Call To Action

In a bid to create more awareness around COVID-19 Government has called on all .za domain name holders that have an associated website to create a landing page with a visible link to For more details see section 5.1.4 of Regulation No. 43164 published on 26 March 2020.

gTLD Frequently Asked Questions

Legal FAQs

There is no cost or Accreditation Fee required to become Technically Accredited for the gTLD OT&E.


Any ZACR Accredited Registrar that is also ICANN Accredited may sign up for the process.
ZACR Accredited Registrars that are not ICANN Accredited will have to obtain the same technical accreditation but make use of the Proxy Registrar solution in order to provision domain names during the General Availability Phase. (ZACR PROXY SERVICE TEMPORARILY SUSPENDED UNTIL FURTHER NOTICE)


ICANN Accredited Registrars may provision domain names in accordance to the Published Policies and Procedures of each namespace.
Non-ICANN Accredited Registrars must make use of the Proxy Registrar solution and provision domain names in accordance to the Proxy Registrar Published Policies and Procedures. (ZACR PROXY SERVICE TEMPORARILY SUSPENDED UNTIL FURTHER NOTICE)


The latest version of the Registry-Registrar Agreement may be found here.


All Published Policies and Procedures may be viewed by accessing the respective namespace link in the "Legal/Policy" menu at the top of the Registry website.


Registrar FAQs

To begin the gTLD Technical Accreditation process access your Registrar Panel and sign up for the gTLD Accreditation.
The ZACR will provide OT&E credentials as well as additional information regarding the integration process in a response email. Please note that the response email may take up to 24 hours from the original request.


The email will provide OT&E server details as well as links to the relevant documentaion and Extensible Provisioning Protocol commands. Registrars must make use of their Registrar Panel to verify which tests are outstanding by referencing their "OT&E" section for the gTLD Technical Accreditation.
Completed tests will be marked with a green tick while outstanding tests will be marked with a red cross. The Registrar Panel will also offer all the tools necessary for a registrar to pass the required tests. When all the tests have been completed, the namespaces associated with the gTLD Technical Accreditation will become available.
Registrars must choose the namespaces they wish to participate in. When selected, Production Server credentials and further information will be provided via email as well as on the Registrar Panel.


The ZACR functions on a pre-paid model for all domain name transactions. This means that prior to initiating a billiable action (new domain registration, domain renewal, etc...) registrars must ensure that there are sufficient funds available in their respective accounts.
The ZACR currently uses 2 accounts. The first is for all .ZA namespaces as well as the 3 city gTLDs. This account makes use of the ZAR currency. The second account is for the .AFRICA namespace and makes use of the US$ currency. The ZACR will send registrars their invoices every Monday to their specified billing email address. Registrars wishing to change their billing address must please contact the Registry through the Support function.


Domain, Contact and Host Object FAQs

The Domain Lifecycle for he gTLDs is as per the illustration below.



Once a domain name has gone through the Deletion Process and has subsequently been placed back into the pool of available names, it cannot be restored, only re-registered if the domain name is still available for registration.


Minimum requirements include:
1. A registration period between 1 and 10 years. If this is not spcified, the registry will default to a 1 year registration period.
2. Associated Registrant, Admin, Billing and Tech contacts.
3. Two (2) nameservers; delegated or subordinate. The nameservers do not have to be authoritative at the time of registration.
4. A domain name password.


The Claims Period is the first 90 consecutive days starting at the beginning of the General Availability Phase of a gTLD. During the 90 days, some domains are subject to prior rights based on validated marks.
In order to proceed with the registration of the domain, registrars must be Launch Technically Accredited to initiate the required mechanisms for acceptance of Claims Notices and further processing of the domain name application.


If a domain has expired, it enters the Deletion phase. To re-instate the domain a Renew command must be issued. Alternatively, a Cancel Pending Action may be issued (Cancel Pending Action is an optional extension).
Please take note that if the Renew command or the Cancel Pending Action command is issued to reinstate the domain, the domain will be renewed and the registrar's account will be charged according to the period specifid in the Renew command.



Protocol FAQs


An EPP session will persist for a maximum of 24 hours. If within the 24 hours the session is not terminated through a Logout command, the server will automatically end the session and a Login command will have to be issued.


Currently only 2 sessions are allowed per registrar account per Production server.


If the connection is idle for more than 20 seconds a disconnect will occur. To keep a connection open it is recommended that a EPP "Hello" command is sent to the server.


All incoming IP addresses need to be whitelisted with the Registry in order for access to be given to the Production servers. In the event that IP addresses have changed, please notify the Registry with the new IP addresses through the Support function.
To get an IPv4 address or IP range ( /24, /32) whitelisted, please provide the IP address as well as its range when prompted for after completion of Technical Accreditation. If your incoming requests are from an IPv6 server, please also provide the IPv6 address as well as its IP range ( /128 or below). Please note that all provided IP addresses must be static.


SSL is required for the Production servers and a certificate will need to be provided via uploading through the Registrar Panel once Technical Accreditation has been completed. All Production servers require dual SSL authentication, thus a certificate is required (X509).
The certificate can be either self signed or verified by a Certification Authority. The OT&E servers are SSL enabled but SSL is not a requirement for OT&E. If however you do wish to begin your integration using SSL from the beginning, please submit a request for SSL Certificate inclusion on the OT&E server through the Support function and attach the respective certificate.



An SSL certificate is required for Production server access. The certificate must be in X509 format. The X509 certificate may be signed by a Certification Authority or the certificate may be self signed.
If the certificate that was provided has been loaded and installed on the Registry end but there are still some SSL problems when connecting to our server, please log a ticket through the Support function and include the results of the following command:
openssl x509 -noout -in CERT_FILE -fingerprint -md5 where "CERT_FILE" is the certificate that you are using to connect.
Minimum SSL Certificate Requirements
The minimum requirements include:
1. A key strength/length of 1024 bits
2. A maximum key expiry date of 5 years from creation with a minimum of 1 year Recommended SSL Requirements
The recommended requirements include:
1. A key strength of 2048 bits
2. A key expiry date of 1 year from creation


When rolling or switching SSL certificates please log onto your Registrar Panel, access the respective namespace and upload the new certificate in the space provided. Once done, the current certificate as well as the newly uploaded certificate will both be active for 24 hours. At the end of 24 hours the old certificate will automatically be disabled. For more information plese se the SSL Requirements.


Issues with connectivity can happen due to multiple reasons including socket errors, closed ports, SSL authentication, servers being offline, and code bugs.
If you experience issues connecting to either the OT&E or Production Servers, please follow the steps below for a debug of the connectivity issues. If at the end of it you are still unable to verify the problem, please use the Support function to contact our support staff and provide us with all the output from the specified commands below as well as which step you encountered an error.
Step 1
Testing internet connectivity to servers
ping HOST
Where HOST is the server you are trying to connect to. If packets are getting sent through and there is no packet loss, it means that the server is online and the error lies somewhere else. If you cannot PING, there is most likely an internal error on your network.
Step 2
Identifying correct routing and IP whitelisting
traceroute HOST (tracert HOST for Windows)
Where HOST is the server you are trying to connect to.
Step 3
Connecting to our port
telnet HOST PORT
Where HOST is the server you are trying to connect to, and PORT will be 3121. This will test if port 3121 is open and allowing information to flow through it to our port. If you cannot connect to the port using telnet it means that the port is not opened for communication. Please check the permissions on your firewall if you have one active.
Step 4
Connecting using SSL
openssl s_client -connect SERVER:PORT -cert DOTCRTFILE -key DOTKEYFILE
The above applies to all registrars on the Production server, and only registrars who have provided SSL certificates for the OT&E server. The above command uses the opensource "openssl" libraries to connect to the server. If you cannot connect to the server using the abovementioned command, it means that either you have not provided us with your certificate (so we cannot accept the SSL handshake) or you have provided the incorrect files in the command. To resolve this, please make sure that the following has been completed:
1. Our server certificate is loaded on your side if your server requires SSL authentication from our server. The file can be downloaded further up in this FAQ.
2. You have provided your certificate and private key on connection, as our servers require Dual SSL. That is usually the .pem file. Different operating systems and server configurations require different files. Please make sure that when using a specific software, the correct keys and files have been loaded correctly.
Step 5
Debugging of code.
Please note that we do not provide any form of support for specific code or programming languages.


The Registry makes use of various EPP response codes to represent the meaning of "Success", "Pending", "Failure" and "ERROR" in the return EPP message. The following are the general guidelines for the codes:
1000: A result code of 1000 indicates immediate success. This means that the command that was performed has been considered and its effect was immediate. For example, a Contact Create or a Transfer Cancel.
1001: A result code of 1001 indicates the success of a command, of which the eventual result is pending processing or awaiting approval. For example, a Domain Update to change the registrant, or a Transfer Request that must now wait for voting. Responses of 1001 will always provide a message on the poll queue for collection. The message indicates the eventual success or failure of the result of the command.
2xxx: A result code in the 2000 range, such as 2304 or 2301, indicates an failure in the processing of the command. This is always indicitive of either a status blocking the command or the information provided in the command being incorrect. For example an incorrect date specification for a Domain Renew. All 2xxx results are followed by an indepth message explaining why the failure happened.
2400: A result code of 2400 is an ERROR. If you ever receive a result code of 2400 please use the Support function to notify the Registry as soon as possible, including in the ticket as much information as possible relating to the task that was performed to obtain a 2400 result.



Last update: 08-04-2016 02:03:31

Technical Support

All issues and questions relating to the EPP Registry Registrar System must be raised in the Contact/Support pages through the Registrar Portal. This is to ensure that our support department tracks and addresses all issues. Log in to the Registrar Portal and submit a support request online.


Registrar Noticeboard

Click here for the latest status updates.