I’m currently on the lookout for privacy-respecting domain registrars. What are you guys using and why?
Edit: I’ve registered my domain with Porkbun. I got a really cool one, it’s called reallyaweso.me!
Recently moved over to porkbun after dealing with a couple billing issues with namecheap and not getting the best customer service. Been pretty happy so far.
I moved all of my domains to Porkbun when Google Domains started to close down or become SquareSpace or whatever they were doing.
No complaints so far.
I’ve been with Porkbun for over a year now. No complaints.
I’ve been using Porkbun for over 5 years and haven’t had any issues. I switched from a mix of Google Domains and Namecheap.
So I’m quite new to this, and searching around hasn’t been to clear… if I’m looking to have my own E-mail domain, do I buy a domain in addition to subscribing to an E-mail… service… thing?
Yes, you need to buy (register) a domain beforehand.
The e-mail provider of your choice that provides custom domains will ask you to- either point your domain to their nameservers (done from the domain provider’s panel)
- or insert/update some DNS records on your domain (either from your domain provider’s panel if it is supported or you can link your domain to another DNS service e.g. CloudFlare)
Thank you very much! I’ll look into snagging a domain and setting up like, Bluehost or Proton. I use Proton’s free tier now, but it looks like it’s about 3x as much for their good E-mail plan compared to Bluehost.
Do you know if they support Dynamic DNS?
You can use something separate like Zoneedit for the DNS records
What kind of TLD did you buy? Did you choose a TLD that’s supported by the WHOIS privacy? I wanted to see if
alexpewmaster.de
was available, and it told me this:⚠️ PRIVACY WARNING ⚠️ This TLD does not allow WHOIS privacy but generally redacts your personal information. This means that your personal contact information will be sent to the registry but it should not be made public.
Generally the country based TLDs have that problem. That isn’t unique to porkbun or .de
I have a .de domain with them. No personal info are shown on whois info.
That’s a really weird way of putting it. EU ccTLDs don’t offer whois privacy because it’s not needed. They have whois privacy built-in as well as very strong privacy laws.
If you want a .de domain I would recommend using inwx.de as registrar they have extremely low prices for .de and often run discounts for the first year as well.
The one thing to keep in mind if you’re not a German citizen and/or not have a German address is that you need to provide one after you register a .de domain. INWX has a service for 3 eur/yr that will provide one on your behalf.
Some other cheap European domains without any requirements and built-in mandatory whois privacy are .be, .nl, .fr and .ro.
Keep in mind that some of these ccTLD don’t allow purchasing multiple years in advance and also force you to reset your leftover term if you transfer.
If you’re gonna get an European ccTLD you should also use an European registrar like INWX or Netim or Gandi. Using an European ccTLD with an American registrar kind of defies the whole point.
+1 for Porkbun. They are exceptionally unexceptional.
+1 porkbun. $1.60 for a .top whois privacy. 2FA with security key. Even let me host my own nameserver, so I can have separate internal and external views.
Any registrar allows you to host your own nameservers. You just point to your server from the registrar console.
Cloudflare does not.
Yeah, you have to pay for that feature on cloudflare but considering that they are so cheap I think it’s not so bad.
Every other registrar I have seen allows it though (they are usually more expensive since they earn a profit on registrations.)
porkbun > cloudflare
Porkbun works good for me
In the process of moving all my stuff to porkbun as well. It’s the best.
CloudFlare
Yup, they don’t mark up prices, they allow you to proxy traffic though them, and they have a WAF that you can set up 5 (I think) firewall rules for your traffic for free.
I figure if I’m already using their proxy, may as well have my domains there as well… one fewer party to trust.
Namecheap for registrar and Cloudflare for the name servers. Always keep those services separated so if one dies, you can still get into the other service to fix it.
If a registrar goes out of business, ICANN transfers the domain(s) to another registrar.
If a name server business fails, you change name servers through your registrar.
You can’t really fix registrar services in your name server, nor name server problems through your registrar. (Unless, of course, your registrar is also your name server.)
If your registrar goes down but the NS are on a different provider, the root servers will keep that NS record and all will be well. You can go to a different registrar and transfer it over, but in the meantime it’ll be fine and you can do whatever you need with your DNS.
If the DNS provider goes down, you can go to your registrar and quickly change the NS to another provider. It’ll quickly be back up on your new DNS servers.
Believe me, I’ve done this for 3 decades because one or the other have gone down on me more than once and I’ve had minimal downtime with this separation. Even when I was running my own NS, I kept more than one NS outside my server farm so if my connections went down, I could pop the farm up on a backup colo and point my tertiary accordingly.
After a bit of research, I’m forced by facts (NS records can be cached for an undetermined time) to see what you’re saying. Thank you for teaching me.
The workings are, of course, a bit more complicated than what either of us have said (here’s a taste), but there is a situation as you describe, where separating the registrar from the name servers, and the name servers from the domain, could save the domain from going down.
Well, I kinda simplified it, but yes, the root servers will keep the NS records as long as nothing else updates it (or nobody requests it for longer than the TTL that came with the last lookup) which is why it works.
Happy to help.
I was thinking Cloudflare as a registrar and AWS as name servers, but good choice regardless.
Is it possible to do that? Afaik they don’t allow to use different name servers if they’re registrars
I had the domain on a registrar that didn’t allow changing name servers (Tophost for 6 euro per year) and I had to “hop” with ovh for 60 days before having cloudflare for a registrar as they didn’t allow to transfer the domain with different NS
Cloudflare doesn’t allow me to change my name servers? What blasphemy! I had never considered this, I thought it would be allowed by default. Where can I read about this?
I’m looking for a cheap domain registrar with terraform support
It’s the main reason why their domains are so cheap. Their thinking is that since you have to use Cloudflare services to use the domain, you may look at the paid services and decide to pay for one, or suggest it at your workplace.
They charge wholesale price for domains, so they make $0 profit on them. Effectively it’s a loss leader to hook you into the ecosystem. That’s the same reason why VMware ESXi used to be free for home labs - users would become advocates for it and use it professionally.
I’ll paste the comment I made earlier:
Oh boy, I was unaware of the fact that I can’t use my own nameservers with cloudflare. Definitely not going to recommend them anymore
Which registrar do you suggest with good API support? Most of my infrastructure uses Terraform and Salt
I use Porkbun for most of my domains. They appear to have an API but I’ve never tried it: https://porkbun.com/api/json/v3/documentation#DNS Create Record
I’m not familiar with Terraform or Salt but maybe you could try use something like https://github.com/StackExchange/dnscontrol as an abstraction over the DNS provider.
Salt is an alternative to Ansible. However I prefer HashiCorp’s Terraform for day 0 deployments. Unfortunately, PorkBun doesn’t seem to support Terraform, so I’ll keep looking. I’ll take a look at the link you sent, thanks.
Out of curiosity, if you don’t use these IaC tools, how do you manage self-hosted infrastructure?
Cloudflare and Namecheap. I would use Cloudflare because of cost
Google Domains because I have a Google account and buying a domain on it was easy when I needed it. I’m still on Google Domains but you’ve reminded me I need to continue the transfer to Cloudflare before I get forced over to Square Space because they don’t support Dynamic DNS.Cloudflare.
Same, Google was easy and as cheap as anyone else. Now Cloudflare
Exactly the same boat. But man Cloudflare is better in every way. Having an API to update/fetch records for a zone does wonders.
On Google now as well, what was the cutover like to cloudflare?
Transferring was straightforward enough, but there were a couple steps that involved waiting for things to update before you could continue and I forgot to get back to it for a while after they were done. Other than that, all my records seem to have transferred over correctly and all I had to do manually was reconfigure my DDNS client and set up email forwarding with gmail again.
Enterprise tooling (aka a usable API) and it stays out if my way.
deleted by creator
Cloudflare for support (tooling), Njal.la for privacy (run by the pirate bay founder), porkbun for a happy medium and for the cool kids.
I have mine on Namecheap, but i’ve moved the nameserver to Cloudflare. Been using them for a while, can’t complain at all. Am also paying for their email service on the same domain
njal.la is without a doubt one of the better ones if privacy is number one priority.
Njalla doesn’t seem to be a good option according to this comment on a privacy-focused forum.
Interestingly that is why I chose them like 5 years ago as I figured that is a plus as far as privacy is concerned. Having 1337 show up when performing a domain owner lookup instead of my name seem like a good thing and if I need it to be registered to me it’s easy enough to transfer.
I love the service though and brokep being involved makes them worth considering for anyone into privacy.
Njalla was founded and is ran by Peter Sundee, aka brokep, of Pirate Bay fame… If there’s anyone you can trust …
I would also say this. Njalla is good
Namecheap because I pay 88 cents a year for my domain.
Which TLD?
(Numbers).xyz
I only use it for stuff for me. If you do a real name it’s more.
Namecheap, cheap, easy to use, easy to setup DDNS, helpful support staff. I have heard horror stories of them selling popular domains out from under their owner but none were recent.
Same. I buy all my domains there. And in case someone needs a proper API and support for the dns challenge, host your DNS at DeSEC.
Never heard of DeSEC before, but it looks damn cool! Been looking to get away from CloudFlare.
What makes you want to move from Cloudflare? They are the least expensive option
The thing that I don’t like is that lot of these DNS hosts don’t support using them for secondary DNS… It looks like deSEC is the same :/
I like using my own DNS server as a hidden primary because it lets me do bulk and programmatic updates more easily.
I’m using DNSMadeEasy for some of my important domains because they have the fastest servers, their service is really reliable, and major brands are using the same DNS servers so it seems like I can trust them. However, after being acquired by DigiCert, their prices went up over 10x… the $60/year plan I was on is now $675/year.
HE’s free DNS supports secondary DNS but their reliability isn’t great. DNSimple supports it but I’m over their limit of 100 records for some zones. Hexonet supports it but I couldn’t figure out how to get it working and neither could their support.
Namecheap because they’ve lived up to their name. The DNS for my domains is all on Cloudflare though as I can automate my letsencrypt renewal that way that I couldn’t on plain old namecheap.
I’m on name cheap and all my letsemcrypt renewals are automated easily.
Just had a thought. It was wildcard subdomain I couldn’t do with namecheap. Things like *.domain.tld
I use acme.sh and everything works fine. It has hooks for namecheap and wildcrds automatically renew
Maybe its different now, but it didn’t used to be possible to do that.
I can automate my lets-encrypt renewal
how? I have a cron job for that on my hosting server.
Same
Cloudflare cause they already had my DNS and google domains was on its way to the google graveyard. Not sure how privacy respecting they are but they do offer some kind of partial whois redaction. Surely better than google though?
Namecheap since I have been using them since the 00s and never had any problems.
Cloudflare, because my understanding is that they typically renew at basically cost, and that’s where most of my other DNS stuff is anyway.
I typically buy domains at whatever registrar is cheapest at the time for initial purchase, which most recently was namecheap IIRC.
I’m interested in your “other DNS stuff”
Likely a bad description. I more meant DNS, page rules, tunnels, zero trust logins, and more. It’s honestly just easier to keep it all in one place, and to be honest they are one of the more reliable sources for… literally all of those things.
Hmm, do you have all of this described somewhere? This sounds like a great setup
Nah, it’s just stuff I set up as needed.
The page rules are basic, one redirects to an Etsy shop, another to serve images for email from a cdn, and another for handling QR codes.
Tunnels are set up for subdomains to reach internal network stuff, with a Cloudflare Zero Trust login which prompts for those that don’t have secure logins.
The DNS stuff is subdomains, email records, and a few records for certain game servers.
I also use cloudflare to monitor my DKIM rejections, though my email is through mxroute as they have/had a lifetime option and I don’t like subscriptions.
There are a few different sites as well, one is personal, one is for public facing stuff, a couple for side businesses.
It’s honestly just easier to keep as much together as possible.