[sf-lug] looking for a domain name service provider

Rick Moen rick at linuxmafia.com
Thu Aug 21 09:43:36 PDT 2008

Quoting jim (jim at well.com):

>    i've got a couple or three domain names for 
> which i want to set up web pages. i've used 
> network solutions and godaddy and am not 
> perfectly happy with either. i'd like to know 
> your opinions on preferred means of establishing 
> and maintaining domain names. 

Ah, the old what's-a-good-registrar question.  Here's advice I recently
gave to a friend, who keeps sheepishly renewing at NetSol even though he
has for a long time disliked them:

 Date: Sun, 17 Aug 2008 20:36:26 -0700
 From: Rick Moen <rick at linuxmafia.com>
 To: schoen at loyalty.org
 Subject: loyalty.org is due to expire in 13 days

Hi, all!  My monitoring setup (see:
http://linuxmafia.com/pipermail/conspire/2007-June/003126.html) has just
sent me nagmail saying that the loyalty.org domain is approaching the
need for renewal.  You should do so without delay, as 13 days is getting
dangerously close to expiration.

(Please feel welcome to tell me "I know", and I'll not send you further
reminder attempts.)

----- Forwarded message from root <root at linuxmafia.com> -----

Date: Sun, 17 Aug 2008 07:21:47 -0700
To: rick at linuxmafia.com
Subject: domain-check: Domain expiration warning (90 day cutoff)
From: root <root at linuxmafia.com>

According to 'whois', these domains will expire soon:

dnc.org.nz (in 5 days)
loyalty.org (in 13 days)
flygirl.com (in 18 days)
cascadiacon.org (in 22 days)
saclug.org (in 27 days)
advogato.org (in 35 days)
tux.org (in 40 days)
nic.sk (in 42 days)
nic.su (in 44 days)
groklaw.net (in 46 days)
dragaera.info (in 47 days)
eff.org (in 52 days)
orbital2008.org (in 54 days)
archonstl.org (in 70 days)
eastercon.org.uk (in 85 days)

----- End forwarded message -----

 Date: Mon, 18 Aug 2008 14:02:28 -0700
 From: Rick Moen <rick at linuxmafia.com>
 To: Seth David Schoen <schoen at loyalty.org>
 Subject: Re: loyalty.org is due to expire in 13 days

Quoting Seth David Schoen (schoen at loyalty.org):

> I might have asked you this last year, but do you have a
> recommendation for a registrar to switch to away from Network
> Solutions?  Do you know how complicated that process is and how long
> it might take?
> I registered loyalty.org when Network Solutions was the incumbent
> monopolist and I still haven't switched because I never seem to think
> about switching except when the domain is about to expire.  (Then I
> don't switch because I worry that the process could take too long and
> the domain could expire.  I ought to break this pattern.)

I don't really have a very specific recommendation, in part because of
the odd circumstances of my present registrar:  I use a Tucows OpenSRS
reseller[1] whom Deirdre recommended, Iain Brown of Texas
(http://register.webl.com/), but, last I heard, he didn't really want to
accept new customers.  Many years ago, my first stop after leaving
Network Solutions was Tierra.Net DBA Domain Discover, of San Diego.
>From there, I went to Iain Brown / Tucows OpenSRS.

The domain business in a nutshell:  Registrars tend to be on razor-thin
margins, and so either do that business as a loss-leader adjunct to
other business services (business model #1, common among resellers of
Tucows OpenSRS registration services), or massively automate and survive
through sheer size and quantity of customers (business model #2,
typified by GoDaddy and a host of other bottom-feeders).

A third method is theoretically also possible:  Charge $35/year and up,
per domain (NetSol's price), and actually provide meaningful levels of
human-connected customer service.  (NetSol do not do the latter, of
course.)  Nobody seems to want to attempt this business model, because
price competition is too severe, and not enough customers value service

Domain Discover typifies the fourth and last business model I'm aware
of:  They bundle domain services with other bundled onlines services:
e-mail, Web space, etc.  Their annual (renewal) price these days, not
counting promotional discounts on first year registrations and so on, is
$25.  I frankly think that's still too high (which is why I left them
for Tucows OpenSRS, but then I don't value their bundled services.

GoDaddy have the rock-bottom annual (renewal) price on .com/.org/.net
domains of $8.95.  They are an extremely sleazy outfit -- and also the
largest and fastest-growing of the generic-TLD registrars.  Some of the
reasons you should not do business with them are listed from link
"GoDaddy" on the front page of linuxmafia.com.

Gandi.net (France) and Joker.com (Switzerland/Germany) are both 
reasonably well-regarded and inexpensive.  Gandi is $12/year on 
renewals.  Joker.com is $12.65.

Tucows OpenSRS is $15/year on renewals, which I've come to think of as
the standard commodity price for .com/.org/.net domains.  (Well, $12-15
is the standard price.)

There are dozens of accredited registrars, by now[2], not just
Tucows OpenSRS, Gandi.net, Joker.com, DomainDiscover, and GoDaddy -- but
I really do not have competent current knowledge of most of them, and
only some acquaintance with the foregoing.  I therefore offer, FWIW,
this badly informed prejudice:  You could do a lot worse than an (any)
OpenSRS reseller, or Gandi.net, or Joker.com.

Please be aware that you absolutely do NOT want to attempt to move a
domain within 30 days of expiration, because outgoing registrars
tend to suddenly become accident-prone and slow when you attempt that
process.  Also, it is not permitted to re-transfer a domain within the
first 60 days following a recent transfer, per ICANN rules.

Therefore, with a domain like yours that is close to expiration, your
first step without delay needs to be:  (1)  Renew.  Do _not_ fret over
"losing" your renewal money:  Essentially all registrars will give you
credit on transferred domains for your time remaining at your existing

After the renewal goes through and is reflected in whois, _then_ (2)
pick out a new registrar.  (3) Login to your current registrar's
(NetSol's)  Web-administrative interface for your domain.  (4) Make
very, very sure that your contact e-mail addresses in the domain record
are valid and deliverable.  (5) Turn off the "registrar lock" (or
whatever NetSol calls it) flag that causes automatic rejection of
transfer requests for the domain (and various other types of requests).
Initiate a domain transfer.  (6) As part of that transfer request, get
an "authentication code" for your domain -- aka "auth code", "transfer
key", "transfer secret", "EPP code", "EPP authentication code" or "EPP
authorization code".  See:

(7)  Contact the new registrar.  (Create a login account, then login.)
Use whatever facility they provide to initiate new service for your
domain, providing NetSol's authentication code.  Again, make very, very
sure that your contact e-mail addresses in the domain record are valid
and deliverable.  (6) Your new registrar will contact the old one, to
request transfer, and citing the authentication code you provided.  The
old one (NetSol) will e-mail you, needing your vetting (authenticating)
of the request.  There may be other hoops that one registrar or the
other (almost always the outgoing one) will make you jump through before
the outgoing registrar is willing to release the domain, and NetSol is 
notorious for using any excuse for holding onto them.  The process
can take up to two weeks, even if you answer all queries immediately.
(This is yet another reason not to initiate requests within the last
month before expiration.)

(8)  New registrar should notify you that they've received your domain.
You should immediately login to the registrar's domain-admin interface,
make sure the contact and nameserver data are all correct, and make sure
the "registrar lock" flag is once again set.  (It should already be.)
(Note that you will need to unset that flag to make substantive domain
changes, after which you should set it again, to make theft of your
domain less likely.)

[1] Think of these as like independent local insurance agencies:  Your
local insurance guy probably works for himself or a local firm rather
than Allstate, but handles all retail aspects of your policy so that the
Allstate guys can concentrate on just filing paperwork, feeding their
lawyers, and paying dividends.  Last I heard, for example, Chris di Bona
had Tucows certification as a reseller, presumably so he could take care
of his own domains plus those of a few friends and family members, etc.

The name of Tucows's program is derived from that of a Network Solutions
protocol suite they created, years ago, when the US Commerce Dept.
ordered them to allow competitors access to their back-end registry
database:  the Shared Registry System.  OpenSRS is a Tucows subsidiary
allowing outsides sales/support agents to participate in Tucows's
"SRS" registry access.

[2] http://www.pir.org/index.php?db=content/Website&tbl=Registrants&id=2
This doesn't count resellers.  Becoming an accrdited registrar (as
opposed to a reseller) requires sending an application + $2500
non-refundable fee to ICANN along with your audited financial
statements, and so on.

 Date: Mon, 18 Aug 2008 16:16:11 -0700
 From: Rick Moen <rick at linuxmafia.com>
 To: Seth David Schoen <schoen at loyalty.org>
 Subject: Re: loyalty.org is due to expire in 13 days

Quoting Seth David Schoen (schoen at loyalty.org):

> Have you published this information anywhere?  I bet it could be
> useful to other people who might still be stuck on NSI from its old
> monopoly days.

I hadn't yet.  In part, I just hadn't gotten around to that.  But in
larger part, I've kept getting a nagging feeling that some of the
readers of my advice on the subject (not you) were likely to go do The
Wrong Thing even after hearing my advice, for reasons that I wasn't
fully understanding.

You know what I mean when I say that, as a teacher, one must be wary of
being too familiar with a subject?  One can know the most vital points
at such an unconscious level that one might fail to include them in
explanations.  For years, I kept being mystified about why people kept 
renewing at registrars they hated and then waiting a year until once
again it's four days from expiration time, and only _then_ try to
transfer.  Eventually, in exasperation, I asked myself, "Don't they know
that new registrars routinely give credit for time remaining?  Don't
they know that just prior to expiration is a disasterously bad time to
do anything other than just send in a renewal ASAP?"  And then, I
realised:  No, they don't.

People don't know about that, and they don't know about domain
"slamming" between registrars[1] that has caused invention of the
"registrar-lock" flag and all sorts of other registrar paranoia about 
transfer requests.  They don't know how vital the domain's whois
contacts are, for administrative purposes, and the fact that their
domains can be _cancelled_ if the whois data are judged erroneous.
Actually, most people don't understand what "whois" is all about, at
all.  They thus don't know why the Registrant is vital.  They have no
idea what the e-mail contacts in "whois" are (Registrant, Technical
Contact, Administrative Contact, Billing Contact), why at least some of
those should be out-of-band, and why diversity should exist among those
to avoid single points of failure.  (Most people are unclear on what
"out of band" and "single point of failure" mean.)

Most people I talk with about domains are unclear on domain
administration / ownership being distinct from DNS, and both of those
being distinct from e-mail and Web hosting.  If they're aware of domain
administration being a separate business, they don't understand how that
business works, and they don't understand why registrars differ -- the
fact that some have horrifically bad contract terms, bad
customer-relations histories, and bad attitudes (GoDaddy, NetSol...).
Some are even literally scofflaws who tempt me to use unsafe,
inflammatory words like "fraud" (**cough** Domain Registry of America

Because all those topics are my bread and butter, it's taken me a long
time to spot the reasons for people's typical domain-admin blunders --
because I tend to avoid those pitfalls without really thinking about

I do hope to post a comprehensive article on the subject, but I'd like
to write in such a fashion that includes "mind the gap" warnings against 
common errors and misconceptions.  Which is a much bigger task than one
might hope.

[1] http://kroeker.net/published/verisign_beast.htm

[2] http://luciddesign.wordpress.com/2006/07/07/domain-registry-of-america-droa-scam/

More information about the sf-lug mailing list