:value>
</fury:property>
</fury:properties>
</fury:info>
</extension>
<trID>
<clTRID>TEST-12345</clTRID>
<svTRID>CIRA-000061663720-0000000002</svTRID>
</trID>
</response>
If you get back the short response as per the example below, then the authcode is not correct, and you would need to advise the customer wanting to transfer their domain to get a NEW authcode from their current registrar.
<response>
<result code="1000">
<msg>Command completed successfully</msg>
</result>
<resData>
<domain:infData>
<domain:name>testdomain.co.nz</domain:name>
<domain:roid>91101-INZ</domain:roid>
<domain:status s="ok"/>
<domain:ns>
<domain:hostObj>ns1.test9.nz</domain:hostObj>
<domain:hostObj>ns2.test9.nz</domain:hostObj>
</domain:ns>
<domain:clID>997</domain:clID>
<domain:crDate>2022-03-24T23:01:51.854Z</domain:crDate>
<domain:upDate>2023-04-24T01:36:23.018Z</domain:upDate>
<domain:exDate>2024-03-24T23:01:51.854Z</domain:exDate>
</domain:infData>
</resData>
<extension>
<fury-rgp:rgpInfo>
<fury-rgp:rgpStatusEnd>2024-03-24T23:01:51.854Z</fury-rgp:rgpStatusEnd>
</fury-rgp:rgpInfo>
</extension>
<trID>
<clTRID>TEST-12345</clTRID>
<svTRID>CIRA-000061664514-0000000002</svTRID>
</trID>
</response>
Note
As authcodes expire 30 days after being created, it is important that registrants make sure they have a new authcode. If they don’t have the facility to refresh or generate a new authcode themselves, they would need to contact their registrar and request that.