Registrar-Lock

{{Short description|Safeguard to protect a domain name}}REGISTRAR-LOCK is a status code that can be set on an Internet domain name by the sponsoring registrar of the domain name.{{IETF RFC|2832}} - NSI Registry Registrar Protocol (RRP) Version 1.1.0{{IETF RFC|3632}} - VeriSign Registry Registrar Protocol (RRP) Version 2.0.0 This is usually done in order to prevent unauthorized, unwanted or accidental changes to the domain name.

When set, the following actions are prohibited by the domain name registry:

• Modification of the domain name, including:
• Transferring of the domain name
• Deletion of the domain name
• Modification of the domain contact details

Renewal of the domain name is, however, still possible when REGISTRAR-LOCK is set.

Not all Top-level domains (TLDs) support REGISTRAR-LOCK,{{Cite web |title=Does Your Domain Have a Registry Lock? – Krebs on Security |date=24 January 2020 |url=https://krebsonsecurity.com/2020/01/does-your-domain-have-a-registry-lock/ |access-date=2022-06-16 |language=en-US}} e.g. .org.uk, and others.

The .ca TLD added support for REGISTRAR-LOCK in October 2010.

{{IETF RFC|2832}}, section 6, and {{IETF RFC|3632}}, section 2.1, lists the different status codes and their descriptions.

When a domain name is protected by REGISTRAR-LOCK at the registrar level the domain name will have the status code "ClientUpdateProhibited.{{Cite web |title=Prevent Domain Hijacking With Verisign Registry Lock Service - Verisign |url=https://www.verisign.com/en_US/channel-resources/domain-registry-products/registry-lock/index.xhtml |access-date=2024-11-30 |website=www.verisign.com |language=en-US}}" The status codes of domain name can be found using the WHOIS system.{{Cite web |title=Prevent Domain Hijacking With Verisign Registry Lock Service - Verisign |url=https://www.verisign.com/en_US/channel-resources/domain-registry-products/registry-lock/index.xhtml |access-date=2024-11-30 |website=www.verisign.com |language=en-US}}

For a domain name to be eligible for transfer from the sponsoring registrar to a different registrar the REGISTRAR-LOCK must first be disabled at the sponsoring registrar.{{Cite web |title=What is Domain Registrar Lock? (For new customers transferring to Z.com) – Customer Success Team Advice and Answers |url=https://web.z.com/ph/help-center/all-collections/what-is-domain-registrar-lock-new-customers-transferring-in-who-are-not-z-com-customers-yet/ |access-date=2024-11-27 |language=en-US}}

REGISTRAR-LOCK is not the same as REGISTRY-LOCK.{{Cite web |last=Staff |first=NameSilo |title=Domain Locks: Registrar Lock vs. Registry Lock {{!}} NameSilo |url=https://www.namesilo.com/blog/en/support-guides/understanding-domain-locks |access-date=2024-11-26 |website=Domain Locks: Registrar Lock vs. Registry Lock {{!}} NameSilo |language=en}}

REGISTRY-LOCK is a strong security feature implemented at the registry level that is used to prevent unauthorized changes to a domain {{Cite web |title=Prevent Domain Hijacking With Verisign Registry Lock Service - Verisign |url=https://www.verisign.com/en_US/channel-resources/domain-registry-products/registry-lock/index.xhtml |access-date=2024-11-26 |website=www.verisign.com |language=en-US}} name. When a domain name has been locked at the registry, an agent of the sponsoring registrar must transmit a request to the registry to unlock the domain name. The agent of the sponsoring registrar requesting that the domain name be unlocked is subsequently contacted via a phone call by the [https://www.verisign.com/en_US/channel-resources/domain-registry-products/registry-lock/index.xhtml registry] and required to provide a secret passphrase over the phone for the domain name to be unlocked. This is an added layer of security that can be used to {{Cite web |title=Registry Lock - Lock your domain name against hacking attempts |url=https://www.nameshield.com/en/cybersecurity/registry-lock/#:~:text=The%20registry%20lock%20allows%20the,owner's%20authentication,%20called%20authenticated%20contact. |access-date=2024-11-25 |website=Nameshield |language=en-US}}protect strategic domain names.

When a domain name is protected by REGISTRY-LOCK at the registry level the domain name will have the status code "ServerUpdateProhibited."{{Cite web |title=Prevent Domain Hijacking With Verisign Registry Lock Service - Verisign |url=https://www.verisign.com/en_US/channel-resources/domain-registry-products/registry-lock/index.xhtml |access-date=2024-11-30 |website=www.verisign.com |language=en-US}}