Create keygroup[Link]


create a list of keys that can be linked to multiple domain registrations.


This is a DNS Belgium specific extension, documented in the schema keygroup-1.0.xsd.

The keygroup mapping is a DNS Belgium specific object-extension to the EPP norm, coherent with the EPP object extension framework. The keygroup object allows a registrar to group several keys in one object, to facilitate the mapping between a domain and a list of keys.

Some components of the command need further explanation:

  • <keygroup:name> is required. Contains the (chosen) name for the keygroup. A name can consist of letters, digits, hyphens and dot(.).

  • <keygroup:key> Each keygroup can hold at most 4 keys.

  • <secDNS:flags> is required. DNS Belgium only accepts flag 257 (KSK).

  • <secDNS:protocol> is required. Indicates the protocol used, DNSSEC requires protocol 3.

  • <secDNS:alg> is required. Indicates the algorithm used to generate the key, DNS Belgium recommends these algorithms to generate keys: (8) RSA-SHA256, (10) RSA-SHA512, (13) ECDSA Curve P-256 with SHA-256, (14) ECDSA Curve P-384 with SHA-384, (15) ED25519 and (16) ED448.

  • <secDNS:pubKey> is required. Contains the value of the public key.

Please refer to the examples to see a complete request.


A create keygroup command looks like:

<?xml version="1.0" encoding="UTF-8"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
      <keygroup:create xmlns:keygroup="">
          <secDNS:pubKey>AwEAAchObqtQhBlAmwkFeVOjgi3rG3skoTWKOcb7dtnoah1bgpTth6Rkqdp3cQeiHBcuHD5o6YLRgR03okzZGF15TNewAyzt6lQXJnsFdrDGR9Gcvnqy98SnmyBU/2KXZKkX5GaSJ5WGrz5I9VToShdssNbEULcRM38aPtd913PnkfYGYr2g1aPYGPx1NwK36bMNHSbrmZEJDYijPfc/HP2/4Wf74/eUL+q955imeukUFQJa+Ufzb+get4RAVRJ9SH3q/nITzCk/6tu8bWuOMn+oZfUaRq4llTKmmQ2ZDGBC3Uk5E++IfKvgIj6yOQhZbY+PLcN3gj8qYqin 213gwynWKm8=</secDNS:pubKey>

In case of successful creation, the EPP server responds with a standard EPP response message:

<?xml version="1.0" encoding="UTF-8"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
    <result code="1000">
      <msg>Command completed successfully</msg>


It is your responsibility to ensure that the content makes sense. It is perfectly possible to create a keygroup with all the same keys. The result will be that only 1 key will be linked to the keygroup!