Project - Registrant verification: Help us test![Link]

General[Link]

On 7 September 2020, we activated our new project Registrant Verification for .be domain names on the tryout system.

Every new domain name is checked against a series of parameters to determine if it’s a suspicious registration. If the domain name matches several parameters, it’s not delegated and proof of identity is requested.

When validating documentation is received, the domain name is delegated.

Process[Link]

The flow for registrant verification is shown in this diagram:

Registrant verification flow - see scenario.

The scenario for registrant verification is as follows:

  1. A new domain name is registered.

  2. The domain name is delegated to DNS Belgium’s name servers.

  3. The website is redirected to a landing page with more information.

  4. The registrant receives an email to ask for verification documents.

  5. The registrar receives an EPP poll/CPS message indicating verification is required.

  6. The registrant provides validating documentation to DNS Belgium Support.

  7. DNS Belgium Support verifies the documents and releases the domain name.

  8. The domain name is delegated to the name servers indicated at registration.

Step by step[Link]

  1. A new domain name is registered.

Your client contacts you with the request to register a domain name. The new domain name is checked against a series of parameters to determine if it’s a suspicious registration. If it’s selected, the next steps are executed.

Note

We use a series of parameters that automatically check the registrant’s data. Only if several parameters indicate incorrect or incomplete data, do we intervene. We constantly adjust these parameters in order to remain relevant in the fight against fraud.

  1. The domain name is delegated to DNS Belgium’s name servers.

The name servers used at registration are overridden with name servers hosted by DNS Belgium. On a technical note: We set a lower TTL for these name servers. You can check this on the Tryout root name server. When the registrant’s data is verified (step 7), the domain name is activated within the hour.

  1. The website is redirected to a landing page with more information.

The website is automatically redirected to a landing page on DNS Belgium’s official site. This page contains all the relevant information for the registrant to send verification documents. If the registrant doesn’t see the email we send, he will still be able to get the information through this page.

On the Tryout system, the redirect doesn’t work, but you can see the landing page here:

https://tryout.dnsbelgium.be/en/registrant-verification

If the registrant goes to this page via the url of his own domain name (Production only), he will see why he is redirected and which action is needed:

https://tryout.dnsbelgium.be/en/registrant-verification#domain=newdomain.be

  1. The registrant receives an email to ask for verification documents.

We send an email to the registrant asking for verification documents. The following email is sent to the registrant:

##SUBJECT: Verification required for ${domainName}.${tld}

Dear domain name holder,

Thank you for registering or transferring ${domainName}.${tld}!

You receive this message from DNS Belgium. DNS Belgium vzw manages all .${tld} domain names. More information about us is available on: https://www.dnsbelgium.be.

In accordance with our general terms and conditions the contact data belonging to a domain name must be correct. This is why we are conducting checks on recently registered domain names. We would like to check the contact data with your domain name.

What must you do? Send us a document in which you confirm your contact data. Follow the steps on ${contactVerificationUrl} for this.

As soon as your contact data have been checked, your domain name will be operational within 5 working days.

Questions on this topic? Please contact support@dnsbelgium.be or call us on +32 16 28 49 70.

Kind regards,

DNS Belgium

DNS Belgium vzw/asbl
Ubicenter • Philipssite 5, bus 13 • 3001 Leuven
support@dnsbelgium.be
+32 16 28 49 70
www.twitter.com/dnsbelgium
  1. The registrar receives EPP poll/CPS messages indicating verification is required.

You will receive two EPP Poll messages/CPS emails to indicate that registrant verification is required for the domain name:

The domain name is not delegated as expected but redirected to the landing page until the verification documents are received. For every future domain name registered with the same contact handle, you will receive another message ‘Verification required for domain ${domainName}.${tld}’ as long as the contact isn’t verified.

  1. The registrant provides validating documentation to DNS Belgium Support.

The registrant sends an email to verification@dnsbelgium.be with documents proving that his data is correct.

  1. DNS Belgium Support verifies the documents and releases the domain name.

Once we have received and approved proof of identity, we activate the domain name. The registrar is notified via POLL message or CPS email:

The registrant receives an email for all his affected domain names:

##SUBJECT: Verification approved for your .${tld} domain name

Dear domain name holder,

You receive this message from DNS Belgium. DNS Belgium manages all .${tld} domain names. More information about us is available on: https://www.dnsbelgium.be.

We received the verification documents for one or more of your domain names and these are satisfactory. It concerns:

#if($domains.size() == 0)
No domain names are impacted by this change.
#else
#foreach ($domain in $domains)
    - ${domain}.${tld}
#end
#end

You can start using it now.

Questions on this topic? Please contact support@dnsbelgium.be or call us on +32 16 28 49 70.

Kind regards,

DNS Belgium

DNS Belgium vzw/asbl
Ubicenter • Philipssite 5, bus 13 • 3001 Leuven
support@dnsbelgium.be
+32 16 28 49 70
www.twitter.com/dnsbelgium
  1. The domain name is delegated to the name servers indicated at registration.

The domain name is activated and can be used by the registrant. Any other domain that is registered for this registrant in the future will automatically be approved.

What if?[Link]

No documentation is provided[Link]

Do the documents insufficiently prove that the holder data are correct? DNS Belgium Support requests additional information. The domain name remains registered but it can’t be used.

The registrant doesn’t provide us with the necessary documents? The domain name remains registered but it can’t be used.

Any other new domain registered with the same contact handle will also be selected for verification and therefore be delegated to DNS Belgium’s name servers. Domains previously registered with the same contact handle will not be affected.

The domain name is transferred away[Link]

We will look at the status of the new contact used in the transfer transaction. In general, we use the status of the new contact. There is one exception: If the old contact is pending verification and the new contact is unverified, the new contact will be set to pending verification.

The contact is updated[Link]

Contacts that are unverified or pending verification keep their status. Contacts that were verified revert back to unverified and our Support team is notified. They will do a manual check on the updated contact.

Test data[Link]

For testing purposes you can create a contact with the following data:

Test contact 1

Test contact 2

Name

Anonymous

Private

Organisation

Anonymous

Private

Street1

Anonymous

Private

Postal code

0000

9999

City

Anonymous

Private

Country code

BE

BE

Phone

+32.0000

+32.9999

The contact is created with status ‘Not verified’. When a domain name is created with this contact, the checks are done and both contact and domain name are marked as selected for verification.

You can simply ask our Support team to set a test contact to approved, so you can test the whole process.

Important

Please don’t use real client data in the Tryout System, this might result in unwanted emails going to your client which might confuse him/her.

More information[Link]

My registrations[Link]

All registrant contacts have an extra verification status. When a contact is selected for verification, a banner is shown on top of the ‘View contact’ page and the Verification status of the contact is set to Pending:

Contact view in My registrations

On the domain view, a banner is also shown:

Domain view in My registrations

EPP[Link]

Via EPP, you can use info-contact v2.0 to see the verification status of a contact, the EPP server will give the following response:

<?xml version="1.0" encoding="UTF-8"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:contact="urn:ietf:params:xml:ns:contact-1.0" xmlns:dnsbe="http://www.dns.be/xml/epp/dnsbe-1.0">
  <response>
    <result code="1000">
      <msg>Command completed successfully</msg>
    </result>
    <resData>
      <contact:infData>
        <contact:id>c23145796</contact:id>
        <contact:roid>23145796-DNSBE</contact:roid>
        <contact:status s="ok"/>
        <contact:postalInfo type="loc">
          <contact:name>anonymous</contact:name>
          <contact:org>anonymous</contact:org>
          <contact:addr>
            <contact:street>anonymous</contact:street>
            <contact:city>Leuven</contact:city>
            <contact:pc>3000</contact:pc>
            <contact:cc>BE</contact:cc>
          </contact:addr>
        </contact:postalInfo>
        <contact:voice>+32.1111222233</contact:voice>
        <contact:email>veerle@test.be</contact:email>
        <contact:clID>a003774</contact:clID>
        <contact:crID>a003774</contact:crID>
        <contact:crDate>2020-08-03T07:23:17.000Z</contact:crDate>
        <contact:upDate>2020-08-26T07:59:09.000Z</contact:upDate>
      </contact:infData>
    </resData>
    <extension>
      <dnsbe:ext>
        <dnsbe:infData>
          <dnsbe:contact>
            <dnsbe:type>licensee</dnsbe:type>
            <dnsbe:lang>nl</dnsbe:lang>
            <dnsbe:onhold>false</dnsbe:onhold>
            <dnsbe:verification>pending</dnsbe:verification>
          </dnsbe:contact>
        </dnsbe:infData>
      </dnsbe:ext>
    </extension>
    <trID>
      <clTRID>info-contact-00</clTRID>
      <svTRID>dnsbe-0</svTRID>
    </trID>
  </response>
</epp>

Using info-domain v2.0, you will see that the nameservers are overridden:

<?xml version="1.0" encoding="UTF-8"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:domain="urn:ietf:params:xml:ns:domain-1.0" xmlns:dnsbe="http://www.dns.be/xml/epp/dnsbe-1.0">
  <response>
    <result code="1000">
      <msg>Command completed successfully</msg>
    </result>
    <resData>
      <domain:infData>
        <domain:name>testdomain.be</domain:name>
        <domain:roid>6208625-DNSBE</domain:roid>
        <domain:status s="ok"/>
        <domain:registrant>c7780601</domain:registrant>
        <domain:contact type="billing">c7780583</domain:contact>
        <domain:contact type="tech">c7780581</domain:contact>
        <domain:clID>a000001</domain:clID>
        <domain:crID>a000001</domain:crID>
        <domain:crDate>2010-06-22T13:06:41.000Z</domain:crDate>
        <domain:upID>a000001</domain:upID>
        <domain:upDate>2010-06-24T12:09:24.000Z</domain:upDate>
        <domain:exDate>2011-06-24T12:09:24.000Z</domain:exDate>
        <domain:trDate>2010-06-24T12:09:24.000Z</domain:trDate>
      </domain:infData>
    </resData>
    <extension>
      <dnsbe:ext>
        <dnsbe:infData>
          <dnsbe:domain>
            <dnsbe:onhold>false</dnsbe:onhold>
            <dnsbe:quarantined>false</dnsbe:quarantined>
            <dnsbe:nameserversOverridden>true</dnsbe:nameserversOverridden>
          </dnsbe:domain>
        </dnsbe:infData>
      </dnsbe:ext>
    </extension>
    <trID>
      <svTRID>dnsbe-0</svTRID>
    </trID>
  </response>
</epp>