EPP Protocol

This section describes the .nz version of the EPP XML protocol used as the communication layer between registrar client software and the SRS.

NZRS has an EPP server which communicates with SRS via a lightweight internal language. After establishing an EPP connection registrars are still able to access the systems through the original SRS XML method, however we do not recommend that registrars operate both - an EPP and SRS XML interface - at the same time.

Contents:

General Information

Transport and Security

  • Communication to the EPP server is only possible via an encrypted TLS connection over standard TCP/IP sockets.
    • The certificate used for the communication has to be signed by the NZRS Certificate Authority.

    • When connecting you to the EPP server NZRS will request a CSR for your client certificate. Generate a CSR (Certificate Signing Request) with a minimum key-size of 2048-bits, and please use a CN which is unique to your registrar such as your domain or registrar ID.

    • NZRS will return a signed client certificate which you will need to use to establish an SSL connection to our EPP server.

    • The EPP server currently supports connections via:
      • TLSv1.0
      • TLSv1.1
      • TLSv1.2
  • IP address(es) used for communication with the EPP server need to be whitelisted by us. If registrars change or add IP addresses for communication with the EPP server they will need to notify support@nzrs.net.nz

  • Registrars also require a password and login id. The login id is the registrar's id provided by NZRS. The initial password is also provided by us but can be changed by the registrar with the <login> command.

Note

NZRS requires a minimum key length of 2048-bits on all new EPP client certificates.

Connection and Rate Limits

We currently allow 20 concurrent EPP connections per /24 net-block to help protect the EPP proxy from runaway registrar processes and other unanticipated situations.

EPP registrars are also governed by the standard SRS rate limit. This limit is currently set to a maximum of 15 (fifteen) requests per registrar per second.

Versions and Ports

EPP version: 1.0
Port: 700

Namespaces and schemes

EPP: urn:ietf:params:xml:ns:epp-1.0

Domain Object: urn:ietf:params:xml:ns:domain-1.0
Contact Object: urn:ietf:params:xml:ns:contact-1.0

Warning

Host Objects are not supported under .NZ EPP

Extension schemes

DNSSEC: urn:ietf:params:xml:ns:secDNS-1.1

Protocol identification

All EPP XML instances must begin with an <epp> element. This element identifies the start of an EPP protocol element and the namespace used within the protocol. The <epp> start element and the associated </epp> ending element is applied to all structures sent by both clients and servers.

Example "start" and "end" EPP elements:

<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"></epp>

Language

English (en) - as per RFCs 'default' language

Character encoding

UTF-8