Merge branch 'main' into dk/1217-domain-expiration-epp

2025-07-22 18:56:15 +02:00 · 2023-11-21 13:41:32 -05:00 · 2023-11-21 13:41:32 -05:00 · 021f0454c6
commit 021f0454c6
parent 7b6929c176 58d97cd899
23 changed files with 496 additions and 120 deletions
--- a/.github/workflows/deploy-development.yaml
+++ b/.github/workflows/deploy-development.yaml
@ -0,0 +1,41 @@
 # This workflow runs on pushes to main
 # any merge/push to main will result in development being deployed
 name: Build and deploy development for release
 on:
  push:
    paths-ignore:
      - 'docs/**'
      - '**.md'
      - '.gitignore'
    branches:
      - main
 jobs:
  deploy-development:
    if: ${{ github.ref_type == 'tag' }}
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Compile USWDS assets
        working-directory: ./src
        run: |
          docker compose run node npm install && 
          docker compose run node npx gulp copyAssets &&
          docker compose run node npx gulp compile 
      - name: Collect static assets 
        working-directory: ./src
        run: docker compose run app python manage.py collectstatic --no-input
      - name: Deploy to cloud.gov sandbox
        uses: 18f/cg-deploy-action@main
        env:
          DEPLOY_NOW: thanks
        with:
          cf_username: ${{ secrets.CF_DEVELOPMENT_USERNAME }}
          cf_password: ${{ secrets.CF_DEVELOPMENT_PASSWORD }}
          cf_org: cisa-dotgov
          cf_space: development
          push_arguments: "-f ops/manifests/manifest-development.yaml"
--- a/.github/workflows/deploy-sandbox.yaml
+++ b/.github/workflows/deploy-sandbox.yaml
@ -20,6 +20,7 @@ jobs:
        || startsWith(github.head_ref, 'nl/')
        || startsWith(github.head_ref, 'dk/')
        || startsWith(github.head_ref, 'es/')
        || startsWith(github.head_ref, 'ky/')
    outputs:
      environment: ${{ steps.var.outputs.environment}}
    runs-on: "ubuntu-latest"
--- a/.github/workflows/migrate.yaml
+++ b/.github/workflows/migrate.yaml
@ -15,6 +15,8 @@ on:
        options:
          - stable
          - staging
          - development
          - ky
          - es
          - nl
          - rh
--- a/.github/workflows/reset-db.yaml
+++ b/.github/workflows/reset-db.yaml
@ -14,8 +14,9 @@ on:
        type: choice
        description: Which environment should we flush and re-load data for?
        options:
          - stable
          - staging
          - development
          - ky
          - es
          - nl
          - rh
--- a/docs/operations/README.md
+++ b/docs/operations/README.md
@ -54,9 +54,10 @@ If a bug fix or feature needs to be made to stable out of the normal cycle, this
 In the case where a bug fix or feature needs to be added outside of the normal cycle, the code-fix branch and release will be handled differently than normal:
 1. Code will need to be branched NOT off of main, but off of the same commit as the most recent stable commit. This should be the one tagged with the most recent vX.XX.XX value.
-2. After making the bug fix, the approved PR will branch will be tagged with a new release tag, incrementing the patch value from the last commit number.
+2. After making the bug fix, the approved PR branch will not be merged yet, instead it will be tagged with a new release tag, incrementing the patch value from the last commit number.
-3. This branch then needs to be merged to main per the usual process.
+3. If main and stable are on the the same commit then merge this branch into the staging using the staging release tag (staging-<the hotfix release number>). 
-4. This same branch should be merged into staging.
+4. If staging is already ahead stable, you may need to create another branch that is based off of the current staging commit, merge in your code change and then tag that branch with the staging release.
 5. Wait to merge your original branch until both deploys finish.  Once they succeed then merge to main per the usual process.
 ## Serving static assets
 We are using [WhiteNoise](http://whitenoise.evans.io/en/stable/index.html) plugin to serve our static assets on cloud.gov. This plugin is added to the `MIDDLEWARE` list in our apps `settings.py`.
--- a/docs/operations/data_migration.md
+++ b/docs/operations/data_migration.md
@ -1,9 +1,9 @@
 # Registrar Data Migration
-The original system has an existing registrar/registry that we will import.
+The original system uses an existing registrar/registry that we will import.
-The company of that system will provide us with an export of the data.
+The company of that system will provide us with an export of the existing data.
 The goal of our data migration is to take the provided data and use
-it to create as much as possible a _matching_ state
+it to create, as close as possible, a _matching_ state
 in our registrar.
 There is no way to make our registrar _identical_ to the original system
@ -11,17 +11,17 @@ because we have a different data model and workflow model. Instead, we should
 focus our migration efforts on creating a state in our new registrar that will
 primarily allow users of the system to perform the tasks that they want to do.
-## Users
+#### Users
 One of the major differences with the existing registrar/registry is that our
 system uses Login.gov for authentication. Any person with an identity-verified
-Login.gov account can make an account on the new registrar, and the first time
+Login.gov account can make an account on the new registrar. The first time
-that person logs in through Login.gov, we make a corresponding account in our
+a person logs into the registrar through Login.gov, we make a corresponding 
-user table. Because we cannot know the Universal Unique ID (UUID) for a
+account in our user table. Because we cannot know the Universal Unique ID (UUID) 
-person's Login.gov account, we cannot pre-create user accounts for individuals
+for a person's Login.gov account, we cannot pre-create user accounts for 
-in our new registrar based on the original data.
+individuals in our new registrar based on the original data.
-## Domains
+#### Domains
 Our registrar keeps track of domains. The authoritative source for domain
 information is the registry, but the registrar needs a copy of that
@ -29,7 +29,7 @@ information to make connections between registry users and the domains that
 they manage. The registrar stores very few fields about a domain except for
 its name, so it could be straightforward to import the exported list of domains
 from `escrow_domains.daily.dotgov.GOV.txt`. It doesn't appear that
-that table stores a flag for active or inactive.
+that table stores a flag for if a domain is active or inactive.
 An example Django management command that can load the delimited text file
 from the daily escrow is in
@ -42,13 +42,13 @@ locally for testing, using Docker Compose:
 docker compose run -T app ./manage.py load_domains_data < /tmp/escrow_domains.daily.dotgov.GOV.txt
 ```
-## User access to domains
+#### User access to domains
 The data export contains a `escrow_domain_contacts.daily.dotgov.txt` file
 that links each domain to three different types of contacts: `billing`,
 `tech`, and `admin`. The ID of the contact in this linking table corresponds
-to the ID of a contact in the `escrow_contacts.daily.dotgov.txt` file. In the
+to the ID of a contact in the `escrow_contacts.daily.dotgov.txt` file. The
-contacts file is an email address for each contact.
+contacts file contains an email address for each contact.
 The new registrar associates user accounts (authenticated with Login.gov) with
 domains using a `UserDomainRole` linking table. New users can be granted roles
@ -78,23 +78,24 @@ An example script using this technique is in
 docker compose run app ./manage.py load_domain_invitations /app/escrow_domain_contacts.daily.dotgov.GOV.txt /app/escrow_contacts.daily.dotgov.GOV.txt
 ```
-## Transition Domains (Part 1) - Setup Files for Import
+## Set Up Files for Importing Domains
-#### STEP 1: obtain data files
+### Step 1: Obtain migration data files
 We are provided with information about Transition Domains in the following files:
 |  | Filename                                    | Description |  
 |:-| :-------------------------------------------- | :---------- |
 |1| **escrow_domain_contacts.daily.gov.GOV.txt**  | Has the map of domain names to contact ID. Domains in this file will usually have 3 contacts each
 |2| **escrow_contacts.daily.gov.GOV.txt**         | Has the mapping of contact id to contact email address (which is what we care about for sending domain invitations)
 |3| **escrow_domain_statuses.daily.gov.GOV.txt**  | Has the map of domains and their statuses
 |4| **escrow_domains.daily.dotgov.GOV.txt**       | Has a map of domainname, expiration and creation dates
 |5| **domainadditionaldatalink.adhoc.dotgov.txt** | Has the map of domains to other data like authority, organization, & domain type
 |6| **domaintypes.adhoc.dotgov.txt**              | Has data on federal type and organization type
 |7| **organization.adhoc.dotgov.txt**             | Has organization name data
 |8| **authority.adhoc.dotgov.txt**                | Has authority data which maps to an agency
 |9| **agency.adhoc.dotgov.txt**                   | Has federal agency data
 |10| **migrationFilepaths.json**                  | A JSON which points towards all given filenames. Specified below.
- FILE 1: **escrow_domain_contacts.daily.gov.GOV.txt** -> has the map of domain names to contact ID. Domains in this file will usually have 3 contacts each
+### Step 2: Obtain JSON file for migration files locations
 - FILE 2: **escrow_contacts.daily.gov.GOV.txt** -> has the mapping of contact id to contact email address (which is what we care about for sending domain invitations)
 - FILE 3: **escrow_domain_statuses.daily.gov.GOV.txt** -> has the map of domains and their statuses
 - FILE 4: **escrow_domains.daily.dotgov.GOV.txt** -> has a map of domainname, expiration and creation dates
 - FILE 5: **domainadditionaldatalink.adhoc.dotgov.txt** -> has the map of domains to other data like authority, organization, & domain type
 - FILE 6: **domaintypes.adhoc.dotgov.txt** -> has data on federal type and organization type
 - FILE 7: **organization.adhoc.dotgov.txt** -> has organization name data
 - FILE 8: **authority.adhoc.dotgov.txt** -> has authority data which maps to an agency
 - FILE 9: **agency.adhoc.dotgov.txt** -> has federal agency data
 - FILE 10: **migrationFilepaths.json** -> A JSON which points towards all given filenames. Specified below.
 #### STEP 2: obtain JSON file (for file locations)
 Add a JSON file called "migrationFilepaths.json" with the following contents (update filenames and directory as needed):
 ```
 {
@ -119,21 +120,22 @@ Later on, we will bundle this file along with the others into its own folder. Ke
 We need to run a few scripts to parse these files into our domain tables.
 We can do this both locally and in a sandbox.
-#### STEP 3: Bundle all relevant data files into an archive
+### Step 3: Bundle all relevant data files into an archive
 Move all the files specified in Step 1 into a shared folder, and create a tar.gz.
-Create a folder on your desktop called `datafiles` and move all of the obtained files into that. Add these files to a tar.gz archive using any method. See (here)[https://stackoverflow.com/questions/53283240/how-to-create-tar-file-with-7zip].
+Create a folder on your desktop called `datafiles` and move all of the obtained files into that. Add these files to a tar.gz archive using any method. See [here](https://stackoverflow.com/questions/53283240/how-to-create-tar-file-with-7zip).
 After this is created, move this archive into `src/migrationdata`.
-### SECTION 1 - SANDBOX MIGRATION SETUP
+### Set Up Migrations on Sandbox
 Load migration data onto a production or sandbox environment
 **WARNING:** All files uploaded in this manner are temporary, i.e. they will be deleted when the app is restaged.
 Do not use these environments to store data you want to keep around permanently. We don't want sensitive data to be accidentally present in our application environments.
-#### STEP 1: Using cat to transfer data to sandboxes
+### Step 1: Transfer data to sandboxes
 Use the following cat command to upload your data to a sandbox environment of your choice:
 ```bash
 cat {LOCAL_PATH_TO_FILE} | cf ssh {APP_NAME_IN_ENVIRONMENT} -c "cat > /home/vcap/tmp/{DESIRED_NAME_OF_FILE}"
@ -143,17 +145,22 @@ cat {LOCAL_PATH_TO_FILE} | cf ssh {APP_NAME_IN_ENVIRONMENT} -c "cat > /home/vcap
 * LOCAL_PATH_TO_FILE - Path to the file you want to copy, ex: src/tmp/escrow_contacts.daily.gov.GOV.txt
 * DESIRED_NAME_OF_FILE - Use this to specify the filename and type, ex: test.txt or escrow_contacts.daily.gov.GOV.txt
-**TROUBLESHOOTING:** Depending on your operating system (Windows for instance), this command may upload corrupt data. If you encounter the error `gzip: prfiles.tar.gz: not in gzip format` when trying to unzip a .tar.gz file, use the scp command instead.
+#### TROUBLESHOOTING STEP 1 ISSUES 
-
+Depending on your operating system (Windows for instance), this command may upload corrupt data. If you encounter the error `gzip: prfiles.tar.gz: not in gzip format` when trying to unzip a .tar.gz file, use the scp command instead.
 #### STEP 1 (Alternative): Using scp to transfer data to sandboxes
 **IMPORTANT:** Only follow these steps if cat does not work as expected. If it does, skip to step 2.
 **IMPORTANT:** Only follow the below troubleshooting steps if cat does not work as expected. If it does, skip to step 2.
 <details>
 <summary>Troubleshooting cat instructions 
 </summary>
 #### Use scp to transfer data to sandboxes. 
 CloudFoundry supports scp as means of transferring data locally to our environment. If you are dealing with a batch of files, try sending across a tar.gz and unpacking that.
-
+    
 ##### Login to Cloud.gov
 ```bash
 cf login -a api.fr.cloud.gov  --sso
 ```
 ##### Target your workspace
@ -186,8 +193,10 @@ cf ssh-code
 Copy this code into the password prompt from earlier.
 NOTE: You can use different utilities to copy this onto the clipboard for you. If you are on Windows, try the command `cf ssh-code | clip`. On Mac, this will be `cf ssh-code | pbcopy`
 </details>
-#### STEP 2: Transfer uploaded files to the getgov directory
+
 ### Step 2: Transfer uploaded files to the getgov directory
 Due to the nature of how Cloud.gov operates, the getgov directory is dynamically generated whenever the app is built under the tmp/ folder. We can directly upload files to the tmp/ folder but cannot target the generated getgov folder directly, as we need to spin up a shell to access this. From here, we can move those uploaded files into the getgov directory using the `cat` command. Note that you will have to repeat this for each file you want to move, so it is better to use a tar.gz for multiple, and unpack it inside of the `datamigration` folder.
 ##### SSH into your sandbox
@ -204,12 +213,20 @@ cf ssh {APP_NAME_IN_ENVIRONMENT}
 ##### From this directory, run the following command:
 ```shell
-./manage.py cat_files_into_getgov --file_extension txt
+./manage.py cat_files_into_getgov --file_extension {FILE_EXTENSION_TYPE}
 ```
-NOTE: This will look for all files in /tmp with the .txt extension, but this can
+This will look for all files in /tmp with that are the same file type as `FILE_EXTENSION_TYPE`. 
-be changed if you are dealing with different extensions. For instance, a .tar.gz could be expressed
+
-as `--file_extension tar.gz`.
+**Example 1: Transferring txt files**
 `./manage.py cat_files_into_getgov --file_extension txt` will search for
 all files with the .txt extension.
 **Example 2: Transferring tar.gz files**
 `./manage.py cat_files_into_getgov --file_extension tar.gz` will search 
 for .tar.gz files.
 If you are using a tar.gz file, you will need to perform one additional step to extract it.
 Run the following command from the same directory:
@ -220,7 +237,7 @@ tar -xvf migrationdata/{FILE_NAME}.tar.gz -C migrationdata/ --strip-components=1
 *FILE_NAME* - Name of the desired file, ex: exportdata
-#### Manual method
+#### Manually transferring your files
 If the `cat_files_into_getgov.py` script isn't working, follow these steps instead.
 ##### Move the desired file into the correct directory
@ -230,9 +247,9 @@ cat ../tmp/{filename} > migrationdata/{filename}
 ```
-*You are now ready to run migration scripts (see [Running the Migration Scripts](running-the-migration-scripts))*
+*You are now ready to run migration scripts (see [Running the Domain Migration Scripts](running-the-domain-migration-scripts))*
-### SECTION 2 - LOCAL MIGRATION SETUP (TESTING PURPOSES ONLY)
+### Set Up Local Migrations (TESTING PURPOSES ONLY)
 ***IMPORTANT: only use test data, to avoid publicizing PII in our public repo.***
@ -245,14 +262,14 @@ This will allow Docker to mount the files to a container (under `/app`) for our
 *You are now ready to run migration scripts.*
-## Transition Domains (Part 2) - Running the Migration Scripts
+## Running the Domain Migration Scripts
-While keeping the same ssh instance open (if you are running on a sandbox), run through the following commands.If you cannot run `manage.py` commands, try running `/tmp/lifecycle/shell` in the ssh instance. 
+While keeping the same ssh instance open (if you are running on a sandbox), run through the following commands. If you cannot run `manage.py` commands, try running `/tmp/lifecycle/shell` in the ssh instance. 
-### STEP 1: Load Transition Domains
+### Step 1: Upload Transition Domains
-Run the following command, making sure the file paths point to the right location. This will parse all given files and load the information into the TransitionDomain table. Make sure you have your migrationFilepaths.json file in the same directory.
+Run the following command, making sure the file paths point to the right location of your migration files. This will parse all given files and 
 load the information into the TransitionDomain table. Make sure you have your migrationFilepaths.json file in the same directory.
 ```
 ##### LOCAL COMMAND
 ```shell
 docker-compose exec app ./manage.py load_transition_domain migrationFilepaths.json --directory /app/tmp/ --debug --limitParse 10
@ -268,7 +285,8 @@ docker-compose exec app ./manage.py load_transition_domain migrationFilepaths.js
 This will print out additional, detailed logs.
 `--limitParse 100` 
-Directs the script to load only the first 100 entries into the table.  You can adjust this number as needed for testing purposes.  
+Directs the script to load only the first 100 entries into the table.  You can adjust this number as needed for testing purposes.
 **Note:** `--limitParse` is currently experiencing issues and may not work as intended.
 `--resetTable`
 This will delete all the data in transtion_domain.  It is helpful if you want to see the entries reload from scratch or for clearing test data.
@ -308,7 +326,7 @@ Defines the filename for domain type adhocs.
 `--infer_filenames`
 Determines if we should infer filenames or not. This setting is not available for use in environments with the flag `settings.DEBUG` set to false, as it is intended for local development only.
-### STEP 2: Transfer Transition Domain data into main Domain tables
+### Step 2: Transfer Transition Domain data into main Domain tables
 Now that we've loaded all the data into TransitionDomain, we need to update the main Domain and DomainInvitation tables with this information.  
 In the same terminal as used in STEP 1, run the command below; 
@ -329,9 +347,10 @@ docker compose run -T app ./manage.py transfer_transition_domains_to_domains --d
 This will print out additional, detailed logs.
 `--limitParse 100` 
-Directs the script to load only the first 100 entries into the table.  You can adjust this number as needed for testing purposes.  
+Directs the script to load only the first 100 entries into the table.  You can adjust this number as needed for testing purposes. 
 **Note:** `--limitParse` is currently experiencing issues and may not work as intended.
-### STEP 3: Send Domain invitations
+### Step 3: Send Domain invitations
 To send invitation emails for every transition domain in the transition domain table, execute the following command:
@ -344,11 +363,11 @@ docker compose run -T app ./manage.py send_domain_invitations -s
 ./manage.py send_domain_invitations -s
 ```
-### STEP 4: Test the results (Run the analyzer script)
+### Step 4: Test the results (Run the analyzer script)
 This script's main function is to scan the transition domain and domain tables for any anomalies.  It produces a simple report of missing or duplicate data.  NOTE: some missing data might be expected depending on the nature of our migrations so use best judgement when evaluating the results.
-#### OPTION 1 - ANALYZE ONLY
+#### OPTION 1 - Analyze Only
 To analyze our database without running migrations, execute the script without any optional arguments:
@ -361,7 +380,7 @@ docker compose run -T app ./manage.py master_domain_migrations --debug
 ./manage.py master_domain_migrations --debug
 ```
-#### OPTION 2 - RUN MIGRATIONS FEATURE
+#### OPTION 2 - Run Migrations Feature
 To run the migrations again (all above migration steps) before analyzing, execute the following command (read the documentation on the terminal arguments below.  Everything used by the migration scripts can also be passed into this script and will have the same effects).  NOTE: --debug provides detailed logging statements during the migration.  It is recommended that you use this argument when using the --runMigrations feature:
@ -415,7 +434,8 @@ Disables the terminal prompts that allows the user to step through each portion
 Used by the migration scripts (load_transition_domain) to set the limit for the
 number of data entries to insert.  Set to 0 (or just don't use this
 argument) to parse every entry. This was provided primarily for testing
-purposes
+purposes.
 **Note:** `--limitParse` is currently experiencing issues and may not work as intended.
 `--resetTable`
--- a/ops/manifests/manifest-development.yaml
+++ b/ops/manifests/manifest-development.yaml
@ -0,0 +1,32 @@
 ---
 applications:
 - name: getgov-development
  buildpacks:
    - python_buildpack
  path: ../../src
  instances: 1
  memory: 512M
  stack: cflinuxfs4
  timeout: 180
  command: ./run.sh
  health-check-type: http
  health-check-http-endpoint: /health
  health-check-invocation-timeout: 40
  env:
    # Send stdout and stderr straight to the terminal without buffering
    PYTHONUNBUFFERED: yup
    # Tell Django where to find its configuration
    DJANGO_SETTINGS_MODULE: registrar.config.settings
    # Tell Django where it is being hosted
    DJANGO_BASE_URL: https://getgov-development.app.cloud.gov
    # Tell Django how much stuff to log
    DJANGO_LOG_LEVEL: INFO
    # default public site location
    GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
    # Flag to disable/enable features in prod environments
    IS_PRODUCTION: False
  routes:
    - route: getgov-development.app.cloud.gov
  services:
  - getgov-credentials
  - getgov-development-database
--- a/ops/manifests/manifest-ky.yaml
+++ b/ops/manifests/manifest-ky.yaml
@ -0,0 +1,32 @@
 ---
 applications:
 - name: getgov-ky
  buildpacks:
    - python_buildpack
  path: ../../src
  instances: 1
  memory: 512M
  stack: cflinuxfs4
  timeout: 180
  command: ./run.sh
  health-check-type: http
  health-check-http-endpoint: /health
  health-check-invocation-timeout: 40
  env:
    # Send stdout and stderr straight to the terminal without buffering
    PYTHONUNBUFFERED: yup
    # Tell Django where to find its configuration
    DJANGO_SETTINGS_MODULE: registrar.config.settings
    # Tell Django where it is being hosted
    DJANGO_BASE_URL: https://getgov-ky.app.cloud.gov
    # Tell Django how much stuff to log
    DJANGO_LOG_LEVEL: INFO
    # default public site location
    GETGOV_PUBLIC_SITE_URL: https://beta.get.gov
    # Flag to disable/enable features in prod environments
    IS_PRODUCTION: False
  routes:
    - route: getgov-ky.app.cloud.gov
  services:
  - getgov-credentials
  - getgov-ky-database
--- a/ops/scripts/create_dev_sandbox.sh
+++ b/ops/scripts/create_dev_sandbox.sh
@ -43,7 +43,7 @@ cp ops/scripts/manifest-sandbox-template.yaml ops/manifests/manifest-$1.yaml
 sed -i '' "s/ENVIRONMENT/$1/" "ops/manifests/manifest-$1.yaml"
 echo "Adding new environment to settings.py..."
-sed -i '' '/getgov-staging.app.cloud.gov/ {a\
+sed -i '' '/getgov-development.app.cloud.gov/ {a\
    '\"getgov-$1.app.cloud.gov\"',
 }' src/registrar/config/settings.py
@ -105,11 +105,11 @@ echo
 echo "Moving on to setup Github automation..."
 echo "Adding new environment to Github Actions..."
-sed -i '' '/          - staging/ {a\
+sed -i '' '/          - development/ {a\
          - '"$1"'
 }' .github/workflows/reset-db.yaml
-sed -i '' '/          - staging/ {a\
+sed -i '' '/          - development/ {a\
          - '"$1"'
 }' .github/workflows/migrate.yaml
--- a/src/epplibwrapper/client.py
+++ b/src/epplibwrapper/client.py
@ -106,6 +106,7 @@ class EPPLibWrapper:
                # Flag that the pool is frozen,
                # then restart the pool.
                self.pool_status.pool_hanging = True
                logger.error("Pool timed out")
                self.start_connection_pool()
        except (ValueError, ParsingError) as err:
            message = f"{cmd_type} failed to execute due to some syntax error."
@ -174,6 +175,7 @@ class EPPLibWrapper:
    def _create_pool(self, client, login, options):
        """Creates and returns new pool instance"""
        logger.info("New pool was created")
        return EPPConnectionPool(client, login, options)
    def start_connection_pool(self, restart_pool_if_exists=True):
@ -187,7 +189,7 @@ class EPPLibWrapper:
        # Since we reuse the same creds for each pool, we can test on
        # one socket, and if successful, then we know we can connect.
        if not self._test_registry_connection_success():
-            logger.warning("Cannot contact the Registry")
+            logger.warning("start_connection_pool() -> Cannot contact the Registry")
            self.pool_status.connection_success = False
        else:
            self.pool_status.connection_success = True
@ -197,6 +199,7 @@ class EPPLibWrapper:
            if self._pool is not None and restart_pool_if_exists:
                logger.info("Connection pool restarting...")
                self.kill_pool()
                logger.info("Old pool killed")
            self._pool = self._create_pool(self._client, self._login, self.pool_options)
@ -221,6 +224,7 @@ class EPPLibWrapper:
        credentials are valid, and/or if the Registrar
        can be contacted
        """
        # This is closed in test_connection_success
        socket = Socket(self._client, self._login)
        can_login = False
--- a/src/epplibwrapper/socket.py
+++ b/src/epplibwrapper/socket.py
@ -31,6 +31,7 @@ class Socket:
    def connect(self):
        """Use epplib to connect."""
        logger.info("Opening socket on connection pool")
        self.client.connect()
        response = self.client.send(self.login)
        if self.is_login_error(response.code):
@ -40,11 +41,13 @@ class Socket:
    def disconnect(self):
        """Close the connection."""
        logger.info("Closing socket on connection pool")
        try:
            self.client.send(commands.Logout())
            self.client.close()
-        except Exception:
+        except Exception as err:
            logger.warning("Connection to registry was not cleanly closed.")
            logger.error(err)
    def send(self, command):
        """Sends a command to the registry.
@ -77,19 +80,17 @@ class Socket:
            try:
                self.client.connect()
                response = self.client.send(self.login)
-            except LoginError as err:
+            except (LoginError, OSError) as err:
-                if err.should_retry() and counter < 10:
+                logger.error(err)
                should_retry = True
                if isinstance(err, LoginError):
                    should_retry = err.should_retry()
                if should_retry and counter < 3:
                    counter += 1
                    sleep((counter * 50) / 1000)  # sleep 50 ms to 150 ms
                else:  # don't try again
                    return False
            # Occurs when an invalid creds are passed in - such as on localhost
            except OSError as err:
                logger.error(err)
                return False
            else:
                self.disconnect()
                # If we encounter a login error, fail
                if self.is_login_error(response.code):
                    logger.warning("A login error was found in test_connection_success")
@ -97,3 +98,5 @@ class Socket:
                # Otherwise, just return true
                return True
            finally:
                self.disconnect()
--- a/src/epplibwrapper/utility/pool.py
+++ b/src/epplibwrapper/utility/pool.py
@ -98,6 +98,7 @@ class EPPConnectionPool(ConnectionPool):
        """Kills all active connections in the pool."""
        try:
            if len(self.conn) > 0 or len(self.greenlets) > 0:
                logger.info("Attempting to kill connections")
                gevent.killall(self.greenlets)
                self.greenlets.clear()
@ -107,6 +108,7 @@ class EPPConnectionPool(ConnectionPool):
                # Clear the semaphore
                self.lock = BoundedSemaphore(self.size)
                logger.info("Finished killing connections")
            else:
                logger.info("No connections to kill.")
        except Exception as err:
--- a/src/registrar/config/settings.py
+++ b/src/registrar/config/settings.py
@ -619,6 +619,8 @@ SECURE_SSL_REDIRECT = True
 ALLOWED_HOSTS = [
    "getgov-stable.app.cloud.gov",
    "getgov-staging.app.cloud.gov",
    "getgov-development.app.cloud.gov",
    "getgov-ky.app.cloud.gov",
    "getgov-es.app.cloud.gov",
    "getgov-nl.app.cloud.gov",
    "getgov-rh.app.cloud.gov",
--- a/src/registrar/forms/domain.py
+++ b/src/registrar/forms/domain.py
@ -8,6 +8,10 @@ from phonenumber_field.widgets import RegionalPhoneNumberWidget
 from registrar.utility.errors import (
    NameserverError,
    NameserverErrorCodes as nsErrorCodes,
    DsDataError,
    DsDataErrorCodes,
    SecurityEmailError,
    SecurityEmailErrorCodes,
 )
 from ..models import Contact, DomainInformation, Domain
@ -16,6 +20,8 @@ from .common import (
    DIGEST_TYPE_CHOICES,
 )
 import re
 class DomainAddUserForm(forms.Form):
    """Form for adding a user to a domain."""
@ -152,7 +158,13 @@ class ContactForm(forms.ModelForm):
 class DomainSecurityEmailForm(forms.Form):
    """Form for adding or editing a security email to a domain."""
-    security_email = forms.EmailField(label="Security email", required=False)
+    security_email = forms.EmailField(
        label="Security email",
        required=False,
        error_messages={
            "invalid": str(SecurityEmailError(code=SecurityEmailErrorCodes.BAD_DATA)),
        },
    )
 class DomainOrgNameAddressForm(forms.ModelForm):
@ -228,12 +240,22 @@ class DomainDnssecForm(forms.Form):
 class DomainDsdataForm(forms.Form):
    """Form for adding or editing DNSSEC DS Data to a domain."""
    def validate_hexadecimal(value):
        """
        Tests that string matches all hexadecimal values.
        Raise validation error to display error in form
        if invalid characters entered
        """
        if not re.match(r"^[0-9a-fA-F]+$", value):
            raise forms.ValidationError(str(DsDataError(code=DsDataErrorCodes.INVALID_DIGEST_CHARS)))
    key_tag = forms.IntegerField(
        required=True,
        label="Key tag",
        validators=[
-            MinValueValidator(0, message="Value must be between 0 and 65535"),
+            MinValueValidator(0, message=str(DsDataError(code=DsDataErrorCodes.INVALID_KEYTAG_SIZE))),
-            MaxValueValidator(65535, message="Value must be between 0 and 65535"),
+            MaxValueValidator(65535, message=str(DsDataError(code=DsDataErrorCodes.INVALID_KEYTAG_SIZE))),
        ],
        error_messages={"required": ("Key tag is required.")},
    )
@ -251,15 +273,38 @@ class DomainDsdataForm(forms.Form):
        label="Digest type",
        coerce=int,  # need to coerce into int so dsData objects can be compared
        choices=[(None, "--Select--")] + DIGEST_TYPE_CHOICES,  # type: ignore
-        error_messages={"required": ("Digest Type is required.")},
+        error_messages={"required": ("Digest type is required.")},
    )
    digest = forms.CharField(
        required=True,
        label="Digest",
-        error_messages={"required": ("Digest is required.")},
+        validators=[validate_hexadecimal],
        error_messages={
            "required": "Digest is required.",
        },
    )
    def clean(self):
        # clean is called from clean_forms, which is called from is_valid
        # after clean_fields.  it is used to determine form level errors.
        # is_valid is typically called from view during a post
        cleaned_data = super().clean()
        digest_type = cleaned_data.get("digest_type", 0)
        digest = cleaned_data.get("digest", "")
        # validate length of digest depending on digest_type
        if digest_type == 1 and len(digest) != 40:
            self.add_error(
                "digest",
                DsDataError(code=DsDataErrorCodes.INVALID_DIGEST_SHA1),
            )
        elif digest_type == 2 and len(digest) != 64:
            self.add_error(
                "digest",
                DsDataError(code=DsDataErrorCodes.INVALID_DIGEST_SHA256),
            )
        return cleaned_data
 DomainDsdataFormset = formset_factory(
    DomainDsdataForm,
--- a/src/registrar/models/domain.py
+++ b/src/registrar/models/domain.py
@ -642,7 +642,7 @@ class Domain(TimeStampedModel, DomainHelper):
        # if unable to update domain raise error and stop
        if responseCode != ErrorCode.COMMAND_COMPLETED_SUCCESSFULLY:
-            raise NameserverError(code=nsErrorCodes.UNABLE_TO_UPDATE_DOMAIN)
+            raise NameserverError(code=nsErrorCodes.BAD_DATA)
        successTotalNameservers = len(oldNameservers) - deleteCount + addToDomainCount
--- a/src/registrar/templates/401.html
+++ b/src/registrar/templates/401.html
@ -11,23 +11,18 @@
      <h1>
        {% translate "You are not authorized to view this page" %}
      </h1>
      <h2>
        {% translate "Status 401" %}
      </h2>
-
+       
      {% if friendly_message %}
        <p>{{ friendly_message }}</p>
      {% else %}
        <p>{% translate "Authorization failed." %}</p>
      {% endif %}
      <p>
-        You must be an authorized user and need to be signed in to view this page. 
+        You must be an authorized user and signed in to view this page. If you are an authorized user, 
-        Would you like to <a href="{% url 'login' %}"> try logging in again?</a>
+        <strong><a href="{% url 'login' %}"> try signing in again</a>.</strong>
      </p>
      <p>
-     If you'd like help with this error <a class="usa-link" rel="noopener noreferrer" target="_blank" href="{% public_site_url 'contact/' %}">contact us</a>.
+     If you'd like help with this error <a class="usa-link" rel="noopener noreferrer" target="_blank" href="{% public_site_url 'contact/' %}">contact us</a>.</p>
-      </p>
+
      {% if log_identifier %}
        <p>Here's a unique identifier for this error.</p>
@ -35,6 +30,7 @@
        <p>{% translate "Please include it if you contact us." %}</p>
      {% endif %}
    </div>
    <div class="tablet:grid-col-4">
      <img 
         src="{% static 'img/registrar/dotgov_401_illo.svg' %}"
@ -43,4 +39,4 @@
    </div>
  </div>
 </main>
-{% endblock %}
+{% endblock %}
--- a/src/registrar/templates/domain_dsdata.html
+++ b/src/registrar/templates/domain_dsdata.html
@ -114,7 +114,7 @@
    aria-describedby="Your DNSSEC records will be deleted from the registry."
    data-force-action
  >
-      {% include 'includes/modal.html' with cancel_button_resets_ds_form=True modal_heading="Warning: You are about to delete all DS records on your domain" modal_description="To fully disable DNSSEC: In addition to deleting your DS records here you’ll also need to delete the DS records at your DNS host. To avoid causing your domain to appear offline you should wait to delete your DS records at your DNS host until the Time to Live (TTL) expires. This is often less than 24 hours, but confirm with your provider." modal_button=modal_button|safe %}
+      {% include 'includes/modal.html' with cancel_button_resets_ds_form=True modal_heading="Warning: You are about to remove all DS records on your domain" modal_description="To fully disable DNSSEC: In addition to removing your DS records here you’ll also need to delete the DS records at your DNS host. To avoid causing your domain to appear offline you should wait to delete your DS records at your DNS host until the Time to Live (TTL) expires. This is often less than 24 hours, but confirm with your provider." modal_button=modal_button|safe %}
  </div>
 {% endblock %}  {# domain_content #}
--- a/src/registrar/templates/domain_security_email.html
+++ b/src/registrar/templates/domain_security_email.html
@ -4,6 +4,7 @@
 {% block title %}Security email | {{ domain.name }} | {% endblock %}
 {% block domain_content %}
  {% include "includes/form_errors.html" with form=form %}
  <h1>Security email</h1>
--- a/src/registrar/templates/domain_your_contact_information.html
+++ b/src/registrar/templates/domain_your_contact_information.html
@ -4,6 +4,7 @@
 {% block title %}Your contact information | {{ domain.name }} | {% endblock %}
 {% block domain_content %}
  {% include "includes/form_errors.html" with form=form %}
  <h1>Your contact information</h1>
--- a/src/registrar/templates/emails/transition_domain_invitation.txt
+++ b/src/registrar/templates/emails/transition_domain_invitation.txt
@ -11,12 +11,22 @@ If you’re not affiliated with the above domain{% if domains|length > 1 %}s{% e
 CREATE A LOGIN.GOV ACCOUNT
-You can’t use your old credentials to access the new registrar. Access is now managed through Login.gov, a simple and secure process for signing into many government services with one account. Follow these steps to create your Login.gov account <https://login.gov/help/get-started/create-your-account/>. 
+You can’t use your old credentials to access the new registrar. Access is now managed through Login.gov, a simple and secure process for signing in to many government services with one account.
-When creating an account, you’ll need to provide the same email address you used to log in to the old registrar. That will ensure your domains are linked to your Login.gov account. 
+When creating a Login.gov account, you’ll need to provide the same email address you used to sign in to the old registrar. That will link your domain{% if domains|length > 1 %}s{% endif %} to your account.
 If you need help finding the email address you used in the past, let us know in a reply to this email.
 YOU MUST VERIFY YOUR IDENTITY WITH LOGIN.GOV
 We require you to verify your identity with Login.gov as part of the account creation process. This is an extra layer of security that requires you to prove you are you, and not someone pretending to be you.
 When you try to access the registrar with your Login.gov account, we’ll ask you to verify your identity if you haven’t already. You’ll only have to verify your identity once. You’ll need a state-issued ID, a Social Security number, and a phone number for identity verification.
 Follow these steps to create your Login.gov account <https://login.gov/help/get-started/create-your-account/>. 
 Read more about verifying your identity with Login.gov <https://login.gov/help/verify-your-identity/how-to-verify-your-identity/>. 
 CHECK YOUR .GOV DOMAIN CONTACTS
 This is a good time to check who has access to your .gov domain{% if domains|length > 1 %}s{% endif %}. The admin, technical, and billing contacts listed for your domain{% if domains|length > 1 %}s{% endif %} in our old system also received this email. In our new registrar, these contacts are all considered “domain managers.” We no longer have the admin, technical, and billing roles, and you aren’t limited to three domain managers like in the old system. 
--- a/src/registrar/tests/test_views.py
+++ b/src/registrar/tests/test_views.py
@ -13,6 +13,12 @@ import boto3_mocking  # type: ignore
 from registrar.utility.errors import (
    NameserverError,
    NameserverErrorCodes,
    SecurityEmailError,
    SecurityEmailErrorCodes,
    GenericError,
    GenericErrorCodes,
    DsDataError,
    DsDataErrorCodes,
 )
 from registrar.models import (
@ -1734,13 +1740,13 @@ class TestDomainSecurityEmail(TestDomainOverview):
            (
                "RegistryError",
                form_data_registry_error,
-                """
+                str(GenericError(code=GenericErrorCodes.CANNOT_CONTACT_REGISTRY)),
-We’re experiencing a system connection error. Please wait a few minutes
+            ),
-and try again. If you continue to receive this error after a few tries,
+            (
-contact help@get.gov
+                "ContactError",
-                """,
+                form_data_contact_error,
                str(SecurityEmailError(code=SecurityEmailErrorCodes.BAD_DATA)),
            ),
            ("ContactError", form_data_contact_error, "Value entered was wrong."),
            (
                "RegistrySuccess",
                form_data_success,
@ -1874,7 +1880,30 @@ class TestDomainDNSSEC(TestDomainOverview):
        self.assertContains(page, "The DS Data records for this domain have been updated.")
    def test_ds_data_form_invalid(self):
-        """DS Data form errors with invalid data
+        """DS Data form errors with invalid data (missing required fields)
        Uses self.app WebTest because we need to interact with forms.
        """
        add_data_page = self.app.get(reverse("domain-dns-dnssec-dsdata", kwargs={"pk": self.domain_dsdata.id}))
        session_id = self.app.cookies[settings.SESSION_COOKIE_NAME]
        self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
        # all four form fields are required, so will test with each blank
        add_data_page.forms[0]["form-0-key_tag"] = ""
        add_data_page.forms[0]["form-0-algorithm"] = ""
        add_data_page.forms[0]["form-0-digest_type"] = ""
        add_data_page.forms[0]["form-0-digest"] = ""
        with less_console_noise():  # swallow logged warning message
            result = add_data_page.forms[0].submit()
        # form submission was a post with an error, response should be a 200
        # error text appears twice, once at the top of the page, once around
        # the field.
        self.assertContains(result, "Key tag is required", count=2, status_code=200)
        self.assertContains(result, "Algorithm is required", count=2, status_code=200)
        self.assertContains(result, "Digest type is required", count=2, status_code=200)
        self.assertContains(result, "Digest is required", count=2, status_code=200)
    def test_ds_data_form_invalid_keytag(self):
        """DS Data form errors with invalid data (key tag too large)
        Uses self.app WebTest because we need to interact with forms.
        """
@ -1883,13 +1912,87 @@ class TestDomainDNSSEC(TestDomainOverview):
        self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
        # first two nameservers are required, so if we empty one out we should
        # get a form error
-        add_data_page.forms[0]["form-0-key_tag"] = ""
+        add_data_page.forms[0]["form-0-key_tag"] = "65536"  # > 65535
        add_data_page.forms[0]["form-0-algorithm"] = ""
        add_data_page.forms[0]["form-0-digest_type"] = ""
        add_data_page.forms[0]["form-0-digest"] = ""
        with less_console_noise():  # swallow logged warning message
            result = add_data_page.forms[0].submit()
        # form submission was a post with an error, response should be a 200
        # error text appears twice, once at the top of the page, once around
        # the field.
-        self.assertContains(result, "Key tag is required", count=2, status_code=200)
+        self.assertContains(
            result, str(DsDataError(code=DsDataErrorCodes.INVALID_KEYTAG_SIZE)), count=2, status_code=200
        )
    def test_ds_data_form_invalid_digest_chars(self):
        """DS Data form errors with invalid data (digest contains non hexadecimal chars)
        Uses self.app WebTest because we need to interact with forms.
        """
        add_data_page = self.app.get(reverse("domain-dns-dnssec-dsdata", kwargs={"pk": self.domain_dsdata.id}))
        session_id = self.app.cookies[settings.SESSION_COOKIE_NAME]
        self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
        # first two nameservers are required, so if we empty one out we should
        # get a form error
        add_data_page.forms[0]["form-0-key_tag"] = "1234"
        add_data_page.forms[0]["form-0-algorithm"] = "3"
        add_data_page.forms[0]["form-0-digest_type"] = "1"
        add_data_page.forms[0]["form-0-digest"] = "GG1234"
        with less_console_noise():  # swallow logged warning message
            result = add_data_page.forms[0].submit()
        # form submission was a post with an error, response should be a 200
        # error text appears twice, once at the top of the page, once around
        # the field.
        self.assertContains(
            result, str(DsDataError(code=DsDataErrorCodes.INVALID_DIGEST_CHARS)), count=2, status_code=200
        )
    def test_ds_data_form_invalid_digest_sha1(self):
        """DS Data form errors with invalid data (digest is invalid sha-1)
        Uses self.app WebTest because we need to interact with forms.
        """
        add_data_page = self.app.get(reverse("domain-dns-dnssec-dsdata", kwargs={"pk": self.domain_dsdata.id}))
        session_id = self.app.cookies[settings.SESSION_COOKIE_NAME]
        self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
        # first two nameservers are required, so if we empty one out we should
        # get a form error
        add_data_page.forms[0]["form-0-key_tag"] = "1234"
        add_data_page.forms[0]["form-0-algorithm"] = "3"
        add_data_page.forms[0]["form-0-digest_type"] = "1"  # SHA-1
        add_data_page.forms[0]["form-0-digest"] = "A123"
        with less_console_noise():  # swallow logged warning message
            result = add_data_page.forms[0].submit()
        # form submission was a post with an error, response should be a 200
        # error text appears twice, once at the top of the page, once around
        # the field.
        self.assertContains(
            result, str(DsDataError(code=DsDataErrorCodes.INVALID_DIGEST_SHA1)), count=2, status_code=200
        )
    def test_ds_data_form_invalid_digest_sha256(self):
        """DS Data form errors with invalid data (digest is invalid sha-256)
        Uses self.app WebTest because we need to interact with forms.
        """
        add_data_page = self.app.get(reverse("domain-dns-dnssec-dsdata", kwargs={"pk": self.domain_dsdata.id}))
        session_id = self.app.cookies[settings.SESSION_COOKIE_NAME]
        self.app.set_cookie(settings.SESSION_COOKIE_NAME, session_id)
        # first two nameservers are required, so if we empty one out we should
        # get a form error
        add_data_page.forms[0]["form-0-key_tag"] = "1234"
        add_data_page.forms[0]["form-0-algorithm"] = "3"
        add_data_page.forms[0]["form-0-digest_type"] = "2"  # SHA-256
        add_data_page.forms[0]["form-0-digest"] = "GG1234"
        with less_console_noise():  # swallow logged warning message
            result = add_data_page.forms[0].submit()
        # form submission was a post with an error, response should be a 200
        # error text appears twice, once at the top of the page, once around
        # the field.
        self.assertContains(
            result, str(DsDataError(code=DsDataErrorCodes.INVALID_DIGEST_SHA256)), count=2, status_code=200
        )
 class TestApplicationStatus(TestWithUser, WebTest):
--- a/src/registrar/utility/errors.py
+++ b/src/registrar/utility/errors.py
@ -66,18 +66,18 @@ class NameserverErrorCodes(IntEnum):
                                    value but is not a subdomain
        - 3 INVALID_IP  invalid ip address format or invalid version
        - 4 TOO_MANY_HOSTS  more than the max allowed host values
-        - 5 UNABLE_TO_UPDATE_DOMAIN unable to update the domain
+        - 5 MISSING_HOST host is missing for a nameserver
-        - 6 MISSING_HOST host is missing for a nameserver
+        - 6 INVALID_HOST host is invalid for a nameserver
-        - 7 INVALID_HOST host is invalid for a nameserver
+        - 7 BAD_DATA bad data input for nameserver
    """
    MISSING_IP = 1
    GLUE_RECORD_NOT_ALLOWED = 2
    INVALID_IP = 3
    TOO_MANY_HOSTS = 4
-    UNABLE_TO_UPDATE_DOMAIN = 5
+    MISSING_HOST = 5
-    MISSING_HOST = 6
+    INVALID_HOST = 6
-    INVALID_HOST = 7
+    BAD_DATA = 7
 class NameserverError(Exception):
@ -91,11 +91,12 @@ class NameserverError(Exception):
        NameserverErrorCodes.GLUE_RECORD_NOT_ALLOWED: ("Name server address does not match domain name"),
        NameserverErrorCodes.INVALID_IP: ("{}: Enter an IP address in the required format."),
        NameserverErrorCodes.TOO_MANY_HOSTS: ("Too many hosts provided, you may not have more than 13 nameservers."),
        NameserverErrorCodes.UNABLE_TO_UPDATE_DOMAIN: (
            "Unable to update domain, changes were not applied. Check logs as a Registry Error is the likely cause"
        ),
        NameserverErrorCodes.MISSING_HOST: ("Name server must be provided to enter IP address."),
        NameserverErrorCodes.INVALID_HOST: ("Enter a name server in the required format, like ns1.example.com"),
        NameserverErrorCodes.BAD_DATA: (
            "There’s something wrong with the name server information you provided. "
            "If you need help email us at help@get.gov."
        ),
    }
    def __init__(self, *args, code=None, nameserver=None, ip=None, **kwargs):
@ -112,3 +113,77 @@ class NameserverError(Exception):
    def __str__(self):
        return f"{self.message}"
 class DsDataErrorCodes(IntEnum):
    """Used in the DsDataError class for
    error mapping.
    Overview of ds data error codes:
        - 1 BAD_DATA  bad data input in ds data
        - 2 INVALID_DIGEST_SHA1 invalid digest for digest type SHA-1
        - 3 INVALID_DIGEST_SHA256 invalid digest for digest type SHA-256
        - 4 INVALID_DIGEST_CHARS invalid chars in digest
        - 5 INVALID_KEYTAG_SIZE invalid key tag size > 65535
    """
    BAD_DATA = 1
    INVALID_DIGEST_SHA1 = 2
    INVALID_DIGEST_SHA256 = 3
    INVALID_DIGEST_CHARS = 4
    INVALID_KEYTAG_SIZE = 5
 class DsDataError(Exception):
    """
    DsDataError class used to raise exceptions on
    the ds data getter
    """
    _error_mapping = {
        DsDataErrorCodes.BAD_DATA: (
            "There’s something wrong with the DS data you provided. If you need help email us at help@get.gov."
        ),
        DsDataErrorCodes.INVALID_DIGEST_SHA1: ("SHA-1 digest must be exactly 40 characters."),
        DsDataErrorCodes.INVALID_DIGEST_SHA256: ("SHA-256 digest must be exactly 64 characters."),
        DsDataErrorCodes.INVALID_DIGEST_CHARS: ("Digest must contain only alphanumeric characters [0-9,a-f]."),
        DsDataErrorCodes.INVALID_KEYTAG_SIZE: ("Key tag must be less than 65535"),
    }
    def __init__(self, *args, code=None, **kwargs):
        super().__init__(*args, **kwargs)
        self.code = code
        if self.code in self._error_mapping:
            self.message = self._error_mapping.get(self.code)
    def __str__(self):
        return f"{self.message}"
 class SecurityEmailErrorCodes(IntEnum):
    """Used in the SecurityEmailError class for
    error mapping.
    Overview of security email error codes:
        - 1 BAD_DATA  bad data input in security email
    """
    BAD_DATA = 1
 class SecurityEmailError(Exception):
    """
    SecurityEmailError class used to raise exceptions on
    the security email form
    """
    _error_mapping = {
        SecurityEmailErrorCodes.BAD_DATA: ("Enter an email address in the required format, like name@example.com.")
    }
    def __init__(self, *args, code=None, **kwargs):
        super().__init__(*args, **kwargs)
        self.code = code
        if self.code in self._error_mapping:
            self.message = self._error_mapping.get(self.code)
    def __str__(self):
        return f"{self.message}"
--- a/src/registrar/views/domain.py
+++ b/src/registrar/views/domain.py
@ -28,6 +28,10 @@ from registrar.utility.errors import (
    GenericErrorCodes,
    NameserverError,
    NameserverErrorCodes as nsErrorCodes,
    DsDataError,
    DsDataErrorCodes,
    SecurityEmailError,
    SecurityEmailErrorCodes,
 )
 from registrar.models.utility.contact_error import ContactError
@ -304,7 +308,7 @@ class DomainNameserversView(DomainFormBaseView):
        except NameserverError as Err:
            # NamserverErrors *should* be caught in form; if reached here,
            # there was an uncaught error in submission (through EPP)
-            messages.error(self.request, NameserverError(code=nsErrorCodes.UNABLE_TO_UPDATE_DOMAIN))
+            messages.error(self.request, NameserverError(code=nsErrorCodes.BAD_DATA))
            logger.error(f"Nameservers error: {Err}")
        # TODO: registry is not throwing an error when no connection
        except RegistryError as Err:
@ -315,7 +319,7 @@ class DomainNameserversView(DomainFormBaseView):
                )
                logger.error(f"Registry connection error: {Err}")
            else:
-                messages.error(self.request, GenericError(code=GenericErrorCodes.GENERIC_ERROR))
+                messages.error(self.request, NameserverError(code=nsErrorCodes.BAD_DATA))
                logger.error(f"Registry error: {Err}")
        else:
            messages.success(
@ -445,7 +449,7 @@ class DomainDsDataView(DomainFormBaseView):
            modal_button = (
                '<button type="submit" '
                'class="usa-button usa-button--secondary" '
-                'name="disable-override-click">Delete all records</button>'
+                'name="disable-override-click">Remove all DS Data</button>'
            )
            # context to back out of a broken form on all fields delete
@ -491,7 +495,7 @@ class DomainDsDataView(DomainFormBaseView):
                )
                logger.error(f"Registry connection error: {err}")
            else:
-                messages.error(self.request, GenericError(code=GenericErrorCodes.GENERIC_ERROR))
+                messages.error(self.request, DsDataError(code=DsDataErrorCodes.BAD_DATA))
                logger.error(f"Registry error: {err}")
            return self.form_invalid(formset)
        else:
@ -581,10 +585,10 @@ class DomainSecurityEmailView(DomainFormBaseView):
                )
                logger.error(f"Registry connection error: {Err}")
            else:
-                messages.error(self.request, GenericError(code=GenericErrorCodes.GENERIC_ERROR))
+                messages.error(self.request, SecurityEmailError(code=SecurityEmailErrorCodes.BAD_DATA))
                logger.error(f"Registry error: {Err}")
        except ContactError as Err:
-            messages.error(self.request, GenericError(code=GenericErrorCodes.GENERIC_ERROR))
+            messages.error(self.request, SecurityEmailError(code=SecurityEmailErrorCodes.BAD_DATA))
            logger.error(f"Generic registry error: {Err}")
        else:
            messages.success(self.request, "The security email for this domain has been updated.")