Technical and Syntax Policy

01 DNS and Syntax Requirements

This policy defines the technical requirements for labels, nameservers, DNSSEC material, registry status, API/EPP-style commands, and operational safety. UDR may reject, hold, or correct technical data that threatens the registry, users, upstream parent domains, or DNS stability.

02 Label Syntax

Unless UDR publishes a narrower rule for a specific extension, labels must be valid DNS labels and compatible with UDR registry systems.

• Labels must use permitted ASCII letters a through z, digits 0 through 9, and hyphens, or valid IDN/Punycode forms when UDR explicitly supports them.
• Labels must not begin or end with a hyphen and must not use the third-and-fourth-character hyphen pattern reserved for IDN unless it is a valid Punycode label.
• Labels must fit DNS length limits and must not include spaces, underscores, control characters, emoji, slashes, dots inside the label, or characters that UDR does not support.
• UDR may block labels that create collision risk, confusing mixed-script risk, homograph risk, reserved-name conflicts, or upstream policy conflicts.

03 Nameservers and Delegation

Nameservers must be syntactically valid, reachable, authoritative where required, and controlled by the registrant or authorized provider. UDR may require a minimum number of nameservers, refuse lame delegation, or place a label on hold where delegation creates security or stability risk.

• Glue records may be accepted only where technically required and supported by the relevant parent zone configuration.
• Wildcard DNS, forwarding, and parking must comply with the Acceptable Use Policy.
• UDR may temporarily replace, remove, or disable delegation to mitigate active DNS Abuse or comply with a binding instruction.

04 DNSSEC

Where DNSSEC is supported, DS records must be valid, complete, and maintained by the registrant or DNS provider. Incorrect DNSSEC material can break resolution and may require urgent correction, removal, or hold.

• Registrants are responsible for key rollovers, algorithm compatibility, and provider coordination.
• UDR may reject unsupported algorithms, malformed records, duplicate records, or values that fail validation checks.

05 Registry Status Codes

UDR may use status codes similar to common EPP and registry lifecycle statuses to describe operational state. Statuses may include ok, pendingCreate, pendingUpdate, pendingDelete, clientHold, serverHold, clientTransferProhibited, serverTransferProhibited, redemptionPeriod, reserved, premium, disputeLock, and abuseHold.

• Status codes shown in RDAP are informational and may be simplified for public display.
• UDR may add private status codes for automation, abuse handling, premium review, reserved-name review, or upstream compliance.

06 API and EPP-style Commands

Registrar integrations must submit commands using documented formats, authenticated credentials, required fields, correct object ownership, and idempotent retry behavior where supported. UDR may reject malformed, duplicate, excessive, suspicious, or unauthorized commands.

• Availability checks do not reserve labels unless UDR explicitly provides a reservation command.
• Create, renew, transfer, update, delete, restore, and status-change commands may be subject to manual review or policy locks.
• Automation must not bypass eligibility, reserved-name, premium, abuse, or data-accuracy checks.

07 Operational Security

UDR may scan, monitor, rate-limit, block, or investigate technical activity that threatens registry systems, parent domains, users, providers, or DNS stability. Registrar partners must report material technical incidents affecting UDR labels promptly.