diff --git a/epp/src/epp-create.php b/epp/src/epp-create.php
index 90f7abc..1dbdc47 100644
--- a/epp/src/epp-create.php
+++ b/epp/src/epp-create.php
@@ -689,6 +689,14 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
                     sendEppError($conn, $db, 2003, 'Invalid dates: acceptedDate must be before notAfter', $clTRID, $trans);
                     return;
                 }
+
+                $currentTime = new DateTime('now', new DateTimeZone('UTC'));
+                $interval = $currentTime->getTimestamp() - $acceptedDate->getTimestamp();
+
+                if ($interval > 172800) { // 172800 seconds = 48 hours
+                    sendEppError($conn, $db, 2003, 'Invalid acceptedDate: must be within 48 hours of current time', $clTRID, $trans);
+                    return;
+                }
             } catch (Exception $e) {
                 sendEppError($conn, $db, 2003, 'Invalid date format', $clTRID, $trans);
                 return;
@@ -696,6 +704,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
 
             if (!validateTcnId($domainName, $noticeid, $launch_notAfter)) {
                 sendEppError($conn, $db, 2306, 'Invalid TMCH claims noticeID format', $clTRID, $trans);
+                return;
             }
         } elseif ($launch_phase === 'landrush') {
             // Continue
diff --git a/epp/src/epp-info.php b/epp/src/epp-info.php
index d4b046e..64192dd 100644
--- a/epp/src/epp-info.php
+++ b/epp/src/epp-info.php
@@ -122,7 +122,7 @@ function processContactInfo($conn, $db, $xml, $clid, $trans) {
 
         $epp = new EPP\EppWriter();
         $xml = $epp->epp_writer($response);
-        updateTransaction($db, 'info', 'contact', 'C'.$contactRow['id'], 1000, 'Command completed successfully', $svTRID, $xml, $trans);
+        updateTransaction($db, 'info', 'contact', $contactID, 1000, 'Command completed successfully', $svTRID, $xml, $trans);
         sendEppResponse($conn, $xml);
 
     } catch (PDOException $e) {
diff --git a/epp/src/epp-update.php b/epp/src/epp-update.php
index c795764..9a9d77f 100644
--- a/epp/src/epp-update.php
+++ b/epp/src/epp-update.php
@@ -921,37 +921,39 @@ function processHostUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
             $domain_id = $hostRow['domain_id'];
             $host_id = $hostRow['id'];
 
-            $stmt = $db->prepare("SELECT name FROM domain WHERE id = ? LIMIT 1");
-            $stmt->execute([$domain_id]);
-            $domain_name = $stmt->fetchColumn();
-            $stmt->closeCursor();
+            // Subordinate host
+            if ($domain_id) {
+                $stmt = $db->prepare("SELECT name FROM domain WHERE id = ? LIMIT 1");
+                $stmt->execute([$domain_id]);
+                $domain_name = $stmt->fetchColumn();
+                $stmt->closeCursor();
 
-            if (!preg_match('/\.' . preg_quote($domain_name, '/') . '$/i', $chg_name)) {
-                if (!isset($hostRem)) {
-                    $stmt = $db->prepare("SELECT COUNT(*) FROM host_addr WHERE host_id = ?");
-                    $stmt->execute([$host_id]);
-                    $ipCount = $stmt->fetchColumn();
-                    $stmt->closeCursor();
-
-                    if ($ipCount > 0) {
-                        sendEppError($conn, $db, 2005, 'Out-of-bailiwick change not allowed: host name must be a subdomain of ' . $domain_name, $clTRID, $trans);
-                        return;
+                if (!preg_match('/\.' . preg_quote($domain_name, '/') . '$/i', strtolower($chg_name))) {
+                    // Renaming to another domain → not allowed
+                    sendEppError($conn, $db, 2304, 'Out-of-bailiwick renaming is not allowed for subordinate hosts', $clTRID, $trans);
+                    return;
+                }
+            } else {
+                // External host
+                $tlds = $db->query("SELECT tld FROM domain_tld")->fetchAll(PDO::FETCH_COLUMN);
+                $internal_host = false;
+                foreach ($tlds as $tld) {
+                    if (str_ends_with(strtolower($chg_name), strtolower($tld))) {
+                        $internal_host = true;
+                        break;
                     }
                 }
-            }
-        } else {
-            $tlds = $db->query("SELECT tld FROM domain_tld")->fetchAll(PDO::FETCH_COLUMN);
-            $internal_host = false;
-            foreach ($tlds as $tld) {
-                if (str_ends_with(strtolower($chg_name), strtolower($tld))) {
-                    $internal_host = true;
-                    break;
-                }
-            }
 
-            if ($internal_host) {
-                sendEppError($conn, $db, 2005, 'Out-of-bailiwick change not allowed: host must be external to registry-managed domains', $clTRID, $trans);
-                return;
+                if ($internal_host) {
+                    sendEppError($conn, $db, 2005, 'Out-of-bailiwick change not allowed: host must be external to registry-managed domains', $clTRID, $trans);
+                    return;
+                }
+
+                // External + new name is also external → delete IPs if not explicitly removed
+                if (!isset($hostRem)) {
+                    $stmt = $db->prepare("DELETE FROM host_addr WHERE host_id = ?");
+                    $stmt->execute([$host_id]);
+                }
             }
         }