Registrant verification[Link]

General[Link]

From 16 November 2020, we activated our project Registrant Verification for .be domain names.

Every new domain name is checked against a series of parameters to determine if it’s a suspicious registration. If the domain name matches several parameters, it’s not delegated and proof of identity is requested.

When validating documentation is received, the domain name is delegated.

Process[Link]

The flow for registrant verification is shown in this diagram:

Registrant verification flow - see scenario.

The scenario for registrant verification is as follows:

  1. A new domain name is registered.

  2. The domain name is delegated to DNS Belgium’s name servers.

  3. The website is redirected to a landing page with more information.

  4. The registrant receives an email to ask for verification documents.

  5. The registrar receives an EPP poll/CPS message indicating verification is required.

  6. The registrant provides validating documentation to DNS Belgium Support.

  7. DNS Belgium Support verifies the documents and releases the domain name.

  8. The domain name is delegated to the name servers indicated at registration.

Step by step[Link]

  1. A new domain name is registered.

Your client contacts you with the request to register a domain name. The new domain name is checked against a series of parameters to determine if it’s a suspicious registration. If it’s selected, the next steps are executed.

Note

We use a series of parameters that automatically check the registrant’s data. Only if several parameters indicate incorrect or incomplete data, do we intervene. We constantly adjust these parameters in order to remain relevant in the fight against fraud.

  1. The domain name is delegated to DNS Belgium’s name servers.

The name servers used at registration are overridden with name servers hosted by DNS Belgium. On a technical note: We set a lower TTL for these name servers. You can check this on the Tryout root name server. When the registrant’s data is verified (step 7), the domain name is activated within the hour.

  1. The website is redirected to a landing page with more information.

The website is automatically redirected to a landing page on DNS Belgium’s official site. This page contains all the relevant information for the registrant to send verification documents. If the registrant doesn’t see the email we send, he will still be able to get the information through this page.

On the Tryout system, the redirect doesn’t work, but you can see the landing page here:

https://tryout.dnsbelgium.be/en/registrant-verification

If the registrant goes to this page via the url of his own domain name (Production only), he will see why he is redirected and which action is needed:

https://tryout.dnsbelgium.be/en/registrant-verification#domain=newdomain.be

  1. The registrant receives an email to ask for verification documents.

We send an email to the registrant asking for verification documents. The following email is sent to the registrant:

##SUBJECT: Verification required for ${domainName}.${tld}

Dear domain name holder,

Thank you for registering or transferring ${domainName}.${tld}!

You receive this message from DNS Belgium. DNS Belgium vzw manages all .${tld} domain names. More information about us is available on: https://www.dnsbelgium.be.

In accordance with our general terms and conditions the contact data belonging to a domain name must be correct. This is why we are conducting checks on recently registered domain names. We would like to check the contact data with your domain name.

What must you do? Send us a document in which you confirm your contact data. Follow the steps on ${contactVerificationUrl} for this.

As soon as your contact data have been checked, your domain name will be operational within 5 working days.

Questions on this topic? Please contact support@dnsbelgium.be or call us on +32 16 28 49 70.

Kind regards,

DNS Belgium

DNS Belgium vzw/asbl
Ubicenter • Philipssite 5, bus 13 • 3001 Leuven
support@dnsbelgium.be
+32 16 28 49 70
www.twitter.com/dnsbelgium
  1. The registrar receives EPP poll/CPS messages indicating verification is required.

You will receive two EPP Poll messages/CPS emails to indicate that registrant verification is required for the domain name:

The domain name is not delegated as expected but redirected to the landing page until the verification documents are received. For every future domain name registered with the same contact handle, you will receive another message ‘Verification required for domain ${domainName}.${tld}’ as long as the contact isn’t verified.

  1. The registrant provides validating documentation to DNS Belgium Support.

The registrant sends an email to verification@dnsbelgium.be with documents proving that his data is correct.

  1. DNS Belgium Support verifies the documents and releases the domain name.

Once we have received and approved proof of identity, we activate the domain name. The registrar is notified via POLL message or CPS email:

The registrant receives an email for all his affected domain names:

##SUBJECT: Verification approved for your .${tld} domain name

Dear domain name holder,

You receive this message from DNS Belgium. DNS Belgium manages all .${tld} domain names. More information about us is available on: https://www.dnsbelgium.be.

We received the verification documents for one or more of your domain names and these are satisfactory. It concerns:

#if($domains.size() == 0)
No domain names are impacted by this change.
#else
#foreach ($domain in $domains)
    - ${domain}.${tld}
#end
#end

You can start using it now.

Questions on this topic? Please contact support@dnsbelgium.be or call us on +32 16 28 49 70.

Kind regards,

DNS Belgium

DNS Belgium vzw/asbl
Ubicenter • Philipssite 5, bus 13 • 3001 Leuven
support@dnsbelgium.be
+32 16 28 49 70
www.twitter.com/dnsbelgium
  1. The domain name is delegated to the name servers indicated at registration.

The domain name is activated and can be used by the registrant. Any other domain that is registered for this registrant in the future will automatically be approved.

What if?[Link]

No documentation is provided[Link]

Do the documents insufficiently prove that the holder data are correct? DNS Belgium Support requests additional information. The domain name remains registered but it can’t be used.

The registrant doesn’t provide us with the necessary documents? The domain name remains registered but it can’t be used.

Any other new domain registered with the same contact handle will also be selected for verification and therefore be delegated to DNS Belgium’s name servers. Domains previously registered with the same contact handle will not be affected.

You want to update the Registrant to comply[Link]

There are 3 possibilities to update the Registrant data to comply with the validating documentation:

  • Update contact: If minor changes are needed to the registrant date, you can use update contact (Web, EPP).

  • Monitored update: If the name (private person) or the organisation needs te be changed, you can request a monitored update.

  • Transfer domain: If you don’t want to use a monitored update, you can choose to do a transfer to a new contact with correct data. Please note, this contact will also have to be approved.

The domain name is transferred away[Link]

We will look at the status of the new contact used in the transfer transaction. In general, we use the status of the new contact. There is one exception: If the old contact is pending verification and the new contact is unverified, the new contact will be set to pending verification.

The contact is updated[Link]

Contacts that are unverified or pending verification keep their status. Contacts that were verified revert back to unverified and our Support team is notified. They will do a manual check on the updated contact.

Test data[Link]

See Tryout system.

More information[Link]

My registrations[Link]

All registrant contacts have an extra verification status. When a contact is selected for verification, a banner is shown on top of the ‘View contact’ page and the Verification status of the contact is set to Pending:

Contact view in My registrations

On the domain view, a banner is also shown:

Domain view in My registrations

EPP[Link]

Via EPP, you can use info-contact v2.0 to see the verification status of a contact, the EPP server will give the following response:

<?xml version="1.0" encoding="UTF-8"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:contact="urn:ietf:params:xml:ns:contact-1.0" xmlns:dnsbe="http://www.dns.be/xml/epp/dnsbe-1.0">
  <response>
    <result code="1000">
      <msg>Command completed successfully</msg>
    </result>
    <resData>
      <contact:infData>
        <contact:id>c23145796</contact:id>
        <contact:roid>23145796-DNSBE</contact:roid>
        <contact:status s="ok"/>
        <contact:postalInfo type="loc">
          <contact:name>anonymous</contact:name>
          <contact:org>anonymous</contact:org>
          <contact:addr>
            <contact:street>anonymous</contact:street>
            <contact:city>Leuven</contact:city>
            <contact:pc>3000</contact:pc>
            <contact:cc>BE</contact:cc>
          </contact:addr>
        </contact:postalInfo>
        <contact:voice>+32.1111222233</contact:voice>
        <contact:email>veerle@test.be</contact:email>
        <contact:clID>a003774</contact:clID>
        <contact:crID>a003774</contact:crID>
        <contact:crDate>2020-08-03T07:23:17.000Z</contact:crDate>
        <contact:upDate>2020-08-26T07:59:09.000Z</contact:upDate>
      </contact:infData>
    </resData>
    <extension>
      <dnsbe:ext>
        <dnsbe:infData>
          <dnsbe:contact>
            <dnsbe:type>licensee</dnsbe:type>
            <dnsbe:lang>nl</dnsbe:lang>
            <dnsbe:onhold>false</dnsbe:onhold>
            <dnsbe:verification>pending</dnsbe:verification>
          </dnsbe:contact>
        </dnsbe:infData>
      </dnsbe:ext>
    </extension>
    <trID>
      <clTRID>info-contact-00</clTRID>
      <svTRID>dnsbe-0</svTRID>
    </trID>
  </response>
</epp>

Using info-domain v2.0, you will see that the nameservers are overridden:

<?xml version="1.0" encoding="UTF-8"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:domain="urn:ietf:params:xml:ns:domain-1.0" xmlns:dnsbe="http://www.dns.be/xml/epp/dnsbe-1.0">
  <response>
    <result code="1000">
      <msg>Command completed successfully</msg>
    </result>
    <resData>
      <domain:infData>
        <domain:name>testdomain.be</domain:name>
        <domain:roid>6208625-DNSBE</domain:roid>
        <domain:status s="ok"/>
        <domain:registrant>c7780601</domain:registrant>
        <domain:contact type="billing">c7780583</domain:contact>
        <domain:contact type="tech">c7780581</domain:contact>
        <domain:clID>a000001</domain:clID>
        <domain:crID>a000001</domain:crID>
        <domain:crDate>2010-06-22T13:06:41.000Z</domain:crDate>
        <domain:upID>a000001</domain:upID>
        <domain:upDate>2010-06-24T12:09:24.000Z</domain:upDate>
        <domain:exDate>2011-06-24T12:09:24.000Z</domain:exDate>
        <domain:trDate>2010-06-24T12:09:24.000Z</domain:trDate>
      </domain:infData>
    </resData>
    <extension>
      <dnsbe:ext>
        <dnsbe:infData>
          <dnsbe:domain>
            <dnsbe:onhold>false</dnsbe:onhold>
            <dnsbe:quarantined>false</dnsbe:quarantined>
            <dnsbe:nameserversOverridden>true</dnsbe:nameserversOverridden>
          </dnsbe:domain>
        </dnsbe:infData>
      </dnsbe:ext>
    </extension>
    <trID>
      <svTRID>dnsbe-0</svTRID>
    </trID>
  </response>
</epp>