dns-doctor
regfish ↗

Privacy Policy

Thanks for using dns-doctor.com. The service works without an account, without registration and without tracking. Below we explain which data is processed when you use it.

1. Controller

regfish GmbH
Bleichstraße 8a
35390 Gießen
Germany

Represented by the managing directors Carsten Müller and Andreas Mallek.
Phone: +49 641 49 888 530 (not a technical support hotline; please send support requests by email)
Email: support@regfish.de

Data protection officer: Rudolf Fiedler, DPP Data Protection GmbH, email: datenschutz@regfish.de

Further details about the provider can be found in the imprint.

2. Hosting and server logs

dns-doctor.com runs on infrastructure owned and operated by regfish GmbH in Germany (Frankfurt am Main). No external hosting providers are involved as processors.

Our application logs do not contain IP addresses. At the level of the upstream infrastructure (edge proxy), the IP address, the time of access, the requested URL, the HTTP status and the user agent are recorded when you visit the website. This data is used solely for operational security, troubleshooting and defending against attacks; it is normally deleted after 14 days. The legal basis is Art. 6 (1)(f) GDPR (legitimate interest in secure and stable operation).

3. Cookies

dns-doctor.com sets two purely functional cookies: "theme" stores your choice of the light or dark design, "locale" stores your language preference (German/English). Both are valid for twelve months, contain no personal data and are not used for tracking. Storing and reading them is based on Section 25 (2) no. 2 of the German TDDDG, as both cookies are strictly necessary to provide a function you explicitly requested (design and language selection). To the extent any personal data is processed in this context at all, the legal basis is Art. 6 (1)(f) GDPR.

No analytics, statistics or marketing cookies are used.

4. DNS checks (main check, DNS lookup, DKIM checker, DNSSEC check)

The following applies equally to the main check, the DNS lookup, the DKIM checker and the DNSSEC check. When you check a domain, our server queries the DNS records of that domain via DNS over HTTPS at Cloudflare (cloudflare-dns.com) and Google (dns.google). Only the domain name you entered is transmitted. Your IP address and other personal data are not passed on to these services, because the queries originate server-side from our own infrastructure.

Check results are kept in a server cache for at most 5 minutes to speed up repeated queries. The cache contains only the domain name and the associated DNS results, with no link to any user.

DNS propagation check

For the propagation check, our server additionally queries the entered domain name at further public DNS resolvers: AliDNS (Alibaba Cloud Computing Co., Ltd., People’s Republic of China), DNS.SB and AdGuard. Here too, only the domain name is transmitted; your IP address and other data relating to you are not passed on, because the queries originate server-side from our own infrastructure.

As a rule, a domain name does not relate to an identifiable person, and DNS data is publicly queryable worldwide. Where in an individual case a domain name does allow conclusions about a natural person, we base the query on Art. 6 (1)(f) GDPR (legitimate interest in performing the check you requested); the occasional transmission to resolvers in third countries without an adequacy decision (in particular China) is based on Art. 49 (1)(b) GDPR, as it is necessary for the service you requested. Please note: which domain you check remains your decision; the propagation check only queries these resolvers at your request.

5. Domain availability check (RDAP)

When you check whether a domain is available, our server transmits the entered domain name to the referral service rdap.org and to the registry responsible for the respective domain ending. Depending on the ending, registries are located worldwide, including in third countries outside the EU/EEA. RDAP is the official public lookup service of the registries (the successor to WHOIS). Only the domain name is transmitted; the query is made server-side, without your IP address or any other data relating to you.

We store the responses (registration status) in a server cache for up to 10 minutes, with no link to any person. In addition, our server periodically loads the public IANA bootstrap list (data.iana.org; cached for 24 hours); no personal data is transmitted in the process.

Where in an individual case a domain name relates to an identifiable person, the statements on the propagation check apply accordingly (Art. 6 (1)(f), Art. 49 (1)(b) GDPR).

6. Email header analyzer

The email header analyzer runs entirely locally in your browser. Pasted email headers are evaluated exclusively on your device and are never transmitted to our server or to any third party.

Only if you deliberately use the API endpoint /api/v1/header-analysis instead is the submitted header processed on our server: the analysis happens transiently in memory and the result is returned to you immediately; the header is neither stored nor passed to third parties, and the response is excluded from caching. The legal basis is Art. 6 (1)(b) GDPR (provision of the function you requested).

7. Embeddable status badge

Website operators can embed a badge showing the DNS health score of a domain (/badge/yourdomain.svg) on their own website. When you visit a page that embeds such a badge, your browser loads the image directly from our server. As is technically unavoidable with any embedded resource, our server then receives your IP address, the time of the request, the user agent and, where applicable, the address of the embedding page (referrer).

We use this data solely to deliver the image, for rate limiting and for operational security; it appears in our infrastructure logs and is normally deleted after 14 days. The badge sets no cookies, and there is no tracking and no profiling. The displayed score is cached for up to 1 hour, with no link to any person.

The legal basis is Art. 6 (1)(f) GDPR (legitimate interest in delivering the requested resource and in secure operation). The decision to embed the badge is the responsibility of the operator of the respective website.

8. Public API

The programming interface available at /api/v1 performs the same checks as the website; the sections above apply accordingly. Input submitted to the generator endpoints is processed transiently and not stored. Optionally, you can send an API key (HTTP header "X-Api-Key"), which serves solely as an identifier for a higher daily quota. Usage counters per API key or IP address are kept transiently in memory and are not stored permanently. The legal basis is Art. 6 (1)(f) GDPR (legitimate interest in abuse prevention and quota management).

Once sign-in with a regfish account token is enabled, a token you submit (HTTP header "Authorization") is forwarded once, server-side, to regfish GmbH (api.regfish.com) solely to verify its validity. The verification result is cached briefly (5 minutes); processing within your regfish account is governed by the regfish privacy policy. The legal basis is Art. 6 (1)(b) GDPR.

9. Cloudflare Turnstile (currently not enabled)

Cloudflare Turnstile is currently not enabled on dns-doctor.com; no data is processed by Cloudflare in this respect. Should we enable this bot protection in the future, the following will apply and we will update this policy accordingly:

With Turnstile enabled, Cloudflare, Inc. (San Francisco, USA) processes data such as your IP address and technical browser characteristics when you submit the check form, in order to distinguish automated access from human users. Data may be transferred to the USA in the process. Cloudflare, Inc. is certified under the EU-U.S. Data Privacy Framework (adequacy decision of the EU Commission, Art. 45 GDPR); EU standard contractual clauses are in place in addition (Art. 46 (2)(c) GDPR). The legal basis for the processing is Art. 6 (1)(f) GDPR (legitimate interest in protecting the service against automated abuse).

10. Rate limiting

To protect the service against abuse and overload, your IP address is processed transiently in the server’s memory when you use the checks (rate limiting). It is not stored permanently. The legal basis is Art. 6 (1)(f) GDPR (legitimate interest in protecting the service against overload and abuse).

11. Links to regfish.de and regfish.com

Links from dns-doctor.com to regfish.de and regfish.com contain so-called UTM parameters. These are purely statistical URL parameters indicating that a visit originated from dns-doctor.com. No cookie is set and no profiling is carried out by dns-doctor.com. The privacy policy of the destination site applies to any processing there.

12. Your rights

You have the following rights vis-a-vis regfish GmbH with regard to personal data concerning you:

Right to object: Where we process data on the basis of Art. 6 (1)(f) GDPR, you have the right to object to the processing at any time on grounds relating to your particular situation (Art. 21 GDPR).

Using dns-doctor.com is voluntary; you are neither legally nor contractually obliged to provide personal data. There is no automated decision-making, including profiling.

You also have the right to lodge a complaint about the processing of your personal data with a data protection supervisory authority. The authority responsible for us is the Hessian Commissioner for Data Protection and Freedom of Information (Der Hessische Beauftragte für Datenschutz und Informationsfreiheit), Wiesbaden.

13. Changes to this privacy policy and language versions

We will update this privacy policy whenever the features of dns-doctor.com or the legal situation change. The version published here at any given time applies; you can find the effective date at the end of this page.

This privacy policy is available in German and English. The German version is legally authoritative; this translation is provided for convenience.

Last updated: July 2026