From HEXONET Wiki
(→Nameserver: - clarified that vanity nameservers are not supported - see https://jira.centralnic.com/browse/REGSDL-2405)
|Line 145:||Line 145:|
=== Nameserver ===
=== Nameserver ===
web based [https://www.denic.de/en/service/tools/nast/ ZoneCheck]. the to .
Nameserver-Refresh: Please note that the DENIC ROOT Nameservers refreshed every uneven hour at half past.
=== Transit ===
=== Transit ===
Latest revision as of 13:29, 6 August 2021
|Allowed number of NS||
0 to 13
|Host IP-Addresses Type||
IPv4 / IPv6
|Hosts managed as||
|Root Nameserver Update||
|SEC DNS Interface||
KEY data interface
reset, 1 year / 1 month added
|Transfer Authcode required||
|Transfer Confirmation (Request / Approve)||
- / -
|Owner Change by||
1 year / 1 month
|Add Grace Period||
|Deletion Restorable Period||
|Deletion Hold Period||
1 year / 1 month
 Domain Registration
Domains can be registered in Real-Time with the API AddDomain command.
command = AddDomain domain = (DOMAIN)
ownercontact0 = (CONTACT) nameserver0 = (NAMESERVER) nameserver1 = (NAMESERVER)
admincontact0 = (CONTACT) techcontact0 = (CONTACT) billingcontact0 = (CONTACT) X-DE-GENERAL-REQUEST = (URI-TEMPLATE) X-DE-ABUSE-CONTACT = (URI-TEMPLATE) X-DE-ACCEPT-TRUSTEE-TAC = 0 | 1 auth = <TEXT> | <NULL> transferlock = 0 | 1 | <NULL> subuser = <TEXT> | <NULL>
 Domain Transfer
The transfer has to be initiated by the gaining registrar and can be requested with the API TransferDomain command.
A valid Authorization Code must be provided to initiate a transfer successfully. You may obtain the authorization code from the losing registrar.
Domain transfers are processed in Real-Time.
command = TransferDomain domain = (DOMAIN)
action = REQUEST | APPROVE | DENY | CANCEL | USERTRANSFER auth = <TEXT>
order = CREATE | REPLACE | UPDATE subuser = <TEXT> | <NULL> period = <PERIOD> transferlock = 0 | 1 | <NULL> X-DE-GENERAL-REQUEST = (URI-TEMPLATE) X-DE-ABUSE-CONTACT = (URI-TEMPLATE)
If the Authorization Code is correct, the transfer will be processed in real-time.
 Delete Domain
Domains can be deleted with the API DeleteDomain command.
There is a Deletion Restorable Period of 30 days.
command = DeleteDomain domain = (DOMAIN)
If you don't have the authorization of the owner you can push a domain to the registry (DeNIC Transit) with the PushDomain command:
command = PushDomain domain = <DOMAIN> target = TRANSIT
 Restore Domain
Restores can be processed in realtime. A restore is possible within 30 days upon deletion. Please use the command RestoreDomain.
command = RestoreDomain domain = (DOMAIN)
renewalmode = <NULL> | <TEXT> subuser = <TEXT>
An Ownerchange is free of charge and can be done with the API ModifyDomain command.
 TLD specific
Nameservers must be configured in advance.
Please note that DENIC has very strict requirements on how nameservers should be configured.
One of these restrictions affect the use of vanity nameservers. If you are using your own vanity nameservers pointing at the IP Addresses of nameservers operated by HEXONET and receive an error "118 - Inconsistent set of NS RRs (IP, NS host names)", please use the HEXONET nameservers assigned to your account (ns1xxx.ispapi.net, ns2xxx.ispapi.net, ns2xxx.ispapi.net) instead.
You can test your configuration using DENIC's web based ZoneCheck. For additional information on how the DENIC Zonecheck tool works and the most common errors, please refer to the documentation available on that page.
Nameserver-Refresh: Please note that the DENIC ROOT Nameservers are refreshed every uneven hour at half past.
TRANSIT is the name that DENIC gives to a procedure, which makes sure that a domain holder does not lose his/her domain if it ceases to be administered by a DENIC member. You should understand a little about the background:
Usually, the request to register a domain is submitted to DENIC by a DENIC member acting on behalf of the customer. This DENIC member then goes on to handle all communications with DENIC concerning the domain on behalf of the domain holder. We call this "administering the domain". If, for whatever reason, the DENIC member ceases to administer the domain, DENIC tries to get in touch directly with the domain holder as part of its TRANSIT procedure in order to ensure that it will be possible to have the domain administered in future by a DENIC member appointed by the domain holder. DENIC will send a letter to the domain holder and issues an individual password. The domain holder can now use this password on a personalized web page to indicate for each domain concerned:
- which DENIC member is to administer the domain in future;
- whether DENIC is to administer it itself through the service DENICdirect;
- or whether the domain is to be deleted.
This procedure ensures that the rights of domain holders to their domains are safeguarded.
If you should ever receive an Email from our system telling you that the the respective domain name is in a DISPUTE you should contact the DENIC-Legal Department for further information. They will provide you with the information you need for removing the so-called DISPUTE-ENTRY. But please note that DENIC will only communicate with the ADMIN or with the Domain OWNER who is listed in the public whois-database.
More Information: Even if DENIC does not become involved in pending disputes about domains, it can do something for you by placing a DISPUTE entry on the disputed domain. The main effect of this instrument is that the domain holder loses the right to transfer the domain to someone else, which prevents them from trying to shirk away from sorting the matter out with you. The only feasible transfer of the domain is to you and that, of course, remains possible. The DISPUTE entry made on the domain in your favour also guarantees that you will instantly become its holder if the existing holder deletes it. That is particularly advantageous for you, since the highest German court has ruled that an adversary may file for a court to order a domain holder to delete a domain but it cannot file for an order to transfer it. If there is a DISPUTE entry on the domain in your name, then it is enough for you to file for deletion and, thanks to the DISPUTE-entry mechanism, you are sure that you will then become the domain holder yourself. For this purpose, it is essential that the form applying for a DISPUTE entry also specifies the person who will become your administrative contact should such a case arise. This will accelerate the clearing procedure later on.
Due to the introduction of the GDPR policy, the DENIC registry no longer requires a local presence in Germany prior to the registration of .DE domain names. However, the registry may request that a local contact be named in case of a legal dispute or if any problem is reported to the registry. Upon request by the registry, the domain holder must provide a contact person in Germany who is responsible for receiving the service of official or judicial documents. For this reason, HEXONET's trustee service will continue to be available as an optional service. The trustee service will operate as follows: we will add the trustee partner’s email address as a secondary email address to the original registrant contact. If a domain should be subject to a complaint, our trustee partner will also be notified and can then provide a valid German postal address.
The trustee-service can be activated with the following parameter:
X-DE-ACCEPT-TRUSTEE-TAC = 0 | 1
 General Request and Abuse contact
It is possible to set a "General Request" and a Abuse" contact information for .DE domains. This contact confirmation consists of a email (mailto link) or a contact form (HTTP/HTPS URL) through which the "General Request" or "Abuse" contact can be reached. In the DENIC web whois this information is publicly displayed. This information can be set via the parameters X-DE-GENERAL-REQUEST and X-DE-ABUSE-CONTACT, the only accepted values are valid URI templates. If not specified a default will be set which is https://send-message.ispapi.net/domain/owner for the general request contact and mailto:email@example.com for the abuse contact.
 AuthInfo Restrictions
Length: The AuthInfo must be 8 to 16 characters long.
Permitted characters: A, B, C, D, E‚ F, G, H, J, K, L, M, N, P, Q, R, S, T, U, V, W, X, Y, Z a, b, c, d, e, f, g, h, i, j, k, m, n, p, q, r, s, t, u, v, w, x, y, z 2, 3, 4, 5, 6, 7, 8, 9 +, -, /, *
The following characters are not permitted: I (uppercase i), l (lowercase l), O (uppercase O), o (lowercase o), 0 (zero) and 1
This is to avoid characters that are frequently mixed up..
 Transfer with AuthInfo
As from December 2008, DENIC and the DENIC members offered a new procedure to domain holders who want to change their provider. The central feature of this new procedure is the transmission of a password, which is called AuthInfo. The AuthInfo is valid exclusively for this specific action and is related to one specific domain. Two steps are required to be able to apply the procedure: First, the domain holder must request his/her provider to obtain an AuthInfo, which is then stored with DENIC. Then he/she starts a provider change with his/her new provider. Below you find a detailed description of these two steps.
To actually start the provider change, the domain holder communicates the AuthInfo to his/her new provider. The new provider, or more precisely the DENIC member administering the domain, can check with DENIC whether an AuthInfo has been stored (of cause without giving the actual character set of the AuthInfo). If an AuthInfo has been stored, the provider change request can then be transmitted to DENIC together with this AuthInfo.
When DENIC receives the provider change request, it checks first of all if a valid AuthInfo has been stored for the stated domain. If an AuthInfo exists and it matches the transmitted AuthInfo, the provider change is carried out immediately and the AuthInfo used for it is deleted. If the password is invalid, the provider change is rejected and the new provider is informed accordingly. If no AuthInfo is stored for the domain, the domain holder must contact his/her previous provider to clarify why no AuthInfo has been stored.
An AuthInfo enables a domain holder to carry out a holder change together with the provider change. This option is not available, however, if provisions to the contrary like an active DISPUTE apply. This distinguishes the new procedure from the asynchronous one, which only provides for a separate holder change. Other domain administration processes like updating the domain data or deletions cannot be executed by means of an AuthInfo.
If you want to transfer a .DE domain to another DENIC member you can set an AuthInfo1 code which will be valid for 30 days by simply assigning a new authorization code to the domain:
command=ModifyDomain domain=<DOMAIN> auth=<TEXT>
It is also possible to explicitly set or remove an AuthInfo1 code for a domain name.
You can set an AuthInfo1 code with the DENIC_CreateAuthInfo1 command:
command=DENIC_CreateAuthInfo1 domain=<DOMAIN> (optional) auth=<TEXT> x-de-authinfo1-expirationdate = <DATE>
You can remove an AuthInfo1 code with the DENIC_DeleteAuthInfo1 command:
command = DENIC_DeleteAuthInfo1 domain = <DOMAIN>
To create an AuthInfo2 for a .DE domain (gets generated directly at DENIC) you have to use DENIC_CreateAuthInfo2:
command = DENIC_CreateAuthInfo2 domain = <DOMAIN>
The AuthInfo2 code will be generated at DENIC. The DENIC sends a letter with the code to the registrant of the domain by post. A DENIC letter containing a AuthInfo2 code normally looks like this: DENIC AuthInfo2 letter.
Please note that when a .DE Domain is transferred successfully, then the registration period starts from the beginning.
Minimum: 8 characters
Maximum: 16 characters
A, B, C, D, E, F, G, H, J, K, L, M, N, P, Q, R, S, T, U, V, W, X, Y, Z a, b, c, d, e, f, g, h, i, j, k, m, n, p, q, r, s, t, u, v, w, x, y, z 2, 3, 4, 5, 6, 7, 8, 9 +, -, /, *
I (uppercase i), l (lowercase l), O (uppercase O), o (lowercase o), 0 (zero) and 1
The following overview shows you all available Domain Addons which can be used for this special kind of TLD. It also shows the respective API parameters which are required to activate the Domain Addons:
|Addon Class||Parameter to (de)activate *1)||Renewal term *2)||Affected Parameters *3)|
|Trustee||X-DE-ACCEPT-TRUSTEE-TAC = 0 | 1||1 month||ADMINCONTACT|
|Trustee||X-DE-ACCEPT-TRUSTEE-TAC = 0 | 1||1 month||OWNERCONTACT0EMAIL1|