Whois Registrant Privacy Option - 2017

The DNCL revised policy around WHOIS will come into effect on 28th of November 2017. On this date, NZRS will have the changes implemented in the SRS and registrars will be able to offer individual registrants the privacy option but it will not be mandatory until 28 March 2018 when all registrars will be required to comply with this policy change.

You can see the policy changes below; both will be effective on 28 November 2017.

SRS Release 7.11 (8th of October 2017) includes initial modifications to allow both SRS and EPP registrars to set and remove privacy flags on individual contacts; however, the privacy will not take effect until the 28th of November.

Privacy Eligibility

Under .nz policy registrants who are individuals are able to elect a privacy option (See Operations and Procedures section 8.1)

To be eligible for the privacy option, Registrants must be:

  • Natural persons ("individuals"); and
  • Not using the domain name to any significant extend in "Trade" as that term is defined and used in the Fair Trading Act 1986

(See Operations and Procedures section 8.3)

Notes

Testing SRS changes

SRS Release 7.11 (8th of October 2017) includes initial modifications to allow both SRS and EPP registrars to set and remove privacy flags on individual registrant contacts; however, the privacy will not take effect until the 28th of November.

If you wish to test end-to-end privacy, including the visibility via Whois please use the SRS RPS environment:

SRS Protocol

SRS URL: https://srsrps.srs.net.nz/srs/registrar

EPP Protocol

EPP host: srsrpsepp.srs.net.nz
EPP port: 700

Whois Server

WHOISd host: srsrps.srs.net.nz
WHOISd port: 43

If you encounter any issues during your testing or need help with your connection to the SRS RPS instance please contact support@nzrs.net.nz

Transfers

When a domain name transfers to a new registrar, the privacy flag of any contact details that are not explicitly specified in the DomainUpdate transaction will be honoured.

SRS Changes

DTD Changes

SRS Release 7.11 includes modifications to the SRS XML protocol schema to add support for privacy. The main change is the creation of a Privacy attribute under RegistrantContact, AdminContact, and TechnicalContact elements, and this attribute is also available for searches using RegistrantContactFilter, AdminContactFilter or TechnicalContactFilter elements.

Attribute Name Note
Privacy
  • Boolean value
  • if "0" the privacy flag is not set.
  • if "1" the privacy flag is set.

The updated protocol schema is available here:

Transactions

The following transactions are impacted:

  • Whois - Will not return address and phone/fax details if privacy is set, however Country will still be returned.
  • DomainCreate - Domain contacts can be created with privacy (for SRS embedded contacts).
  • DomainUpdate - Domain contacts can have privacy enabled or disabled (for SRS embedded contacts).
  • DomainDetailsQry - Domains with privacy-enabled contacts will return a privacy flag. Registrars can search for their privacy-enabled domains using RegistrantContactFilter, AdminContactFilter or TechnicalContactFilter elements.
  • HandleCreate - Handles can be created with privacy.
  • HandleUpdate - Handles can have privacy enabled or disabled (for Handle-based contacts).
  • HandleDetailsQry - Contact handles with privacy will return a Privacy flag.

EPP Changes

The EPP standard RFC5733 supplies an optional <contact:disclose> element to allow clients to identify elements that require special handling by the server to make sure this data is not disclosed to third parties (e.g. Whois).

Under .nz policy registrants who are individuals are able to elect a privacy option. Therefore to set the individual registrant privacy option, registrars need to set the flag attribute in the <contact:disclose> element to ‘0’ (zero).

To turn off the individual registrant privacy option, set it to ‘1’ (one).

When specifying the <contact:disclosure flag="0"> element, if <contact:email>, <contact:org> or <contact:name> is a sub-element, the error code 2308 ("Data management policy violation") will be returned as we do not offer privacy on these fields.

Note

If a contact requires both a handle with and without privacy (e.g. one domain is a business and another is a personal site), then two separate handles will be required.

Commands

  • contact:update - Contact handles can be updated to add/remove privacy.
  • contact:create - Contact handles can be created with privacy enabled.
  • contact:info - Contacts with privacy will return a <contact:disclose flag="0"> element if privacy is set.

Whoisd Changes

The following fields will be omitted from Whoisd responses for contacts with privacy enabled:

  • contact_address1
  • contract_address2
  • contract_postalcode
  • contact_city
  • contact_province
  • contact_phone
  • contact_fax