I don't mind the price increases if it helps to deter squatters (i.e. GoDaddy).
It was hell trying to find a reasonable domain for our new company (i.e. one that we would like to have in our email addresses forever). Only 5-10% of the domains we attempted were legitimately in use by some other business or individual. Everything else is a fucking godaddy parking page offering their domain realtor scam experience.
A domain I'd pay upwards of $300 to buy is behind a GoDaddy parked page, and I'd have to pay $70 just to message the owner to begin negotiating. The chances that person would be unreasonable is pretty damn high too, so I haven't been able to justify it.
Edit: Looks like it's $120 to pay for a "broker" now to contact the owner and then a 20% commission on top.
That's fine if only companies are renting domain names. But some of us are individuals running hobby webpages or trying to take control of our email domains.
What's stopping a gTLD owner, .foo to get a bunch of customers onboard with $1.99/year deal and then 5 years later, increase that to $49.99/year? Surely, people who've built businesses on top of their .foo domains will fork up. Any laws preventing this?
To put an example to the other comments, look up the history of the XYZ domain - in a nutshell, they had a fire sale selling domains for pennies to gain market share. Besides normal people, three groups descended upon it: spammers, squatters and hackers. 6 years later and the entire .xyz space is blocked in Enterprise firewalls (source: my workplace) due to that behaviour, preventing me from getting to valid tech sites on the TLD. The XYZ image is still tarnished from cheap domain fire sales at the beginning of it's life - I'd never pay $50 for anything in .xyz today.
To contrast, the .io space entered at what, $50 USD? and continues to be expensive to maintain year over year, providing a natural monetary resistance barrier to the same three groups of people (spammers, squatters and hackers) and seems to enjoy a healthy respect amongst internet users; most consider it a tech-type domain space with tech worker dollars buying the domains for real sites, I even owned one for a brief period when they came out.
Nothing, absent a provision in the registration contract to the contrary, except the risk of everyone fleeing.
> Any laws preventing this?
No. Remember that [ccTLD - I originally wrote gTLD but those are a different thing, as corrected below] are assigned to the countries that they represent (or, in this case, the country that holds sovereignty over the named territory) so subject to their jurisdiction and there’s no real motivation for a country to pass such a law.
Nothing, and .space did pretty much exactly this: $1.99 first year, $9.99 renewal, now yanked up to $20+/year. Existing domains were grandfathered to the old pricing if and only if you noticed and complained about the bait and switch.
At least for the old TLDs, the ICANN contract specified the max it could be raised each year. I want to say it was 10 or 15 percent anually. Not sure about the new gTLDs but I'd imagine they have similar provisions.
> What's stopping a gTLD owner, .foo to get a bunch of customers onboard with $1.99/year deal and then 5 years later, increase that to $49.99/year?
Bad image and massively losing the original customers.
>Any laws preventing this?
No, the gTLDs are allocated by ICANN which is a non-profit based in the US. As a whole, the domain name market follows very economically liberal rules.
It probably doesn't make too much sense from a business perspective.
Domains are dominated by the long tail. Some people have built multi-million dollar brands off the TLD, but how do you raise prices to take advantage of that without losing the 100,000 other registrations that will just churn away?
In your example there's a fair bet they'd lose 99% of their existing user base, and kill any new use acquisition.
I am the owner of a premium gTLD (.dev), which I pay $1,000 per year for. Google runs .dev.
I read the contract carefully, there is nothing preventing Google from increasing the price to 10,000 or 100,0000. It’s my biggest fear.
My only hope is that Google wouldn’t do it from a PR perspective, which I think is a safe and fair assumption.
The real worry is they sell the rights to .dev to GoDaddy or somebody else, because then I am screwed.
Google is one of the best things to happen to domain registrations. I highly recommend them. Even though I’m contractually exposed, to date, Google have been conducting themselves very well in the domain registration market.
One of the great things about .com is that there is a contractual cap on price increases. However the domain I bought would cost in the 10s of millions if it was a .com; so at 1,000 per year, it’s a good deal for the .dev version as long as they don’t significantly increase it (I’m okay with 10% per year increases).
> the domain I bought would cost in the 10s of millions if it was a .com
I don't know much about the pricing of domains, so please excuse my ignorance.
Isn't that just due to the fact that your name was already taken on .com so you had to use a TLD, where is was still free? The 10s of millions you don't have to pay to registrar, you have to pay it the current owner of the domain, who like an owner of anything can dictate the price.
If that is correct, then how is 'google one of the best things to happen to domain registrations'? I guess this is not refering to pricing, because 1k$/a sounds like a lot of money for a domain.
> In a sea of unscrupulous players (who track what names you search and grab them before you do in case they are any good)
Not really… There are many reputable ones. Gandi, namecheap and cloudflare are ones I can immediately think of. It’s just that some shady ones like GoDaddy do a lot of marketing.
I wouldn't fear Google imposing price increases, I would fear Google eventually jettisoning their registry business because it doesn't make Google-scale money or serve a strategic purpose.
Got an alert from namecheap saying my `.pro` domain renewal will cost 16.98$ starting Jan 5, also price increases for 15 other that I don't really care about.
My first thought was, I should pre-pay for the next 9 years now to lock it in cheap... then I looked at the price I pay now, 15.88$ and I paid about 4$ initial registration.
Honestly there's no rush, it's a minor price increase, and I expect things to get more expensive as time flies anyway, that's what happens to literraly every subscription I pay (rent, watter, energy, council tax, internet, phone, email are all "subscriptions" I pay and all of them have increased in price, and will undoubtedly increase again). Not that there's anything you can do about it, it's the "cost of doing business".
I'll have to consider what's the lifetime of this domain, should I pay now, or am I going to throw it away in a few years/months for something else. I'll probably keep it as it's a good one, and I'll put an alarm for the 4th so I have enough time to think this through.
The `.io` price increase looks a bit bigger relatively speaking, but nothing earth shattering... so try following the same logic as I detailed above.
With respect to .io renewal on Gandi.net based on personal records:
US$35.00/yr through 2018
US$38.00/yr (+8.6%) into 2019
US$42.18/yr (+11%) into 2021
If I recall correctly, .io renewal was limited to something like 1- or 2-year intervals not too long ago; this appears to have changed, but I'm unsure when that happened.
Rent seeking behavior from a fallen empire that violently evicted the native people they called "Tarzans" from the very islands .io is supposed to serve? Tell me it ain't so!
BITO was uninhabited before it was settled by Europeans. It doesn't have "native people" according to Wikipedia. Unlike .us/au/ca etc. Are those tlds controlled by their native people?
I find the answer myself [1], searching for ".Web" online is very hard as even google doesn't really take "." into account when searching. I had to go and read the Verisign Q3 investor notes and find a link mentioning it.
Any time i buy a domain I buy 10 years worth. I only buy gTLD domains that are on sale though. I figure if I'm still using it after 10years then whatever the renewal is, it must be worth it.
I was looking at getting a short gTLD for a website I'm starting, but I'm wondering how well they're supported (meaning will DNS resolve, can people send me email, will I get rejected for using the address for account creation on sites, etc). The com/net/org/etc and ccTLD's I know are almost universally supported, but if I had example.whatever, how likely am I to run into issues?
Apart from a few sites like ticketmaster (not resolved) and discord (now resolved) not recognizing the TD I've had no major issues.
Your email reputation will likely be lower rated and likely be thrown in spam with major providers(Microsoft/Google) but that may also be because I am hosting my own email server.
With Everyday High Prices, these TLDs make “domain investing” uneconomical. This way, premium domain revenue is captured by the registrar and not a third-party speculator.
Offtopic but related question: is there any TLD for which a first-level wildcard is allowed in SSL certs? (I mean "* .tld" instead of second-level such as "* .foo.tld").
TLDR; I feel like there should be a special dev-only TLD for certs that go on example code, which skipped all the certificate management limitations. Suggestions are welcome!
It is so cumbersome to provide WebRTC sample apps and tutorials that can be universally run for testing purposes. WebRTC requires HTTPS, and thankfully an untrusted self-signed cert will do for Firefox and Chrome (they will show a warning page that the user can accept); iOS further requires that the certificate is trusted (so no warning page is shown and the load silently hangs on an infinite reload loop, which is nasty if you ask me; to avoid this, you can manually install custom Root CAs to the device).
So, my WebRTC tutorials and demos need to include a self-signed cert that allows users to deploy in their LAN and do a quick test [0]. Browsers tend to accept "localhost" as a safe origin, but what happens with testing on LAN? I feel there should be some convention there, it's not very helpful to test a WebRTC application just on localhost.
To not assume any given LAN subnet, I create my self-signed certs for these domains [1]:
127.0.0.1
::1
localhost
*.test.local
That way, users can create a quick DNS redirection from some .test.local domain to their server (e.g. using avahi-publish command), install the root cert in iOS, and test from an Apple device.
But I'd love if it was possible to just define a first level wildcard:
*.test
*.local
or similar.
Actually the .local domain would be perfect! Thanks to mDNS, when available, all hostnames automatically get their <hostname>.local address, which would be great for an easier than ever setup. Alas, MacOS seems to reject first-level wildcards.
To add to the problem, these demo self-signed certs were created for 10 years, which is fine because I want to drop then on the Git repo and forget about them. But now the maximum allowed longevity for newly created certs is enforced to be a measly 398 days.
Why does all this need to be so needlessly complicated? I guess people will tell me to put in place a cert-renewal scheme, using some CI for all repos that contain demo code or tutorials, but that's highly undesired... There are even people suggesting that certs should live for just days or hours, I guess they are not thinking on this simple use case, for which I don't know if there is an escape hatch.
As mentioned in the TLDR; suggestions are welcome!
> Offtopic but related question: is there any TLD for which a first-level wildcard is allowed in SSL certs?
Nope (unless you own "an entire gTLD").
From the CA/Browser Forum's Baseline Requirements (v1.7.3) [0] (with a few links/references added):
--
3.2.2.6 Wildcard Domain Validation
Before issuing a certificate with a wildcard character (*)
in a CN or subjectAltName of type DNS-ID, the CA MUST
establish and follow a documented procedure that determines
if the wildcard character occurs in the first label position
to the left of a “registry-controlled” label or “public
suffix” (e.g. “*.com”, “*.co.uk”, see RFC 6454 Section 8.2 [1]
for further explanation).
If a wildcard would fall within the label immediately to
the left of a registry-controlled /1 or public suffix, CAs
MUST refuse issuance unless the applicant proves its rightful
control of the entire Domain Namespace. (e.g. CAs MUST NOT
issue “*.co.uk” or “*.local”, but MAY issue “*.example.com”
to Example Co.).
Determination of what is “registry-controlled” versus the
registerable portion of a Country Code Top-Level Domain
Namespace is not standardized at the time of writing and
is not a property of the DNS itself. Current best practice
is to consult a “public suffix list” such as the Public
Suffix List (PSL) [2,3, and to retrieve a fresh copy regularly.
If using the PSL, a CA SHOULD consult the “ICANN DOMAINS”
section only, not the “PRIVATE DOMAINS” section. The PSL is
updated regularly to contain new gTLDs delegated by ICANN,
which are listed in the “ICANN DOMAINS” section. A CA is not
prohibited from issuing a Wildcard Certificate to the Registrant
of an entire gTLD, provided that control of the entire namespace
is demonstrated in an appropriate way.
How is a $4.18 price increase worthy of millions of HN readers’ attention on Christmas? This post is currently #3 on the homepage. Hm, times are tough, people are losing it.
Because this indicative of the direction things are heading. The prices of many TLDs are inching upwards. It's not just gTLDs doing it, but also the ccTLDs.
The .org takeover attempt was recent. We've had bad .com leadership with Verisign. Domain registrars themselves can be pretty scummy.
In an effort to outperform the squatters, many gTLDs are pre-allocating "premium domains" and charging $500, $2500/yr for them.
There's lots of greed in domain names. Or opportunity. Depends upon what your perspective is.
> How is a $4.18 price increase worthy of millions of HN readers’ attention on Christmas?
Because, personally, I was already bit in the ass by these price hikes from a gTLD. I started a personal website with a gTLD (.site) that I registered for about $1, and when it was close to expire suddenly the registrar demanded about $30 for it. I decided to jump ship to another gTLD and let the old one expire, to not support this kind of extorsion.
Since then I've been monitoring the state of the old domain name. Oddly enough my old domain name was parked as a premium domain, being on the market for close to $22, while other domain names from the same gTLD are sold for about $1.55.
In my opinion these gTLDs have been managed through extortion tactics, and I welcome any chance of discussing the subject.
[+] [-] bob1029|5 years ago|reply
It was hell trying to find a reasonable domain for our new company (i.e. one that we would like to have in our email addresses forever). Only 5-10% of the domains we attempted were legitimately in use by some other business or individual. Everything else is a fucking godaddy parking page offering their domain realtor scam experience.
[+] [-] jjice|5 years ago|reply
Edit: Looks like it's $120 to pay for a "broker" now to contact the owner and then a 20% commission on top.
[+] [-] ttoinou|5 years ago|reply
[+] [-] tgvaughan|5 years ago|reply
[+] [-] systemvoltage|5 years ago|reply
[+] [-] gravitas|5 years ago|reply
To contrast, the .io space entered at what, $50 USD? and continues to be expensive to maintain year over year, providing a natural monetary resistance barrier to the same three groups of people (spammers, squatters and hackers) and seems to enjoy a healthy respect amongst internet users; most consider it a tech-type domain space with tech worker dollars buying the domains for real sites, I even owned one for a brief period when they came out.
[+] [-] techsupporter|5 years ago|reply
Nothing, absent a provision in the registration contract to the contrary, except the risk of everyone fleeing.
> Any laws preventing this?
No. Remember that [ccTLD - I originally wrote gTLD but those are a different thing, as corrected below] are assigned to the countries that they represent (or, in this case, the country that holds sovereignty over the named territory) so subject to their jurisdiction and there’s no real motivation for a country to pass such a law.
[+] [-] Symbiote|5 years ago|reply
I registered a ".plus" domain for $2 a year for two years. It made a decent domain hack for a project.
After two years, the renewal price became $20-ish. The project had a new name by then, so I didn't renew.
The same happened for a personal Chinese domain (.网站 I think) that I had for a couple of years while I was learning Chinese.
[+] [-] howlgarnish|5 years ago|reply
[+] [-] axaxs|5 years ago|reply
[+] [-] LaCiteDesAnges|5 years ago|reply
Bad image and massively losing the original customers.
>Any laws preventing this?
No, the gTLDs are allocated by ICANN which is a non-profit based in the US. As a whole, the domain name market follows very economically liberal rules.
[+] [-] underwater|5 years ago|reply
Domains are dominated by the long tail. Some people have built multi-million dollar brands off the TLD, but how do you raise prices to take advantage of that without losing the 100,000 other registrations that will just churn away?
In your example there's a fair bet they'd lose 99% of their existing user base, and kill any new use acquisition.
[+] [-] Ayesh|5 years ago|reply
You are pretty much bound to what the registry can do. Take it away, hike the price up, etc.
[+] [-] wiggler00m|5 years ago|reply
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] abhinav22|5 years ago|reply
I read the contract carefully, there is nothing preventing Google from increasing the price to 10,000 or 100,0000. It’s my biggest fear.
My only hope is that Google wouldn’t do it from a PR perspective, which I think is a safe and fair assumption.
The real worry is they sell the rights to .dev to GoDaddy or somebody else, because then I am screwed.
Google is one of the best things to happen to domain registrations. I highly recommend them. Even though I’m contractually exposed, to date, Google have been conducting themselves very well in the domain registration market.
One of the great things about .com is that there is a contractual cap on price increases. However the domain I bought would cost in the 10s of millions if it was a .com; so at 1,000 per year, it’s a good deal for the .dev version as long as they don’t significantly increase it (I’m okay with 10% per year increases).
[+] [-] stkdump|5 years ago|reply
I don't know much about the pricing of domains, so please excuse my ignorance.
Isn't that just due to the fact that your name was already taken on .com so you had to use a TLD, where is was still free? The 10s of millions you don't have to pay to registrar, you have to pay it the current owner of the domain, who like an owner of anything can dictate the price.
If that is correct, then how is 'google one of the best things to happen to domain registrations'? I guess this is not refering to pricing, because 1k$/a sounds like a lot of money for a domain.
[+] [-] jonplackett|5 years ago|reply
[+] [-] Semaphor|5 years ago|reply
Not really… There are many reputable ones. Gandi, namecheap and cloudflare are ones I can immediately think of. It’s just that some shady ones like GoDaddy do a lot of marketing.
[+] [-] SheinhardtWigCo|5 years ago|reply
[+] [-] ship_it|5 years ago|reply
Thats Google lobbying laterally through other industries but you just can't see it
[+] [-] ignoramous|5 years ago|reply
As a user of both domains.google and namecheap, I'd recommend namecheap.
Usually, in both the cases, I immediately move registration to Cloudflare-run registrar.
[+] [-] ydlr|5 years ago|reply
Except, of course, for the lies they used to enter the market[1].
Repeated throughout: "Members of the public will not be able to register domain names in this new gTLD."
1. https://gtldresult.icann.org/applicationstatus/applicationde...
[+] [-] CydeWeys|5 years ago|reply
[+] [-] _odey|5 years ago|reply
My first thought was, I should pre-pay for the next 9 years now to lock it in cheap... then I looked at the price I pay now, 15.88$ and I paid about 4$ initial registration.
Honestly there's no rush, it's a minor price increase, and I expect things to get more expensive as time flies anyway, that's what happens to literraly every subscription I pay (rent, watter, energy, council tax, internet, phone, email are all "subscriptions" I pay and all of them have increased in price, and will undoubtedly increase again). Not that there's anything you can do about it, it's the "cost of doing business".
I'll have to consider what's the lifetime of this domain, should I pay now, or am I going to throw it away in a few years/months for something else. I'll probably keep it as it's a good one, and I'll put an alarm for the 4th so I have enough time to think this through.
The `.io` price increase looks a bit bigger relatively speaking, but nothing earth shattering... so try following the same logic as I detailed above.
Now the question: how often do these increase?
[+] [-] metaphor|5 years ago|reply
With respect to .io renewal on Gandi.net based on personal records:
If I recall correctly, .io renewal was limited to something like 1- or 2-year intervals not too long ago; this appears to have changed, but I'm unsure when that happened.[+] [-] chrisandchris|5 years ago|reply
[+] [-] posguy|5 years ago|reply
History of British Indian Ocean Territories: http://citizen-ex.com/stories/io
Anyone building a brand atop a ccTLD with this kind of history is taking a huge risk.
[+] [-] mahkoh|5 years ago|reply
[+] [-] bzb6|5 years ago|reply
[deleted]
[+] [-] jjcon|5 years ago|reply
[deleted]
[+] [-] not_really|5 years ago|reply
[deleted]
[+] [-] ksec|5 years ago|reply
What happened to .web ?
Verisign CEO said in their last investor conference that it will be coming soon but then all record of that was deleted from the web.
[+] [-] ksec|5 years ago|reply
[1] https://news.ycombinator.com/item?id=25545130
[+] [-] CydeWeys|5 years ago|reply
[+] [-] denimnerd42|5 years ago|reply
[+] [-] _huayra_|5 years ago|reply
I've been using the 'casa' gTLD (the only others I see that are relatively bargain bin are 'link', 'site', and maybe 'click').
I don't need a brand. I just need to type something in that's not the IP address of my VPS...
[+] [-] mysterydip|5 years ago|reply
[+] [-] doublerabbit|5 years ago|reply
Apart from a few sites like ticketmaster (not resolved) and discord (now resolved) not recognizing the TD I've had no major issues.
Your email reputation will likely be lower rated and likely be thrown in spam with major providers(Microsoft/Google) but that may also be because I am hosting my own email server.
[+] [-] diebeforei485|5 years ago|reply
[+] [-] zero_deg_kevin|5 years ago|reply
[+] [-] amelius|5 years ago|reply
https://en.wikipedia.org/wiki/Internet_Computer_Bureau
[+] [-] j1elo|5 years ago|reply
TLDR; I feel like there should be a special dev-only TLD for certs that go on example code, which skipped all the certificate management limitations. Suggestions are welcome!
It is so cumbersome to provide WebRTC sample apps and tutorials that can be universally run for testing purposes. WebRTC requires HTTPS, and thankfully an untrusted self-signed cert will do for Firefox and Chrome (they will show a warning page that the user can accept); iOS further requires that the certificate is trusted (so no warning page is shown and the load silently hangs on an infinite reload loop, which is nasty if you ask me; to avoid this, you can manually install custom Root CAs to the device).
So, my WebRTC tutorials and demos need to include a self-signed cert that allows users to deploy in their LAN and do a quick test [0]. Browsers tend to accept "localhost" as a safe origin, but what happens with testing on LAN? I feel there should be some convention there, it's not very helpful to test a WebRTC application just on localhost.
To not assume any given LAN subnet, I create my self-signed certs for these domains [1]:
That way, users can create a quick DNS redirection from some .test.local domain to their server (e.g. using avahi-publish command), install the root cert in iOS, and test from an Apple device.But I'd love if it was possible to just define a first level wildcard:
or similar.Actually the .local domain would be perfect! Thanks to mDNS, when available, all hostnames automatically get their <hostname>.local address, which would be great for an easier than ever setup. Alas, MacOS seems to reject first-level wildcards.
To add to the problem, these demo self-signed certs were created for 10 years, which is fine because I want to drop then on the Git repo and forget about them. But now the maximum allowed longevity for newly created certs is enforced to be a measly 398 days.
Why does all this need to be so needlessly complicated? I guess people will tell me to put in place a cert-renewal scheme, using some CI for all repos that contain demo code or tutorials, but that's highly undesired... There are even people suggesting that certs should live for just days or hours, I guess they are not thinking on this simple use case, for which I don't know if there is an escape hatch.
As mentioned in the TLDR; suggestions are welcome!
[0]: https://github.com/Kurento/mediasoup-demos
[1]: https://doc-kurento.readthedocs.io/en/latest/features/securi...
[+] [-] jlgaddis|5 years ago|reply
Nope (unless you own "an entire gTLD").
From the CA/Browser Forum's Baseline Requirements (v1.7.3) [0] (with a few links/references added):
--
--[0]: https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-... (PDF)
[1]: https://tools.ietf.org/html/rfc6454#section-8.2
[2]: https://publicsuffix.org/
[3]: https://publicsuffix.org/list/public_suffix_list.dat
[+] [-] redis_mlc|5 years ago|reply
In 2017, a Google security researcher took over the registrar, meaning he could update the zone files externally.
It was best practice to stop using .io at the time.
I heard a rumor that a more professional registrar got involved after that, but don't know the details.
Anybody know the story today?
[+] [-] DarthGhandi|5 years ago|reply
[deleted]
[+] [-] helsinki|5 years ago|reply
[+] [-] echelon|5 years ago|reply
The .org takeover attempt was recent. We've had bad .com leadership with Verisign. Domain registrars themselves can be pretty scummy.
In an effort to outperform the squatters, many gTLDs are pre-allocating "premium domains" and charging $500, $2500/yr for them.
There's lots of greed in domain names. Or opportunity. Depends upon what your perspective is.
[+] [-] rualca|5 years ago|reply
Because, personally, I was already bit in the ass by these price hikes from a gTLD. I started a personal website with a gTLD (.site) that I registered for about $1, and when it was close to expire suddenly the registrar demanded about $30 for it. I decided to jump ship to another gTLD and let the old one expire, to not support this kind of extorsion.
Since then I've been monitoring the state of the old domain name. Oddly enough my old domain name was parked as a premium domain, being on the market for close to $22, while other domain names from the same gTLD are sold for about $1.55.
In my opinion these gTLDs have been managed through extortion tactics, and I welcome any chance of discussing the subject.
[+] [-] unknown|5 years ago|reply
[deleted]