Note: While Verisign has a special version of EPP in place, the procedures below also apply to .com and .net domains. Placing a domain on Client Hold will not affect the nameserver's ability to function.
To suspend the name server effectively, the registrar must take the following steps in this order:Edit
1. Change the name server's address record to a nonroutable black hole addressEdit
A black hole address is one such as 0.0.0.0 or 22.214.171.124.
This will ensure that in all cases, even after the domain has been suspended, the name server cannot resolve at the registry.
2. Ensure that the address record for the name server cannot be changed backEdit
This may be done either automatically or by the domain's administrator, by applying the following status to the domain:
If you are not able to apply this status to the domain at the registry for technical reasons, please use your backoffice application to prevent your customer from modifying the IP address either manually or automatically.
You may need to act quickly in adding this status, as many nameservers are now fast-flux domains, and it may be possible that the IP address will be changed before you can apply this status.
3. Prevent the name server's domain from leaving for an abuse-friendly registrarEdit
It is important to assure that the domain can neither be deleted nor transferred. This may be accomplished by applying both of the following statuses
If you are not able to apply these statuses to the domain at the registry level for technical reasons, please use your backoffice application to prevent your customer from transferring the domain or deleting it.
If you do not succeed in suspending the domain and preventing its transfer or deletion to another registrar, you will be seen as supporting the illicit organization behind the domain, and may be held liable for your complicit inaction.
4. Ensure that the domain does not resolve in the zoneEdit
This may be accomplished by applying the status:
5. Verify that your settings have taken effectEdit
Note that you will not be able to verify by ping or host command for several hours, whether or not the changes have fully propagated. Therefore, please check back the following day to ensure that:
- the name server does not resolve at the registry (use the host command)
- still has non-routable black hole IP addresses
- has not been modified from the settings you have applied