1. The update_domain source includes the keyset firld. which is correct: ----- self.epp.update_domain(get_domain.id.id.name, add_admin=None, rem_admin=None, chg={'nsset' : None, 'keyset' : keyset_id, 'registrant' : None, 'auth_info' : None}, val_ex_date=None, cltrid=None) ----- But the documentation does not. Checking https://fred.nic.cz/files/fred/fred.txt, we have this fragment ----- update_domain(self, name, add_admin=None, rem_admin=None, chg=None, val_ex_date=None, cltrid=None) DESCRIPTION: The EPP 'update_domain' command is used to update values in the domain. SYNTAX: update_domain name [other_options] OPTIONS: name (required) Domain name add_admin Administrative contact ID (unbounded list) rem_admin Administrative contact ID (unbounded list) chg Change values nsset NSSET ID registrant Registrant ID auth_info Password required by server to authorize the transfer val_ex_date Validation expires at cltrid Client transaction ID ----- 2. The DS generated from the DNSKEY included in keysets, only includes the algorithm 1 (SHA1) but not 2 (SHA256). Best. Mario