Registrars accredited by the .lu registry benefit from Application Programming Interfaces (APIs) specifically dedicated to them.

EPP interface

To communicate with the .lu registry, accredited registrars must use an EEP server.

The EPP server is accessible only to accredited registrars that have been authenticated in advance. As the primary means of communication with the .lu registry, it enables the registrars to manage all of their domains. It supplements the web interface.

‘EPP-over-TCP’ protocols

The EPP server can handle two ‘EPP-over-TCP’ variants supported by the EPP protocol (Extensible Provisioning Protocol) defined in the technical reference document RFC5730 published by the ‘Internet Engineering Task Force’ (IETF). 

  RFC3734 protocol .lu protocol
Description Implementation per the RFC3734 ‘Extensible Provisioning Protocol (EPP) Transport Over TCP’ standard published by the IETF. Protocol specially developed by and for the .lu registry
Header 4 bytes, preceding each EPP message None
Coding restrictions None   UTF-8, compatible with the Unicode Métalangage XML (Extensible Markup Language) only on the XML test interface
Compatible IP addresses IPv4 and IPv6 IPv4 and IPv6
Host name epp.dns.lu epp.dns.lu
 Ports TCP
  • 1700*  
  • 1702, SSL tunnelling  
  • 1701*  
  • 1703, SSL tunnelling

* TCP port available but not recommended 

Restrictions

  • the connection must be made from an explicitly authorised IPv4 or IPV6 address,
  • up to 3 simultaneous logins per IP address and 5 simultaneous logins per registrar are permitted.

Additionnal validation

A basic validation of address data is performed by the .lu registry. 

Read how to write a post code

Technical information  

  • The EPP server reads the connection until the sequence '</epp>,' which is considered the end of the EPP message. After processing the command, it begins reading again.

  • Blank spaces are allowed, both before and after an EPP message, and can be used as a keep-alive for the session. However, delete them before sending your messages to your XML parser.

  • If you use the '<?xml’ header, the RFC3734 transport protocol prohibits putting a space before that header.

  • To run EPP commands in a basic manner, it is recommended to use a Unix-style command line interface. Example: The line ‘localhost $ cat epp_login.xml epp_command.xml epp_logout.xml \ | netcat epp-test.dns.lu 1700 > epp_responses.xml’ contains commands to run login, logout, and 'payload' as well as the responses from the EPP server.

  • Putting together an EPP message by concatenating character strings is not recommended. The layout of the corresponding XML metalanguage may change without prior warning (the order of the elements, comments, blank spaces, etc.), and the blank spaces and comments may disrupt the XML parser.

Related technical documentation

Related FAQs

What transport protocols does the EPP server use?

The EPP server handles two variants of EPP-over-TCP:  

  • the transport protocol RFC3734 ‘Extensible Provisioning Protocol (EPP) Transport Over TCP’  
  • a TCP flow encoded in UTF-9, specially developed by and for the .lu registry  

You can therefore program your EPP client in either of these two languages.  

Why does my code work as it should on the test server but not on the production server?

  • If you can use the RFC3734 transport protocol, this is due to the XML formatting that is active only on the test server. It automatically adds a line break after the closing tag '</epp>', which is not interpreted on the production server. So when you move the line containing that closing tag to the production server, be sure to delete the '>' symbol at the end.  
  • If you've programmed your EPP client using the language specially developed by and for the .lu registry, check that there are no spaces before the header ‘<?xml’.  

In general, consider deleting the spaces at the start and end of each message before sending them to your XML parser.  

Why can't I log in to the Web interface or the EPP server?

There are several reasons why you may be having trouble logging in:    

  1. You entered the wrong password: Check that your password is correctly entered, and bear in mind that if you have recently changed it via the EPP server, you will need to use that new password for the Web interface.  
  2. Your account is locked: Either your account has not yet been unlocked, or it was locked due to inappropriate behaviour.  
  3. Your IP address is not authorized: You're attempting to log in from a computer whose IP address is not authorised to communicate with the interface and EPP server. Log in from another device.  

Can I create domains using the Web interface for registrars?

No. Only hosts and contacts can be managed via the Web interface.

Domain names can only be created via the EPP server, which is the only system that can edit the contents of the registry database.

Why does the EPP work correctly on the test server but not the production server?

It's likely you missed the important detail of assigning ports on the production server, which is different from the test server.

  • If you are using the RFC3734 transport protocol, port 1701 used on the test system must be replaced with port 1700 on the production server.
  • If you programmed your EPP client in the language specially developed by and for the .lu registry, port 1700 used on the test system must be replaced with port 1701 on the production server.

Your EPP software might also be too sensitive for XML formatting. To find out if it is, see the question "Why does my code work as it should on the test server but not on the production server?"

My registrar is accredited for .lu; how can I check whether a domain name is available?

To find out if a domain name is available, including domains in quarantine or those pending creation, use the EPP command ‘domain:check’ from the EPP server.

  • If the domain name is not available, the reason why it isn't is stated.
  • If the domain name is already registered, run the command ‘domain:info’ to learn both which registrar it is registered at, and which ‘TransferProhibited’ or ‘TradeProhibited’ restriction(s) apply.

You can also use the DAS, which operates on port 4343, but then you won't have access to the domain names in quarantine, or pending creation.

Why can't a domain unknown to WHOIS be registered?

You are trying to register a domain name listed as temporarily unavailable or in quarantine. To determine which exact case you're dealing with, send the EPP command ‘domain:check’ to the EPP server and check the ‘reason’ field.

I've reserved a domain name. How do I make it active?

  1. To activate a domain name, its name servers must be operational and correctly configured. You can check if your information is properly configured using our name server test.
  2. Request a domain update by deleting the status 'inactive'.
  3. The update will take effect in a few minutes. A ‘poll’ message informs you that the update results have been added to the page, along with the reason for failure if one occurred.

What does the failure ’Billing error’ mean for EPP commands?

On the EPP server, the ’Billing error’ failure occurs when you don't have enough credit to perform the following tasks: creation, restoration, transfer, transfer-trade, transfer-restoration, and trade.  

If so, you must recharge your account from your web interface, before you can try again.    

To avoid such problems, from your registrar web interface:  

  • Regularly monitor your credit balance and recharge your account in good time, as money transfers are not instantly credited.  
  • Estimate the costs of renewal that you have to deal with over the next 7 days, based on the number of domains to be renewed as shown in ’View Summary’, ’Coming renewals (7 days)’.   

How frequently should ’poll’ messages be requested?

All the tasks requested via the EPP server are automatically processed once every five minutes by the registry's back-end system. Consequently, you should not query the registry more than once every five minutes.

Except when the creation or updating of a domain is pending confirmation, even less frequent querying is sufficient.

Name server testing protocol

Using a command line to test whether the DNS servers are properly configured.

The text-based name server testing protocol is a service that enables accredited registrars to test DNS servers before activating a created domain marked as reserved, or before changing name server information for a domain.

The protocol reads the ASCII text from its TCP socket in linear fashion. It makes it possible to manage the results and act automatically with the .lu registry.

Discover result codes and how to interpret them

See example test sessions

Step 1: Send a query to the server 

Description of a standard command

A single command looks like:

XXXX mode args ...

 

Definition

XXXX

Identifier of the request (alphanumeric); it may appear once for each command.  

[mode]

Type of command; it may appear once for each command, from among the following:  

  • [live] for an active test, ignoring the cached information,  

  • [cached] for a test based on the cached information,  

  • [update] for an active test, with updating of the cache if the test is passed,

  • [cfg] to change certain configuration settings of the session,  

  • [quit] to close the session (not the domain or the name server),  

  • [help] to display a short help message (not for the domain or the name server). 

Args ...

Arguments for the command specified in mode.  

TTypes of commands supported  

 

Argument(s)

  • live

  • cached

  • update

Tests based on at least two arguments: 

  • Argument 1: Domain name  

The domain name may be followed by corresponding DS records. A comma (',') is used as a separator between these two elements. The fields related to DS records, meanwhile, are separated by a colon (':').

  • Argument 2 and up: Definition of name servers 

The definition of name servers is made up of a host name followed by an optional IP address, required only for glue records.

The host name and the IP address are separated by a comma (',').

IP addresses are ignored for name servers that do not require glue records, unless the name server resolves to a given IP address.

cfg

Command based on two arguments:  

  • Argument 1 : Name of the configuration option to be edited,

  • Argument 2 : New value of the configuration option to be edited.  

t supports the machine-output option which switches the output mode between a human-readable test result description and a machine-readable one, with message codes and the list of values to be substituted into the corresponding message string, based on the following values:

  • ‘on’ and ‘true’ to switch to machine-readable output,

  • ‘off’ and ‘false’ to switch to human-readable output.  

quit

No argument processed. Once processed, the command closes the connection, without waiting for the tests to end or for their results to be given.

help

Optional argument containing the name of the command to describe.

General technical characteristics

  • Each command is separated from the next one by a blank line. A command therefore ends on the first blank line encountered.

  • Blank spaces are considered separators between fields.

  • Sessions are closed by two consecutive blank lines or by the command 'quit'.

  • Individual commands can be sent without waiting for a response. However, it is not recommended to reuse a command identifier before getting a response, as any responses will also have the same identifier.

Step 2: Integrating the server's response  

The server's response is made up of several lines: A header line giving the overall state of the result and at least one human- and machine-readable detail line.  

Description of the header line  

The header line looks like:

[code] XXXX text... 

 

Definition

 [code]

Result code of the response corresponding to one of the following options:

  • [help] when the response is a help/usage notification,  

  • [miss] or a request in cache memory that failed due to incomplete information in the cache memory The client must repeat the test in update mode or in real mode.  

  • [ok] if the test was passed,  

  • [warn] if the test was passed, but with warnings,  

  • [err]if the test was failed.

XXXX

Request identifier.

texte...

Human-readable result message.

Description of the detail lines

The human-readable detail line looks like:

 [code] text...

 

Definition

 [code]

Result code of the detail line, one of the following:  

  • [NN] for a notification,  

  • [II] for information,  

  • [WW] for a warning,  

  • [EE] for an error.  

texte...

Detailed human-readable message. 

The machine-readable detail line looks like:

[code] id args ...

 

Definition

 [code]

Result code of the detail line, one of the following:

  • [NN] for a notification,  

  • [II] for information,  

  • [WW] for a warning,  

  • [EE] for an error.  

id

ID identifying the message from a predefined list.

 

args...

Arguments required for substitution in the message string corresponding to the message code in id. All arguments are placed between single quotes, with the characters ' and \ being escaped in the form \' and \\'.

General technical characteristics  

  • A response ends on the first blank line encountered.
  • There is no guarantee as to the duration and order in which the responses are received, as server response times vary and are unknown to the registry.
  • After 5 seconds, some servers don't respond.

Related FAQs

I've reserved a domain name. How do I make it active?

  1. To activate a domain name, its name servers must be operational and correctly configured. You can check if your information is properly configured using our name server test.
  2. Request a domain update by deleting the status 'inactive'.
  3. The update will take effect in a few minutes. A ‘poll’ message informs you that the update results have been added to the page, along with the reason for failure if one occurred.