I’m currently on the lookout for privacy-respecting domain registrars. What are you guys using and why?
Edit: I’ve registered my domain with Porkbun. I got a really cool one, it’s called reallyaweso.me!
I use Infomaniak, as they follow swiss privacy laws and had the cheapest registration for .ch when I registered it first.
Namecheap since I have been using them since the 00s and never had any problems.
Namecheap, cheap, easy to use, easy to setup DDNS, helpful support staff. I have heard horror stories of them selling popular domains out from under their owner but none were recent.
Same. I buy all my domains there. And in case someone needs a proper API and support for the dns challenge, host your DNS at DeSEC.
The thing that I don’t like is that lot of these DNS hosts don’t support using them for secondary DNS… It looks like deSEC is the same :/
I like using my own DNS server as a hidden primary because it lets me do bulk and programmatic updates more easily.
I’m using DNSMadeEasy for some of my important domains because they have the fastest servers, their service is really reliable, and major brands are using the same DNS servers so it seems like I can trust them. However, after being acquired by DigiCert, their prices went up over 10x… the $60/year plan I was on is now $675/year.
HE’s free DNS supports secondary DNS but their reliability isn’t great. DNSimple supports it but I’m over their limit of 100 records for some zones. Hexonet supports it but I couldn’t figure out how to get it working and neither could their support.
Never heard of DeSEC before, but it looks damn cool! Been looking to get away from CloudFlare.
What makes you want to move from Cloudflare? They are the least expensive option
I use Hostpoint.
They were recommended by Protonmail, and meet my privacy concerns.
+1 for Hostpoint. All my servers are in Switzerland as well.
I started with Porkbun, but I also have some domains on Gandi because they offer a CC TLD I wanted.
No particular reason. They seem pretty alright.
Namecheap for registrar and Cloudflare for the name servers. Always keep those services separated so if one dies, you can still get into the other service to fix it.
If a registrar goes out of business, ICANN transfers the domain(s) to another registrar.
If a name server business fails, you change name servers through your registrar.
You can’t really fix registrar services in your name server, nor name server problems through your registrar. (Unless, of course, your registrar is also your name server.)
If your registrar goes down but the NS are on a different provider, the root servers will keep that NS record and all will be well. You can go to a different registrar and transfer it over, but in the meantime it’ll be fine and you can do whatever you need with your DNS.
If the DNS provider goes down, you can go to your registrar and quickly change the NS to another provider. It’ll quickly be back up on your new DNS servers.
Believe me, I’ve done this for 3 decades because one or the other have gone down on me more than once and I’ve had minimal downtime with this separation. Even when I was running my own NS, I kept more than one NS outside my server farm so if my connections went down, I could pop the farm up on a backup colo and point my tertiary accordingly.
After a bit of research, I’m forced by facts (NS records can be cached for an undetermined time) to see what you’re saying. Thank you for teaching me.
The workings are, of course, a bit more complicated than what either of us have said (here’s a taste), but there is a situation as you describe, where separating the registrar from the name servers, and the name servers from the domain, could save the domain from going down.
Well, I kinda simplified it, but yes, the root servers will keep the NS records as long as nothing else updates it (or nobody requests it for longer than the TTL that came with the last lookup) which is why it works.
Happy to help.
I was thinking Cloudflare as a registrar and AWS as name servers, but good choice regardless.
Is it possible to do that? Afaik they don’t allow to use different name servers if they’re registrars
I had the domain on a registrar that didn’t allow changing name servers (Tophost for 6 euro per year) and I had to “hop” with ovh for 60 days before having cloudflare for a registrar as they didn’t allow to transfer the domain with different NS
Cloudflare doesn’t allow me to change my name servers? What blasphemy! I had never considered this, I thought it would be allowed by default. Where can I read about this?
I’m looking for a cheap domain registrar with terraform support
It’s the main reason why their domains are so cheap. Their thinking is that since you have to use Cloudflare services to use the domain, you may look at the paid services and decide to pay for one, or suggest it at your workplace.
They charge wholesale price for domains, so they make $0 profit on them. Effectively it’s a loss leader to hook you into the ecosystem. That’s the same reason why VMware ESXi used to be free for home labs - users would become advocates for it and use it professionally.
I’ll paste the comment I made earlier:
Oh boy, I was unaware of the fact that I can’t use my own nameservers with cloudflare. Definitely not going to recommend them anymore
Which registrar do you suggest with good API support? Most of my infrastructure uses Terraform and Salt
I use Porkbun for most of my domains. They appear to have an API but I’ve never tried it: https://porkbun.com/api/json/v3/documentation#DNS Create Record
I’m not familiar with Terraform or Salt but maybe you could try use something like https://github.com/StackExchange/dnscontrol as an abstraction over the DNS provider.
Salt is an alternative to Ansible. However I prefer HashiCorp’s Terraform for day 0 deployments. Unfortunately, PorkBun doesn’t seem to support Terraform, so I’ll keep looking. I’ll take a look at the link you sent, thanks.
Out of curiosity, if you don’t use these IaC tools, how do you manage self-hosted infrastructure?
Namecheap because they’ve lived up to their name. The DNS for my domains is all on Cloudflare though as I can automate my letsencrypt renewal that way that I couldn’t on plain old namecheap.
I’m on name cheap and all my letsemcrypt renewals are automated easily.
Maybe its different now, but it didn’t used to be possible to do that.
Just had a thought. It was wildcard subdomain I couldn’t do with namecheap. Things like *.domain.tld
I use acme.sh and everything works fine. It has hooks for namecheap and wildcrds automatically renew
I can automate my lets-encrypt renewal
how? I have a cron job for that on my hosting server.
Same
The first registrar I used was DomainSite, around 20 years ago. They still exist but are called Name.com now. They’re a pretty good registrar.
I have most of my domains at Porkbun these days. They’re great too, and a bit cheaper.
In terms or privacy-respecting, most registrars will mask your WHOIS info for free, to comply with laws like GDPR. Never pay for “WHOIS privacy”.
Google Domains because I have a Google account and buying a domain on it was easy when I needed it. I’m still on Google Domains but you’ve reminded me I need to continue the transfer to Cloudflare before I get forced over to Square Space because they don’t support Dynamic DNS.Cloudflare.
Exactly the same boat. But man Cloudflare is better in every way. Having an API to update/fetch records for a zone does wonders.
deleted by creator
Enterprise tooling (aka a usable API) and it stays out if my way.
On Google now as well, what was the cutover like to cloudflare?
Transferring was straightforward enough, but there were a couple steps that involved waiting for things to update before you could continue and I forgot to get back to it for a while after they were done. Other than that, all my records seem to have transferred over correctly and all I had to do manually was reconfigure my DDNS client and set up email forwarding with gmail again.
Same, Google was easy and as cheap as anyone else. Now Cloudflare
Namecheap bc I typed where to buy cheap domains and that was the first one.
OVH, reasonably priced, API for DNS management and existing certbot integration
OVH because it’s European
Some European ones because the domains have European TLDs.
.eufor example is only available by EU registrars IINM. But also, I do my best to keep the money local where I can.I don’t think that’s true anymore. I moved my .eu to porkbun (which is an American company) and it works. Also, I just tried registering a new .eu domain with them and it works - and they have very good prices! (I’m not affiliated with them)
not true anymore, everybody can buy eu domain
What privacy concerns do you have? I’m all for privacy, but I don’t really see where registrars are a delicate topic in that. The most that comes to mind is that some (most?) have a service where they do not give out your name and address for whois requests, but instead the details of the registrar (namecheap has that for example).
I want my private information to be hidden in Whois requests. Also, I don’t want to buy a domain from a registrar that seems very sketchy.
Most registrars offer whois privacy protection which is a randomized forwarder, so if someone emails the contact it can get to you but none of your information is shown. Usually about $2 a year, don’t forget to auto-renew it.
Namecheap usually adds it for free for the initial registration period.
Some add this as an additional fee and others include it in the annual price.
