Skip to content

Update

Purpose

Updating details in a Domain Name Record.

Authority

Only the Managing AR of a Domain Name Record can submit an Update Domain Request against that name.

Result

According to the update request, registry checks the content and if it is valid, the request is processed immediately. AR receives successful response with details of the changed attributes.

Except special cases when domain is disallowed for approval or domain registrant has changed, request will wait in queue for processing.

When processing is completed, response can be requested by <poll> request.

Update Domain Request - content

An Update Domain Request MUST contain only the Domain Name Record information units that are being actually updated.

The data regarding any information unit that is being included in an Update Domain Request MUST include all the unit's mandatory tags. All mandatory tags MUST be non-empty. Information pertaining to specific mandatory tags that is not being updated MUST include the data that is registered in the Domain Name Record prior to the submission of the Request. Empty non-mandatory tags will override the information in the Domain Name Record relating to those tags.

Registration Record units cannot be deleted by inclusion of an empty unit in an Update Domain Request.

There is an option to create new Contact Objects in an Update Domain Request. The implementation is identical to the one used in the Create Domain Request. Please refer to Creation of new Contact Objects in a Create Domain Request for further information. This option should be used only in cases where the new Contact Object needs to be associated with the Domain Name Record being updated; otherwise, the Create Contact Request should be used.

Update DNSSEC Object in Update Domain Request

The Domain Name System Security Extensions (DNSSEC) is a suite of specifications for securing information provided by the Domain Name System (DNS).

  1. EPP Requests updating DS data should be related to the current information for the domain.
  2. DS records can be added or removed ("one or few at once" or "all at once"). Therefore, it should be mentioned explicitly in the EPP requests.
  3. When requested to add DS(es), a test will be performed if the DS(es) does not already exist.
  4. When requested to remove DS(es), a test will be performed if the DS(es) does exist.
  5. When requested to remove all DS records for a domain, the DS records will be removed without further checks.
  6. In single UPDATE request one, more or all DSes can be added or removed.
  7. When adding or removing DSes, a test will be performed for the maximum number of allowed DS records.
  8. The following are examples of submitting UPDATE requests.

Adding and Removing DS Data Using the DS Data Interface

(...Extensions Block ...)
<secDNS:update xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.1">
    <secDNS:rem>
        <secDNS:dsData>
            <secDNS:keyTag>25845</secDNS:keyTag>
            <secDNS:alg>8</secDNS:alg>
            <secDNS:digestType>1</secDNS:digestType>
            <secDNS:digest>1D368C0F....A75C110F84C3</secDNS:digest>
        </secDNS:dsData>
    </secDNS:rem>
    <secDNS:add>
        <secDNS:dsData>
            <secDNS:keyTag>25845</secDNS:keyTag>
            <secDNS:alg>8</secDNS:alg>
            <secDNS:digestType>2</secDNS:digestType>
            <secDNS:digest>1D368C0FDFBC6F1E28...A75C110F84C3</secDNS:digest>
        </secDNS:dsData>
    </secDNS:add>
</secDNS:update>

Removing All DS Data Using the DS Data Interface

(...Extensions Block ...)
<secDNS:update xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.1">
    <secDNS:rem>
        <secDNS:all>true</secDNS:all>
    </secDNS:rem>
<secDNS:update>

Removing All DS Data and adding Using the DS Data Interface

(...Extensions Block ...)
<secDNS:update xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.1">
    <secDNS:rem>
        <secDNS:all>true</secDNS:all>
    </secDNS:rem>
    <secDNS:add>
        <secDNS:dsData>
            <secDNS:keyTag>25845</secDNS:keyTag>
            <secDNS:alg>8</secDNS:alg>
            <secDNS:digestType>2</secDNS:digestType>
            <secDNS:digest>1D368C0FDFBC6F1E28...A75C110F84C3</secDNS:digest>
            </secDNS:create>
        </secDNS:dsData>
    </secDNS:add>
</secDNS:update>

Update Transfer Authorization Code in Update Domain Request

As of September 2018, IL Registry implemented the Transfer Authorization Code mechanism. For detailed requirements please check APPENDIX Transfer Authorization Code Policy in the ISOC-IL Registry.

The registrar can update Transfer Authorization Code for the domain by submitting an UPDATE request.

  • Each update cancels the previous code.
  • The Registrar may update the code at any time.
  • The code is reported by the current managing registrar.
  • The code will be submitted as SHA256 HASH.
  • A request will be rejected due to the following reasons: Code has been used in the past, string length is different than 64 characters, invalid characters, there is an open Transfer request, modify requests, for this domain, are disallowed.
<update>
    <domain:update>
        <domain:name>example.co.il</domain:name>
        <domain:chg>
            <domain:authInfo>
                <domain:pw>5eb9b3d2e032830a58a46117ce5a4cb9e254a45ae4036a3efd2470172dc1caf0</domain:pw>
            </domain:authInfo>
        </domain:chg>
    </domain:update>
</update>

Example of the fullest Update Domain Request possible:

<?xml version="1.0" encoding="UTF-8"?>
<epp>
    <command>
        <update>
            <domain:update>
                <domain:name>example.co.il</domain:name>
                <domain:chg>
                    <domain:ns>
                        <domain:hostAttr>
                            <domain:hostName>ns1.example.co.il</domain:hostName>
                            <domain:hostAddr ip="v4">193.168.0.1</domain:hostAddr>
                            <domain:hostAddr ip="v6">::b:0:1</domain:hostAddr>
                        </domain:hostAttr>
                        <domain:hostAttr>
                            <domain:hostName>ns21.hostingcompany.co.il</domain:hostName>
                        </domain:hostAttr>
                    </domain:ns>
                    <domain:contact type="admin">AB-IT949-IL</domain:contact>
                    <domain:contact type="tech">AB-IT949-IL</domain:contact>
                    <domain:contact type="zone">AB-IT949-IL</domain:contact>
                    <domain:locktransfer>false</domain:locktransfer>
                </domain:chg>
            </domain:update>
        </update>
        <extension>
            <isocil:ext>
                <isocil:update>
                    <isocil:contact>
                        <contact:type>registrant</contact:type>
                        <contact:postalInfo type="int">
                            <contact:name>Israel Israeli</contact:name>
                            <contact:addr>
                                <contact:street>7 Jabotinsky St.</contact:street>
                                <contact:city>Ramat Gan</contact:city>
                                <contact:sp></contact:sp>
                                <contact:pc>33233</contact:pc>
                                <contact:cc>IL</contact:cc>
                            </contact:addr>
                        </contact:postalInfo>
                        <contact:voice>+972 3 9883301</contact:voice>
                        <contact:fax>+972 8 9770002</contact:fax>
                        <contact:email>registrant@example.co.il</contact:email>
                    </isocil:contact>
                </isocil:update>
            </isocil:ext>
            <secDNS:update xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.1">
                <secDNS:add>
                    <secDNS:dsData>
                        <secDNS:keyTag>25845</secDNS:keyTag>
                        <secDNS:alg>8</secDNS:alg>
                        <secDNS:digestType>2</secDNS:digestType>
                        <secDNS:digest>1D368C0FDFBC6F1E28...A75C110F84C3</secDNS:digest>
                    </secDNS:dsData>
                </secDNS:add>
            </secDNS:update>
        </extension>
        <clTRID>AB-700</clTRID>
    </command>
</epp>

If, for example, an update to the Registrant's information is not needed, the whole <extension> block MUST be excluded from the Request.

Legend

  • <domain:update>: Defines that the desired Registration Action, Update Domain, where:
    • <domain:name>: Defines the Domain Name Record to be updated.
    • <domain:chg>: Contains the information units of a Domain Name Record being updated.
    • <domain:ns>: Defines a DNS Information block, where <domain:hostAttr> defines the details of one DNS server:
      • <domain:hostName> - contains the DNS server's name.
      • <domain:hostAddr> - contains the DNS server's IP address. The <domain:hostAddr> tag attribute "ip" – defines the IP version, which is one of the following:
        • "v4" – for IPV4 address
        • "v6" – for IPV6 address. More information can be found at RFC5732. Maximal number of DNS Information blocks is 13.
    • <domain:contact>: Contains an existing Contact Object Handle (managed by the submitting AR. The <domain:contact> tag attribute "type" – defines the Contact's Role, which is one of the following:
      • "admin" – Administrative Contact.
      • "tech" – Technical Contact.
      • "zone" – Zone Contact.
    • <domain:locktransfer>: Controlling the Lock Transfer option. (see sub-sec. Lock Transfer Option).
    • <domain:authInfo>
      • <domain:pw>: Contains the hashed transfer Authorization Code. For detailed requirements please check DS Specification appendix.
  • <isocil:ext>: Defines the IL Extension Block.
    • <isocil:contact>: Defines the Registrant data that will be written in the Domain Name Record after the Update Domain Request is processed.
    • <contact:type>: MUST be "registrant".
    • <contact:name>: Contains Registrant's full name. In case of a person, name and surname separated by a space. In case of a legal-entity e.g, a company, the company's full name, including appropriate suffix, e.g., "Ltd." – separated by spaces.
    • <contact:addr>: A block containing the postal information associated with the Registrant:
      • <contact:street>...<contact:street>: Contains the street and number of the Registrant's physical address.
      • <contact:city>: Regsitrant's city.
      • <contact:sp>: Contact's State/Province.
      • <contact:pc>: Registrant's postal code.
      • <contact:cc>: Registrant's two-letter country code, according to ISO-3166.
    • <contact:voice>: Contact's telephone number, in the following format: "+[country code] [area code] [phone number]"
    • <contact:fax>: Registrant's facsimile number, in the following format: "+[country code] [area code] [phone number]"
    • <contact:email>: Regsitrant's direct mail address.
  • <secDNS:update>: A DNSSEC object update block.
    • <secDNS:add> and/or <secDNS:rem>: Add, remove, or both the following DS data
      • <secDNS:dsData> Contains all Delegation Signer (DS) record elements of the domain. DNS name must be defined. Information about the DS resource record can be found at RFC4034 section 5.1. For detailed requirements please check DS Specification appendix
        • <secDNS:keyTag>: The key tag of the DNSKEY RR referred to by the DS record.
        • <secDNS:alg>: The algorithm number of the DNSKEY RR referred to by the DS record.
        • <secDNS:digestType>: The Digest Type field identifies the algorithm used to construct the digest.
        • <secDNS:digest>: The DS record refers to a DNSKEY RR by including a digest of that DNSKEY RR.
        • <secDNS:keyData>: OPTIONAL. DNSKEY info. Information about the DNSKEY resource record can be found at RFC4034 section 2.1.
          • <secDNS:flags> Zone Key flag.
          • <secDNS:protocol> Protocol field. Must be 3.
          • <secDNS:alg> Algorithm use to determine the format of the Public Key field.
          • <secDNS:pubKey> The Public Key Field holds the public key material.
      • <secDNS:all>: To remove all existing DS RR add "true" between tags. This is the only option. This tag can be only under <secDNS:rem>

Tags occurrence table

Tag Occurrences
(MIN-MAX)
Size + Remarks
<epp> 1
<command> 1
<update> 1
<domain:update> 1
<domain:name> 1 Token: 9-73.
<domain:chg> 0-1
<domain:ns> 0-1 Token.
<domain:hostAttr> 1-13 If <domain:ns> included.
<domain:hostname> Token: 1-100.
<domain:hostAddr> Obligatory when Glue record needed.
<domain:contact type="admin"> 0-1
<domain:contact type="tech"> 0-1
<domain:contact type="zone"> 0-1
<domain:locktransfer> 0-1
<domain:authinfo> 0-1
<domain:pw> 0-1 Hashed code. 64 Characters
<extension> 0-1
<isocil:ext> 1
<isocil:update> 1
<isocil:contact> 1 All subtags but: <contact:org> <contact:sp> <contact:pc> <contact:voice> <contact:fax> are mandatory.
<secDNS:update> 1
<secDNS:add> and/or <secDNS:rem> 1-6
<secDNS:all> 1 Only Under <secDNS:rem>
<secDNS:dsData> 1-6 All subtags but: <secDNS:keyData> are mandatory
<secDNS:keyData> 1 All subtags are mandatory.
<clTRID> 1 token: 4-64

Response Data in a SUCCESS message

Unlike the response to a create domain request, the data shown in the response to an update request only contains the newly editted details.

The API Server's response upon the successful completion of a Create Domain Request:

<?xml version="1.0" encoding="UTF-8"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:contact="urn:ietf:params:xml:ns:contact-1.0" xmlns:domain="urn:ietf:params:xml:ns:domain-1.0" xmlns:isocil="http://www.isoc.org.il/xml/epp/isocil-1.0" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsdurn:ietf:params:xml:ns:contact-1.0 contact-1.0.xsdurn:ietf:params:xml:ns:domain-1.0 domain-1.0.xsdhttp://www.isoc.org.il/xml/epp/isocil-1.0">
  <response>
    <result>
      <code>1000</code>
      <msg>Command completed successfully (domain requestid=D1234567)</msg>
    </result>
    <resData>
      <domain:updData>
        <domain:name>example.co.il</domain:name>
        <domain:contact type="admin">BL-HN100-IL</domain:contact>
        <domain:contact type="zone">BL-HN1435-IL</domain:contact>
        <domain:ns>
          <domain:hostAttr>
            <domain:hostName>ns1.example.co.il</domain:hostName>
            <domain:hostAddr ip="v4">193.168.0.1</domain:hostAddr>
            <domain:hostAddr ip="v6"></domain:hostAddr>
          </domain:hostAttr>
          <domain:hostAttr>
            <domain:hostName>ns3.example.co.il</domain:hostName>
            <domain:hostAddr ip="v4"></domain:hostAddr>
            <domain:hostAddr ip="v6">::b:0:1</domain:hostAddr>
          </domain:hostAttr>
          <domain:hostAttr>
            <domain:hostName>ns.isoc.org.il</domain:hostName>
            <domain:hostAddr ip="v4"></domain:hostAddr>
            <domain:hostAddr ip="v6"></domain:hostAddr>
          </domain:hostAttr>
        </domain:ns>
        <domain:transferlocked>false</domain:transferlocked>
        <domain:authInfo>Valid until: 2020-09-01 12:45:35</domain:authInfo>
      </domain:updData>
    </resData>
    <extension>
      <isocil:ext>
        <isocil:updData>
          <isocil:contact>
            <isocil:type>registrant</isocil:type>
            <contact:postalInfo type="loc">
              <contact:name>Holder Name</contact:name>
              <contact:org></contact:org>
              <contact:addr>
                <contact:street>Street 1 St.</contact:street>
                <contact:city>City</contact:city>
                <contact:zip>1111111</contact:zip>
                <contact:cc>IL</contact:cc>
              </contact:addr>
            </contact:postalInfo>
            <contact:voice>+972 3 1234567</contact:voice>
            <contact:fax>+972 3 1234567</contact:fax>
            <contact:email>registrant@somemail.co.ilil</contact:email>
            <contact:crID>BL</contact:crID>
            <contact:upDate>2020-09-01 12:45:29</contact:upDate>
            <contact:crDate>2020-08-31 16:14:08</contact:crDate>
          </isocil:contact>
        </isocil:updData>
      </isocil:ext>
      <secDNS:updData xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.1">
        <secDNS:dsData>
          <secDNS:keyTag>12345</secDNS:keyTag>
          <secDNS:alg>10</secDNS:alg>
          <secDNS:digestType>2</secDNS:digestType>
          <secDNS:digest>D19BAFA9B4B043E0EA1FC61D884BAE1DCD458857381734CF268096ED96E53197</secDNS:digest>
        </secDNS:dsData>
        <secDNS:dsData>
          <secDNS:keyTag>1234</secDNS:keyTag>
          <secDNS:alg>8</secDNS:alg>
          <secDNS:digestType>2</secDNS:digestType>
          <secDNS:digest>32F42B7261217BF69CF624B1C4A6857DDB7C935D75428A4A19B68F29C7E730C8</secDNS:digest>
        </secDNS:dsData>
      </secDNS:updData>
    </extension>
    <trID>
      <clTRID>BL-20200901124525310</clTRID>
      <svTRID>ISOCIL-BL20200901124526222 20200901124540</svTRID>
    </trID>
  </response>
</epp>

Legend for response to Create Domain Request

  • <domain:updData>: Information on the update of the Domain Name Record, where:
    • <domain:name>: Specifies the Domain Name Record created
    • <domain:contact>: Specifies the Handles of the different contacts of the Domain Name, that were requested to be updated.
    • <domain:ns>: Contains the updated DNS Information block, where <domain:hostAttr> indicates the details of one DNS server:
      • <domain:hostAddr> - contains the updated DNS server's IP address, The <domain:hostAddr> tag attribute "ip" – indicates the IP version, which is one of the following:
        • "v4" – for IPV4 address
        • "v6" – for IPV6 address. More information can be found at RFC5732.
    • <domain:transferlocked>: true – indicates that the locktransfer option for the Domain Name is turned on. false – turned off.
  • <isocil:ext>: Indicates the IL Extension Block.

    • <isocil:contact>: Contains the Registrant data that was written in the Domain Name Record as per the Update Domain Request.
    • <isocil:type>: Indicates the contact type.
    • <contact:name>: Contains the Registrant name that was written in the Domain Name Record as per the Update Domain Request.
    • <contact:addr>: A block containing the postal information associated with the Registrant:
      • <contact:street>: Contains the street and number of the Registrant's physical address.
      • <contact:city>: Regsitrant's city.
      • <contact:sp>: Contact's State/Province.
      • <contact:pc>: Registrant's postal code.
      • <contact:cc>: Registrant's two-letter country code.
    • <contact:voice>: Contact's telephone number, in the following format: "+[country code] [area code] [phone number]"
    • <contact:fax>: Registrant's facsimile number, in the following format: "+[country code] [area code] [phone number]"
    • <contact:email>: Regsitrant's direct mail address.
  • <secDNS:update>: Indicates the DNSSEC object update block

    • <secDNS:dsData>: Contains all Delegation Signer (DS) record elements of the domain that were requested to be updated. Information about the DS resource record can be found at RFC4034 section 5.1.
      • <secDNS:keyTag>: The key tag of the DNSKEY RR referred to by the DS record.
      • <secDNS:alg>: The algorithm number of the DNSKEY RR referred to by the DS record.
      • <secDNS:digestType>: The Digest Type field identifies the algorithm used to construct the digest.
      • <secDNS:digest>: The DS record refers to a DNSKEY RR by including a digest of that DNSKEY RR.
      • <secDNS:keyData>: DNSKEY info. Information about the DNSKEY resource record can be found at RFC4034 section 2.1.
        • <secDNS:flags> - Zone Key flag.
        • <secDNS:protocol> - Protocol field. Must be 3.
        • <secDNS:alg> - Algorithm use to determine the format of the Public Key field.
        • <secDNS:pubKey> - The Public Key Field holds the public key material.
  • <trID> Indicates transaction ID. Comprised of the client trID and the server trID.