Personal tools


Revision as of 13:29, 6 August 2021 by WikiAdmin (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

.DE is the official country code Top-Level-Domain (ccTLD) of Germany (Deutschland). A .DE Domain is normally used by companies or private entities who are located in Germany.

Introduced 1986
Country Germany
Registry DeNIC eG
IDN Capable Yes
Webpage Register .DE







Dispute Policy



1api GmbH




Min. Characters


Max. Characters


Character Set
  • Letters and numbers
  • Hyphens ("-"), however not at the beginning or directly in front of the TLD
  • IDN: allowed
  • Registrant Contacts: Required: 1 / Maximum: 5
  • Admin Contacts: Required: 0 / Maximum: 1
  • Tech Contacts: Required: 0 / Maximum: 3
  • Billing Contacts: Required: 0 / Maximum: 3

{{{Possible Extensions}}}

IDN capable


Restore capable


Handle Updates

Supported (partially)

Registration System


Allowed number of NS

0 to 13

Registry Nameservercheck


Host IP-Addresses Type

IPv4 / IPv6

Hosts managed as


Root Nameserver Update

2 hours

SEC DNS Interface

KEY data interface



Transfer Periods

reset, 1 year / 1 month added

Transfer Authcode required


Transfer Real-Time


Transfer Lock


Transfer Confirmation (Request / Approve)

- / -

Owner Change by



{{{Possible Extensions}}}

Registration Periods

1 year / 1 month

Add Grace Period

0 days

Accounting Period

-1 week

Finalization Period

0 days

Failure Period

1 day

Payment Period

-61 days

Deletion Restorable Period

30 days

Deletion Hold Period

0 days

Explicit Renewals


Renewal Periods

1 year / 1 month


Domain Registration

Domains can be registered in Real-Time with the API AddDomain command.

command = AddDomain
domain  = (DOMAIN)


ownercontact0 = (CONTACT)
nameserver0 = (NAMESERVER)
nameserver1 = (NAMESERVER)


admincontact0 = (CONTACT)
techcontact0 = (CONTACT)
billingcontact0 = (CONTACT)
auth = <TEXT> | <NULL>
transferlock = 0 | 1 | <NULL>
subuser = <TEXT> | <NULL>

Domain Transfer

The transfer has to be initiated by the gaining registrar and can be requested with the API TransferDomain command.
A valid Authorization Code must be provided to initiate a transfer successfully. You may obtain the authorization code from the losing registrar.
Domain transfers are processed in Real-Time.

command = TransferDomain
domain = (DOMAIN)


auth = <TEXT>



subuser = <TEXT> | <NULL>
period = <PERIOD>
transferlock = 0 | 1 | <NULL>

If the Authorization Code is correct, the transfer will be processed in real-time.

Delete Domain

Please note that you're only allowed to delete .DE domains if you have the authorization of the domain owner.

Domains can be deleted with the API DeleteDomain command.
There is a Deletion Restorable Period of 30 days.

command = DeleteDomain
domain = (DOMAIN)

If you don't have the authorization of the owner you can push a domain to the registry (DeNIC Transit) with the PushDomain command:

 command = PushDomain
 domain = <DOMAIN>
 target = TRANSIT

Restore Domain

Restores can be processed in realtime. A restore is possible within 30 days upon deletion. Please use the command RestoreDomain.

command = RestoreDomain
domain = (DOMAIN)


renewalmode = <NULL> | <TEXT>
subuser = <TEXT>


An Ownerchange is free of charge and can be done with the API ModifyDomain command.

TLD specific


Nameservers must be configured in advance.

Please note that DENIC has very strict requirements on how nameservers should be configured.

One of these restrictions affect the use of vanity nameservers. If you are using your own vanity nameservers pointing at the IP Addresses of nameservers operated by HEXONET and receive an error "118 - Inconsistent set of NS RRs (IP, NS host names)", please use the HEXONET nameservers assigned to your account (,, instead.

You can test your configuration using DENIC's web based ZoneCheck. For additional information on how the DENIC Zonecheck tool works and the most common errors, please refer to the documentation available on that page.

Nameserver-Refresh: Please note that the DENIC ROOT Nameservers are refreshed every uneven hour at half past.


TRANSIT is the name that DENIC gives to a procedure, which makes sure that a domain holder does not lose his/her domain if it ceases to be administered by a DENIC member. You should understand a little about the background:

Usually, the request to register a domain is submitted to DENIC by a DENIC member acting on behalf of the customer. This DENIC member then goes on to handle all communications with DENIC concerning the domain on behalf of the domain holder. We call this "administering the domain". If, for whatever reason, the DENIC member ceases to administer the domain, DENIC tries to get in touch directly with the domain holder as part of its TRANSIT procedure in order to ensure that it will be possible to have the domain administered in future by a DENIC member appointed by the domain holder. DENIC will send a letter to the domain holder and issues an individual password. The domain holder can now use this password on a personalized web page to indicate for each domain concerned:

  • which DENIC member is to administer the domain in future;
  • whether DENIC is to administer it itself through the service DENICdirect;
  • or whether the domain is to be deleted.

This procedure ensures that the rights of domain holders to their domains are safeguarded.


If you should ever receive an Email from our system telling you that the the respective domain name is in a DISPUTE you should contact the DENIC-Legal Department for further information. They will provide you with the information you need for removing the so-called DISPUTE-ENTRY. But please note that DENIC will only communicate with the ADMIN or with the Domain OWNER who is listed in the public whois-database.

More Information: Even if DENIC does not become involved in pending disputes about domains, it can do something for you by placing a DISPUTE entry on the disputed domain. The main effect of this instrument is that the domain holder loses the right to transfer the domain to someone else, which prevents them from trying to shirk away from sorting the matter out with you. The only feasible transfer of the domain is to you and that, of course, remains possible. The DISPUTE entry made on the domain in your favour also guarantees that you will instantly become its holder if the existing holder deletes it. That is particularly advantageous for you, since the highest German court has ruled that an adversary may file for a court to order a domain holder to delete a domain but it cannot file for an order to transfer it. If there is a DISPUTE entry on the domain in your name, then it is enough for you to file for deletion and, thanks to the DISPUTE-entry mechanism, you are sure that you will then become the domain holder yourself. For this purpose, it is essential that the form applying for a DISPUTE entry also specifies the person who will become your administrative contact should such a case arise. This will accelerate the clearing procedure later on.


Due to the introduction of the GDPR policy, the DENIC registry no longer requires a local presence in Germany prior to the registration of .DE domain names. However, the registry may request that a local contact be named in case of a legal dispute or if any problem is reported to the registry. Upon request by the registry, the domain holder must provide a contact person in Germany who is responsible for receiving the service of official or judicial documents. For this reason, HEXONET's trustee service will continue to be available as an optional service. The trustee service will operate as follows: we will add the trustee partner’s email address as a secondary email address to the original registrant contact. If a domain should be subject to a complaint, our trustee partner will also be notified and can then provide a valid German postal address.

The trustee-service can be activated with the following parameter:


General Request and Abuse contact

It is possible to set a "General Request" and a Abuse" contact information for .DE domains. This contact confirmation consists of a email (mailto link) or a contact form (HTTP/HTPS URL) through which the "General Request" or "Abuse" contact can be reached. In the DENIC web whois this information is publicly displayed. This information can be set via the parameters X-DE-GENERAL-REQUEST and X-DE-ABUSE-CONTACT, the only accepted values are valid URI templates. If not specified a default will be set which is for the general request contact and mailto:[email protected] for the abuse contact.

AuthInfo Restrictions

Length: The AuthInfo must be 8 to 16 characters long.

Permitted characters: A, B, C, D, E‚ F, G, H, J, K, L, M, N, P, Q, R, S, T, U, V, W, X, Y, Z a, b, c, d, e, f, g, h, i, j, k, m, n, p, q, r, s, t, u, v, w, x, y, z 2, 3, 4, 5, 6, 7, 8, 9 +, -, /, *

The following characters are not permitted: I (uppercase i), l (lowercase l), O (uppercase O), o (lowercase o), 0 (zero) and 1

This is to avoid characters that are frequently mixed up..

Transfer with AuthInfo

As from December 2008, DENIC and the DENIC members offered a new procedure to domain holders who want to change their provider. The central feature of this new procedure is the transmission of a password, which is called AuthInfo. The AuthInfo is valid exclusively for this specific action and is related to one specific domain. Two steps are required to be able to apply the procedure: First, the domain holder must request his/her provider to obtain an AuthInfo, which is then stored with DENIC. Then he/she starts a provider change with his/her new provider. Below you find a detailed description of these two steps.

To actually start the provider change, the domain holder communicates the AuthInfo to his/her new provider. The new provider, or more precisely the DENIC member administering the domain, can check with DENIC whether an AuthInfo has been stored (of cause without giving the actual character set of the AuthInfo). If an AuthInfo has been stored, the provider change request can then be transmitted to DENIC together with this AuthInfo.

When DENIC receives the provider change request, it checks first of all if a valid AuthInfo has been stored for the stated domain. If an AuthInfo exists and it matches the transmitted AuthInfo, the provider change is carried out immediately and the AuthInfo used for it is deleted. If the password is invalid, the provider change is rejected and the new provider is informed accordingly. If no AuthInfo is stored for the domain, the domain holder must contact his/her previous provider to clarify why no AuthInfo has been stored.

An AuthInfo enables a domain holder to carry out a holder change together with the provider change. This option is not available, however, if provisions to the contrary like an active DISPUTE apply. This distinguishes the new procedure from the asynchronous one, which only provides for a separate holder change. Other domain administration processes like updating the domain data or deletions cannot be executed by means of an AuthInfo.

If you want to transfer a .DE domain to another DENIC member you can set an AuthInfo1 code which will be valid for 30 days by simply assigning a new authorization code to the domain:


It is also possible to explicitly set or remove an AuthInfo1 code for a domain name.
You can set an AuthInfo1 code with the DENIC_CreateAuthInfo1 command:

 x-de-authinfo1-expirationdate = <DATE>

You can remove an AuthInfo1 code with the DENIC_DeleteAuthInfo1 command:

 command = DENIC_DeleteAuthInfo1
 domain = <DOMAIN>

To create an AuthInfo2 for a .DE domain (gets generated directly at DENIC) you have to use DENIC_CreateAuthInfo2:

 command = DENIC_CreateAuthInfo2
 domain = <DOMAIN>

The AuthInfo2 code will be generated at DENIC. The DENIC sends a letter with the code to the registrant of the domain by post. A DENIC letter containing a AuthInfo2 code normally looks like this: DENIC AuthInfo2 letter.

Please note that requesting an Authinfo2 code is not free of charge!

Please note that when a .DE Domain is transferred successfully, then the registration period starts from the beginning.

Requirements for a .DE authorization code

Minimum: 8 characters
Maximum: 16 characters

Valid characters:

A, B, C, D, E, F, G, H, J, K, L, M, N, P, Q, R, S, T, U, V, W, X, Y, Z
a, b, c, d, e, f, g, h, i, j, k, m, n, p, q, r, s, t, u, v, w, x, y, z
2, 3, 4, 5, 6, 7, 8, 9
+, -, /, *

Invalid characters:

I (uppercase i), l (lowercase l), O (uppercase O), o (lowercase o), 0 (zero) and 1


The following overview shows you all available Domain Addons which can be used for this special kind of TLD. It also shows the respective API parameters which are required to activate the Domain Addons:

Addon Class Parameter to (de)activate *1) Renewal term *2) Affected Parameters *3)

*1) Parameter to (de)activate: When accessing our backend through the API, you can either activate the addon with X-DE-ACCEPT-TRUSTEE-TAC=1 or deactivate it with
*2) Renewal Term: Is the minimum renewal term of the "Addon Class"
*3) If you are using a "Trustee" Domain Addon normally the original owner contact or the original admin contact or both are replaced by a contact provided by the trustee provider.


Restore Process

To restore a domain as a RegistrarOC customer, you simply have to execute the RestoreDomain command. HEXONET directly forwards the restore request to the registry, which performs the restore in real-time. As soon as the restore is complete, the domain will get assigned to your account with the original domain data.

Please do not initiate a restore directly at the registry (e.g. using the registrar webinterface). All restore operations must be performed through our system.