The following document provides a quick guide to the DNS Africa Gateway system, its implementations, standards and configurations.
DNS Africa provides a single point of integration and account management for registrars and resellers known as the DNS Portal and includes the following features:
- Onboarding new resellers
- Managing account access at a departmental level
- Activation of OT&E and production environments
- Online source of all DNS Africa technical and policy documentation
- Access to TLDs for which DNS Africa is integrated with
- Managing funds and credits
- Access to graphs related to reseller activity and growth
For more information, please refer to the DNS Portal User Manual.
DNS Africa offers customer support at the general email address firstname.lastname@example.org or via the DNS Support menu item on the Portal. please include as much detail as possible in your support requests.
The Gateway system operates in accordance with the EPP standards outlined in the following RFCs:
Price Charge Extensions are as per the “Donuts Name Ratings Charge Extension” available for download in PDF format at https://donuts.zendesk.com/hc/en-us/article_attachments/200526997/Donuts_Name_Ratings_Charge_Extension_Guide_.pdf
For more information on how to implement the EPP standards please see the document titled “Gateway EPP Documentation”.
OT&E and Production System Configuration
There are multiple ways that a Gateway customer can integrate with the DNS Gateway systems in order to provision domain names
The OT&E system provides each reseller with 2 accounts in order to allow the testing of transfers in OT&E.
All resellers are provisioned with credit on the OT&E system and may use the Reseller Portal to add additional funds to the OT&E accounts.
Resellers connecting to the OT&E system may provide an SSL certificate as well as whitelist their incoming IP addresses before having full access to the OT&E system. Resellers may use the DNS Portal interface to upload their SSL certificates and provide their IP Addresses.
NOTE: Transactions on the OT&E system DO NOT affect the Production environment.
The Gateway EPP OT&E system is reachable and configured as follows:
The Gateway EPP Production system is reachable and configured as follows:
The Gateway JSON OT&E system is reachable and configured as follows:
The Gateway JSON Production system is reachable and configured as follows:
The WHMCS module is under development at the moment.
Web-RAR is the web based Registrar system available on the DNS Portal. For more information please visit the Web-RAR User Manual.
OT&E credentials are requested and displayed in the DNS Portal under "Integration" menu item.
Live Credentials will be emailed to you after requesting via the DNS Portal under "Integration" menu item.
Customers may change their password through the EPP interface at Login or by clicking the 'reset password' link on DNS Portal under "Integration" menu item.
SSL and Whitelisted IP Addresses
Customers connecting to the EPP system can upload their SSL certificates and add their IP addresses to the ACL via the DNS Portal under "Integration" menu item.
Customers connecting to the JSON API or WHMCS should send their IP addresses to email@example.com. The automation of this process is under development.
The following are constraints in the EPP interface as well as the domain lifecycle:
- The EPP server offers services for domain and contact objects.
- Host/Nameservers are directly created/managed through the EPP Domain operations.
- The Gateway system makes use of host attributes. No direct EPP host commands are supported.
- The EPP server offers service extensions for DNSSEC and Donuts Name Ratings Charge.
- The EPP server operates as an SRS therefore all domain name commands must include the TLD label.
- All successful domain creations are delegated immediately
- Delegated nameservers must not contain IP addresses.
- Subordinate nameservers must contain at minimum 1 IP address of either v4 or v6.
- Subordinate nameservers must only be created once the superordinate domain name has been created.
- Subordinate nameservers may have up to a maximum of 10 associated IP addresses, either IPv4 or IPv6.
- Domain names must be created with a minimum of 2 namservers (delegated or subordinate)
- Domain names require at minimum the registrant contact, 1 admin, 1 tech, and 1 billing contact.
- Contact objects only support the “internationalized” (postalInfo type=’int’) fields.
- Transfer of contact objects is not supported.
- All contact information is set to complete disclosure unless otherwise updated by the reseller.
- Domain name transfer request require the correct domain name authInfo. Transfer approves, transfer rejects and transfer cancellations do not require authInfo.
- All domain name transfers are auto-approved if the Pending Transfer Period lapses without an instruction from either the Registrar of Record or the Gaining Registrar.
Domain Lifecycle Periods and Durations
The following durations apply to the domain lifecycle:
- Registration Grace Period: The first 5 days following the successful registration of a domain name. This period is terminated if the reseller manually renews the domain name.
- Registration Transfer Period: The first 60 days following the successful registration of a domain name. During this period the domain name may not be transferred to another registrar.
- Post-Transfer Period: First 60 days following the successful transfer of a domain name. During this period the domain name may not be transferred to another registrar.
- Transfer Period: The maximum potential duration of a domain name transfer, starting from when the transfer is initiated with the registry, and ending when the transfer is finalised by the registry. The period lasts a maximum of 5 days.
- Pending Suspension Period: The first 5 days following the receipt of a deletion request for a domain name.
- Pending Deletion Period: The first 5 days following the Pending Suspension Period.
- Pending Registry Deletion Period: The first 20 days following the Pending Deletion Period.
- Pending Delete Period: The first 30 days following the expiration of a domain name.
System Notifications to External Parties
Gateway will send notifications to third-parties in the manner described below.
- Initial Contact Data Verification Notice: When a contact object is associated with a domain name as either the registrant, administrative, billing or technical contact, a notification will be sent to the listed email address of the contact object. The contact must use the link in the email address to verify their information. If the contact does not verify the information, we will attempt to manually verify the information telephonically. If we are unable to reach the contact and verify the information, the contact object will not be able to be associated with domain name registrations. This notice is only sent ONCE, at the time a contact object becomes associated with a domain name.
- Yearly Contact Data Verification Notice: On a yearly basis, we will send a notification to every contact object that is associated with a domain name. The notice will contain all the information we currently have on file for the contact. The contact is NOT required to confirm the information.
- Upcoming Domain Renewal Notifications: The registrant will get 2 notifications for domain names that are nearing their expiration date, regardless of the status of the autorenew. The first notification will be sent approximately 1 month prior to the expiration date being reached. The second notification will be sent approximately 2 weeks prior to the expiration date being reached. The notification will include the status of the autorenew for each domain name. If the autorenew is set to False, the registrant must decide whether or not to renew the domain name. If the autorenew is set to True, the domain name will automatically be renewed at the date of expiration.
- Expired Domain Name Notification: The registrant will get a notification of domain names that have expired and have entered the Pending Delete state. The notification will be provided approximately 1 week after the domain name has expired.
Customer Billing and Accounts
In order to transact on the Gateway system, Customers must have available funds in their account. The account is denominated in US Dollars ($ USD). Accounts can be topped up using a credit card on the DNS Portal or via EFT (details available on the Portal).
The domain fees will be outlined in the Billing section of the DNS Portal.
The following actions are chargeable actions:
- Domain Name Creation (per year registered)
- Domain Name Renewal (per year renewed)
- Domain Names Transferred In
- Domain Name Restoration
- Domain Name Redemption
- Domain Name Autorenewal
Customers will receive invoices on a monthly basis, on the first day of every month, outlining the previous month’s transactions. The invoices and billable transactions are also available in the DNS Portal.
NOTE: If a customer does not have sufficient funds in their account, domains due for autorenew will NOT be automatically renewed, and enter the Pending Delete phase.
Gateway allows the application and amendment of DNSSEC records in accordance to RFC 5910 available at https://tools.ietf.org/html/rfc5910
Gateway supports DNSSEC as follows:
- DNSSEC Key Material is OPTIONAL
- Use of Key Data and DS Records are both accepted
- DS records will be included in the zone if at minimum 1 DS record exists for the domain name
- A maximum of 6 DS records are allowed per domain name
- The “digestType” element currently only accepts type “1” and “2”.
- The “alg” element must be one of “3”, “5”, “6”, “7”, “8”, “10” or “12”.
On successful transfer of a domain name NO DNSSEC data will be copied. It is up to the gaining registrar to update or remove the DNSSEC information.
For more information on the DNSSEC implementation please see the document “EPP Documentation”.
The Gateway system supports the Donuts Name Ratings Charge Extension for fee specification and identification. More information on the extension can found at https://donuts.zendesk.com/hc/en-us/article_attachments/200526997/Donuts_Name_Ratings_Charge_Extension_Guide_.pdf
Customers must specify the extension on Login in order to make use of the extension in commands as well as receive the extension in response to commands.
The extension must be used for the registration and renewal of all Premium Domain Names.
Internationalized Domain Names
Gateway allows IDN registrations for specific TLDs. All required IDN tables with allowed characters are available on the IANA website at https://www.iana.org/domains/idn-tables.