One thing I've sometimes wondered is why we need the two-tier system of registries and registrars. Economically speaking, what essential functions do registrars perform (specifically in their capacity as registrars [1]) that justify their existence? Why can't people register say a .org domain name directly with the Public Interest Registry? Why is an intermediary like GoDaddy required?
There's even a ICANN rule I think that says a registrar and a registry can't be the same legal entity, which is why Google had to create a separate company called Charleston Road Registry for .dev, .app, .google etc (likewise Donuts created Dog Beach LLC and so on).
[1] I know most registrars offer additional services like hosting which smaller (and often non-profit) registries may not be equipped to provide. But that doesn't really answer the question. Why can't registries handle basic domain registration themselves & leave hosting to specialized providers?
Because people were tired of dealing with NetworkSolutions customer support, even if the registry service was good. Verisign bought the registry business, and spun out NetworkSolutions, the registrar.
This is a benefit, because running a registry is a technical business, and running a registrar is a customer service business. In the old days, if you didn't like the service, you needed to find another TLD; post 1999, you can keep your domain and change your registrar when you want. The TLD can redelegate the registry business too, but it doesn't affect the end customers very much.
There's only 2800 registrars, and popular registries likely deal with each of them, but that's not a large number. When registries need to contact registrars, it's manageable.
But not all TLDs operate this way. ccTLDs can operate however they like: some have evolved to a registry/registrar operation, some offer direct registration only, some offer direct registration and through intermediaries.
In practical terms there's a lot fewer. Look through the list of registrars [1], ideally sorted by the contact email, and you'll find that many of them are "sock puppets" of a larger operation:
* 1,251 registrars are operated by NameBright, including "DropCatch.com 345 LLC" through "DropCatch.com 1545 LLC" (numbered sequentially).
* 479 are operated by Network Solutions under many different names.
* 300 are operated by Gname and are named, rather uncreatively, "Gname 001 Inc" through "Gname 300 Inc".
There are a lot of other small-scale duplicates, like about fifty run by LogicBoxes or twenty by DotMedia, but the three mentioned above make up nearly three quarters of the total alone. I'd be surprised if there were much more than two or three hundred distinct companies involved in the domain registration industry.
Yes, I believe the 'duplication' of registrar accounts is so that they can increase their rate limits on drop catching expired domains, presumably to avoid the registrar getting a thundering herd problem from determined registrars. A rate limit solves that at least.
Last I looked they have to pay about £3K for every account annually, so clearly it's still a lucrative niche.
> This is a benefit, because running a registry is a technical business, and running a registrar is a customer service business.
I’ve registered and managed domains for my businesses for 20+ years now and I have never once been in contact with a registrar’s customer service. I want a registrar that runs like a technical business. My main problem with them is that they all turn into leaches when they are successful – charging more and more for renewals, filling their websites with more and more spammy “products”.
> I’ve registered and managed domains for my businesses for 20+ years now and I have never once been in contact with a registrar’s customer service.
Interacting with a registrar's domain management web interface is being in contact with the registrar's customer service - it's just automated, rather than manual, customer service.
That’s like saying a gas pump is customer service. That completely dilutes the meaning out to “the customer uses the product”, which is not what people mean when they say “customer service”. https://en.wikipedia.org/wiki/Customer_service
Thinking lowly of a company's customer service based on how few person-to-person interactions one has had with them is just about the dumbest stance a person could take on the matter. It's on par with the attitude where workers are elevated for creating fires and then putting them out while those who make sure not to create them in the first place are overlooked (or worse).
You said “the dumbest stance anyone can take on the planet” in reaction to the literal definition. It’s clearly an emotional reaction that doesn’t have any substance to engage with.
> My main problem with them is that they all turn into leaches when they are successful
And now imagine how bad that problem would be if they knew that the only way you could walk away would be by giving up your TLD, to which very likely at least some marketing materials - potentially the whole identity of your company - is tied.
I've had the best luck with providers that run a domain reselling on the side. When I was a Sonic.net customer, I used their domain services, cause it provided just enough for what I need. I currently use nearlyfreespeech.net for most of my domains; it's barebones and I have to pay a service fee to update my DNS server IP, but it's better than dealing with something else; although I have two domains they don't support.
I setup OpenSRS reseller accounts for two internet businesses I worked for in 2000, and I might do it again for a low effort side business, but I haven't convinced myself the paperwork burden is worth it to operate a business.
> I've had the best luck with providers that run a domain reselling on the side.
Yep. This is why I don't mind paying a slight premium to register everything through AWS's Route53.
AWS is making $90b/yr in revenue. Stuff's got to go pretty far off the rails for somebody there to sign off on "Yeah, you know what, I think we really need to start doing upsells and dark patterns in Route53 registrations!"
And if I need to contact support... their support department isn't budgeted based on running a domain registrar. It's budgeted based on supporting their cloud business. Every time I've contacted them about everything they've been quick, efficient, and competent.
So I pay them $14/yr instead of paying Spaceship or Porkbun $10/yr or Internet.bs $13/yr or... If I'm ever at the point where the $1-4/yr matters, I should probably just revisit all these domains I keep renewing.
As someone in the industry, or used to be...'for fairness'. So the registry is a neutral entity, and the registrar doesn't have to be.
The probable real reason? Because ICANN is a money grab full of completely incompetent people from yesteryear who've been coasting for decades. And without registrars, registries may just realize they don't need ICANN at all. Seriously, look at their DNSSec offerings and especially look at the ingenious 'Digital Archery.'
See [1] for ICANN’s historical and recent thoughts on cross-ownership of registrars and registries. They have already allowed cross-ownership for new gTLDs for a while (or am I mistaken?).
IMO one important function of registrars is handling international payment systems. If it were completely up to PIR, I wouldn’t be surprised if they only accepted Visa and Mastercard like so many American businesses selling digital products with no regional restrictions otherwise.[2] That largely wouldn’t be a problem for Americans and Western Europeans but would be terrible for most of the world’s population. This is not an argument against registries offering optional direct-to-registrant services, though.
Registries, like most wholesalers, don’t want to deal with the problems of the general public.
Nor can a global registry ever be adequately qualified to function in local languages or follow regional policy and law.
So they need a channel.
What’s more, it’s not like this hasn’t been tried. Network Solutions tried to be all things to all people and were godawful at it.
So there’s a strong case for commercial separation of tiers by responsibility, and by Conway’s law the separation of technical layers follows naturally.
The allegation of ICANN being a gang of corrupt, protectionist, has-been cronies, is a separate matter
The registrars play an important role in terms of services and support. As soon as you register a domain, the registry for the TLD gains monopoly power over you. That doesn’t create any incentive to provide good services or support.
Registrars have to compete in those areas and that benefits registrants. Instead of eliminating registrars I think they need to be empowered a bit at the expense of the registries. The registries don’t seem to understand the product they’re selling and only seem to care about price discovery and discrimination.
There are a few reasons for the split. Most importantly a registry is tied to a TLD. A TLD can only have one registry for it. A registrar can work with multiple TLDs and multiple registrants.
Imagine them as filters.
A registry maps one TLD to multiple registrars.
A registrar maps multiple registries to multiple registrants.
Companies come with jurisdictions. A given company will operate, or be exposed to, one or more jurisdictions. In the modern Internet era this is even more important, but even before privacy became paramount you could never expect every registry to deal with customers around the world. There are different laws in different countries. So you need some local entity to act as a kind of middleman, if only to accept local currency and payment options.
This conversation has gotten more important recently because legal requirements around registrant data differ by jurisdiction. However, IMO this is simply a logical extension of the requirement for locality.
People around the world do business differently. Also, a registrant may wish to control domains under different TLDs with one account. That requires a registrar that can interface with multiple registries.
I personally wonder why we need a central registry system at all. Couldn't we just use a DHT or similar? I understand why it was created this way to a good degree, but why we continue to use this I don't get at all, there have been wonderful practical advances in networking and distributed computing since this was all set up and I can't think of one good reason not to use those advances to make the internet better.
I think in some rarer cases there are TLDs where the registry and registrar are the same, though they may be going away. The Pitcairn domain registry did not used to have a registry-registrar split even relatively recently, for example; it might now, but I'm not sure how to check. This may only be a legacy thing, or perhaps ccTLD-specific. Not really sure.
At the time ICANN started, it seemed like a cabal of business people got together, and agreed to take a public stewardship duty, and turn it into a "market" where many could profit.
You'll hear claims of how privatizing this public good simple administrative function "optimizes customer service", but I think that's either been shown to be some Ayn Rand Libertarian fantasy, or was intentional corporate BS messaging from the start.
We might speculate it's the same reason that AWS doesn't offer software development services or Facebook doesn't produce content. They create the platform for others to build on top of it.
Functionally, it's almost exactly like managing something with any other registrar although if you're looking for a NameDaddyCheap like experience of actually hosting a website and email forwarding in a single package then you'll have to sort it out yourself, the only thing you can do here is designate the ownership (whois) details and supply name server addresses.
You are billed directly by the government* of Åland - I guess it is easy and cheap enough for them to run this directly than miss out on profits that would go to an exclusive registrar.
*Or whatever they are technically called being an autonomous part of Finland.
You have to pony up day #1 for application costs, you have to contract to ongoing annual payments, you. have to have USD70,000 on hand for business continuity or demonstrate why your particular model doesn't need that.
I think any beneficent registrar right now is probably grandfathered-in.
You don't need $70k cash on hand, you need "Evidence of an externally verified document of the capital (such as by guaranteed bank loan or by a guaranteed credit line or letter of credit from a recognized financial institution) must be provided with the application."
But even if you needed $70,000 cash on hand, that doesn't seem like that much money. You're going to need some working capital, and $70,000 feels like it should be a good enough start. IMHO, I'd go through a reseller program for a while to make sure I had the volume / revenue to justify the ICANN fees to be a registrar directly; of course, if you do make the jump, you'll likely need to stay in the reselling program for existing domains or convince/help customers move their domains over, which is extra hassle; I've seen some companies where they are an ICANN registrar, but they use resellers for some TLDs and legacy customers.
When it was new, I set up two different employers as OpenSRS resellers; and I've been on and off considering setting it up for myself as a low effort side business, but I can't decide if it would be too much work for not enough reward. I hated dealing with money on the internet at the turn of the century, and I don't think it's gotten that much better.
How is $70,000 not much? OK sure, companies can be expected to deal with a bit higher number than the median revenues of citizens. However concurrent businesses won't flourish if there is an entry paying wall which by far exceed individual capacities.
First on barriers: Becoming a reseller to an existing registrar requires far less than $70k. In fact there's tens if not hundreds of thousands of these types of businesses out there.
Second, being a registrar is a ton of responsibility and you cannot start thinking it should be as easy as starting your handmade jewelry business.
And finally, no, $70k is not a lot of money especially for a stable business with a sound business plan. Banks especially love loaning money on reliable income sources, and domain names are very stable.
> demonstration of the ability to procure liquid capital immediately available in the applicant's name at the commencement of the accreditation period in an amount of US$70,000 or more will be deemed adequate, although a lesser amount will be accepted upon a showing that in the circumstances it will provide adequate working capital.
So, if you have a way to show that less will work, ICANN says they're flexible. IMHO, if you're a registrar trying to make money, you need to expect to sell a lot of domains, and so you'll probably need much more credit than $70k to manage payments from customers and to registries and ICANN.
Fixed fees are $4k/year, per registrar variable fees were about $1.5k last year if I read the reports correctly. Registrar margin tends to be about 10%, unless you're a specialty registrar, so you've got to be selling $55k/year of domains to break even on the ICANN fees. Let's call that $4,500/month for easy math. But ICANN presumes you need 5 full time employees for customer service; indeed says 18000 INR/month for customer service base salary in India [1], which is about $200/month USD. Five employees is $1,000/month but my US rule of thumb is all-in costs is at least 2x, so you need $20,000/month in domain sales to cover that.
With the icann fees and the employee costs, you need $24,500/month in sales to break even. I'm happy to ignore computing costs, it's probably not nothing, but you can do a lot with a little these days.
$70,000 is not quite 3 times the minimum sales number. Having that much credit available means you can continue to pay suppliers(registries) if your payment provider puts an unexpected hold on your payments, as long as it's resolved within less than three months. That doesn't seem like an unreasonable ask for customer continuity.
But, if it's too much; there are reseller programs. OpenSRS was reseller only when it launched in the first batch of ICANN accredited registrars. Annual fees and credit requirements are much less to be a reseller; if you end up with enough volume that being a registrar instead of a reseller makes sense, you'll likely have accumulated available credit, too.
These aren’t really new rules, there is nothing to be be “grandfathered” into. Maybe they made some slight adjustments but I was looking at the process to become a registrar 5+ years ago and the process as I recall was pretty much the same.
There should be more independent monitoring, oversight and regulation of registrars. I will take my recent experience with GoDaddy as an example: where actively searching for a never-before-used domain will cause them to be automatically registered by GoDaddy. They then turn around and sell it to you for an a few $100 or even a few $1000 more.
This is basically highway robbery and ICANN should not allow registrars to run such backhanded, possibly illegal, practices.
One idea I‘ve been toying with is to set up a non-profit registrar funded by donations. It would just pass through the registration fees from the registries without markup.
Similar to Let‘s Encrypt but for domains. Of course it would be more complicated because the entity would handle money, but nothing that couldn‘t be solved from what I can see.
Does anyone with experience in the field have any insights on what roadblocks would be encountered?
What would your pitch to donors be? Let's Encrypt was transformative by combining free and automated. Would your registrar be doing anything besides subsidizing domains for people who are willing/able to pay $9.15 (.com price without markup) but not $10.37 (Porkbun .com price)?
Also, registrants will not understand that you are just an intermediary who is making no profit. Since they paid you, they will hold you responsible for any problems they have, and won't shy away from disputing credit card transactions if you don't provide the level of support they expect. That's a lot harder to deal with than a free service, which can get away with providing no support.
> Buy and renew domains through Cloudflare Registrar at cost, without markup fees. You only pay what is charged by registries and ICANN
The problem is, running a registrar is complicated. It costs money. People get angry with you when things break - especially if they've paid you money.
You also have to deal with abuse reports, copyright complaints, and a legal demands. Good luck finding people who want to volunteer for that particular job!
Cloudflare does sell domains at cost but the catch is that domains registered through them must use CFs nameservers, so they can try to upsell you to their paid services. In that regard they are like most other registrars which treat domains as a loss leader for other products, except they take it to the limit of making nothing on the domains rather than a few cents.
I don't have a lot of deep experience here, but I registered by first domain the old fashioned way, send an email, get an invoice from NetworkSolutions, and mail it back with a check. And I setup two low volume OpenSRS reseller accounts for two companies in 2000, IIRC.
Registrar markup is not really that much. As I understand it, PIR, the operator of the .org registry charges registrars $9.05 / domain year [1], and low cost registrars typically charge end users $10 / domain year. I know there was a dust up over PIRs management recently, but I don't remember the details and couldn't find them in a quick look; if these aren't the actual numbers, they're pretty close. After payment processing, costs of included registrar provided services, customer service and operations, there's not really huge profits being made by registrars; providing service as a pass through at direct cost wouldn't be that compelling.
You'd need some other reason to encourage people to use your services, but I'm not sure what that would be. I've used specialty registrars at work, and they've got features like presence services where they have real people in the jurisdiction that satisfy the requirements of TLDs that require someone in the country to register a domain and corporate registrars that will work with the registry to enable registry locking that makes it incredibly difficult to change domain settings [2]. These are compelling features for the right kind of customer, but I don't think it makes sense for a non-profit to provide them.
[2] We moved to one of those after the current flavor of Network Solutions was phished and an unauthorized person used a customer service account to change our domain's glue records as well as some others; with registry lock, no changes can be made by the registrar unless the registry unlocks the domain after doing a song and dance routine with the end customer --- not very convenient, especially when the authorized person ignores the call to dance, but better than when a registry employee can get phished and change our domain without our consent
Exactly. I run a registrar price comparison service, and a lot of domain extensions are basically sold ‘at cost’. The catch is that a) a registrar will sell some tlds with a tiny/no margin, but charge a healthy extra for other tlds (like a ‘loss leader) and/or b) get you on the renewals (or c) keep increasing fees once their number of customers is high enough and hope most of them won’t notice for some time, double or triple of regular fees is not uncommon!).
So even though margins are low, as a customer it still makes sense to shop around.
Ps https://dot.bs is the service I run to compare tld registration and renewal prices
That's a good, but separate question. My point is an at cost registrar probably saves people 10% on a .org, which doesn't meaningfully increase access... If you can't afford $10/year, $9/year isn't really affordable either.
To your question though, I think PIR actually contracts out the operation of the registry to Affilias. I don't know what the current rate is, but before they renegotiated, they were paying about $3/domain to Affilias [1] based on a reported payment of $33M on just under 11 million domains.
I don't really know where the rest of the money goes. There were a lot of questions when PIR tried to sell .ORG to private equity in 2020, but I don't know if there was much follow up after the deal got quashed.
PIR is owned by the Internet Society, a 501(c)(3) nonprofit which does a bunch of other stuff, like running the IETF. Most of the Internet Society's revenue comes from selling .org domains.
It doesn't. It could hypothetically cost PIR $0. 501(c) organizations are not prohibited from collecting and spending profits, they are prohibited from unreasonably distributing such earnings to private shareholders and individuals (see https://www.irs.gov/pub/irs-tege/eotopicc90.pdf).
What are the alternatives to these centralizing naming services?
I guess most people don't even use direct url address for anything. I often see people looking for "google" in the adress/search bar before searching the term from which they expect the link to the website they are looking for.
So given this pattern, I don't feel like the domain name is something relevant for most end users.
For a static page, or any autonomous js spaghetti, it's easy to simply save the document locally.
As soon as some updatability comes in, like a comment section, then the issue of having a way to track a distant resource really becomes relevant. IP offer no guarantees of stability of resource provider. A domain name ensures transparent IP transition as long as the domain lessee is willing and able to pay the bill. This latter point is actually a very concrete security concern, which alone should bring enough consideration to look for other approaches.
> So given this pattern, I don't feel like the domain name is something relevant for most end users.
Oh but it is, even if the user doesn’t realize it. How are you going to do SSL without a domain name? I don’t know of any provider that is trusted by a major browser, that will issue ssl certs for an ip instead of a domain name. You could use your own CA but no browser will accept it, and your visitors will be greeted with a browser warning.
IMHO Namecoin/.bit was the only blockchain technology that could actually have been somewhat useful. Didn't catch on and now the blockchain have got so much bad optics that it probably never will.
I wish there were something inbetween the typical registrars who make pennies per domain and need to aggressively upsell other services to stay in business, and the likes of CSC and Markmonitor who focus soley on domain management but won't even give you the time of day for less than 5 figures.
I wish I could more easily comparison shop. You're exactly right. There is a high-end and a low-end, but there is no middle.
People have tried to create a middle, but both kinds of customers will ignore it for obvious reasons. The high-end customers know what they want and can judge quality service. The low-end customers just want the cheapest one.
the date tag on posts is not to indicate whether an article is deprecated vs current. presumably nearly every article posted is currently true (that's the "news" part). it's useful to hint whether it's interesting as a new thing, updated thing, or old but of current interest for some reason.
for the same reason that clickbait headlines draw you in, dates are good to wave you away.
There's even a ICANN rule I think that says a registrar and a registry can't be the same legal entity, which is why Google had to create a separate company called Charleston Road Registry for .dev, .app, .google etc (likewise Donuts created Dog Beach LLC and so on).
[1] I know most registrars offer additional services like hosting which smaller (and often non-profit) registries may not be equipped to provide. But that doesn't really answer the question. Why can't registries handle basic domain registration themselves & leave hosting to specialized providers?