Hello fellow Lemmings! I hope this is the right place to ask this. I don’t understand how web domains work. Let’s say I want to buy the domain “abcdefghi.net”. I can go to a domain provider like haruba or godaddy and just buy it. but how can they, a private, sell me these domains? I’m not talking about the hosting, but just the domain. where do they register this domain I’m buying? isn’t it possible to register it myself instead of paying these services to do it for me?
When you buy a domain, you buy the right to (among other things) edit the address book for that domain, also known as DNS zones.
Once you buy the domain, for example, you can tell your domain provider “I want example.com to point to the IP address 1.2.3.4”.
Most importantly the domain provider has been given the rights to sell these domains by ICANN who manages what is known as the “root DNS servers”.
When a computer has no idea who to contact to resolve a domain it contacts the root DNS servers first and these tell them to check the entries of the domain provider. It all trickles down from there. If the domain provider wasn’t approved by ICANN then their root DNS servers would never point to them.
In reality there’s more organizations involved including: resellers, registrars and registries. But they all follow the same principle and create a chain of linked address books (DNS zones) that flow from the root DNS servers.
There is not stopping you from setting up your own domain system. You can get all the domains you want for free, but no other computer would be able to access them because by default the convention is to trust only the ICANN DNS servers.
If you use windows, Google “hosts file”. In that file you can enter any domain you want and an associated IP address and your computer will comply with it. You could even have google.com point to your own homepage, but of course that would only be your computer.
By the way, if you hear about DNS servers like google’s 8.8.8.8 or cloudflare’s 1.1.1.1, these are not the root DNS servers. These are called “resolvers” and they are the ones that talk to the root DNS zones and cache their response so that it can be resolved faster instead of having to go down the whole chain every time.
thanks for the super answer! I understand now!
Technically the root DNS servers are the ones hosting com, net, org,… and the country top level domains and registrars sell you domains under those which can have their own set of DNS servers.
but no other computer would be able to access them because by default the convention is to trust only the ICANN DNS servers.
It is not just a matter of only trusting those. There is also no real way to check multiple DNS servers for a single domain and combine the results in a meaningful way. Some systems allow you to configure that requests for specific domains and all their subdomains use a different DNS server for lookups and another DNS server for everything else and of course you can configure multiple servers for redundancy and your system will use one at random or use one when the other is not reachable but you can’t really configure two DNS servers with different views of domains and expect the results to magically combine as needed.
https://tld-list.com/tld/com have some understanding of how this works:
- There’s a non-profit organisation called ICANN at the top who basically controls everything and assigns TLD (top level domains like .com) and so on to registries.
- Registries host different TLDs and keep track of all domains under them.
- Registrar is an ICANN accredited company that can sell domain names. When you buy abcd.net from say Google domains, Google basically files your domain name with the .net registery.
As far as I know, you can’t buy a domain from ICANN directly because they don’t sell stuff? Only registrars can.
In practice there are registrars that charge you the actual price of the domain + a small registration fee (15 cents maybe) in a transparent way without any markup. An example is cloudflare.
Also in practice stay away from GoDaddy. They’re one of the most horrible companies I know. Porkbun, cloudflare, namecheap, namesilo, Google are all usually moderately priced good options. You can find details of all registrars for a tld and their prices using tld-list like: tld-list.com/tld/nameoftld.
Hope that helps :)
Google is not often regarded as Good. “Don’t Be Evil” seems like a distant memory.
I suggest Gandi as an option that does some good.
I mean I’m not a fan of their other services but they have been pretty okay as a domain registrar. Gandi is pretty decent too :) My favourite is prokbun.
Also, be very careful about who ultimately owns the domain name that you’re buying.
I know of someone who “bought” a domain for a ridiculous price and it turned out that they didn’t actually own it. The company registered it in their own name so that he wasn’t able to transfer it to another registrar and had to continue to pay the high fees if he wanted to keep the domain.
Well shady.
Isn’t that parking? I don’t think this would be legal in many places given there wasn’t a completely egregarious contact he missed or something similar.
You say that, but lots of people used to fall for it.
Yeah. I am wary of anyone who offers registrations drastically cheaper than the cost. The usual gotcha I’ve seen is that after the first year, the renewal fees are astronomical end they charge unusually high fees for transfers. I guess ownership shenanigans can happen too.
It’s all managed through ICANN (The Internet Corporation for Assigned Names and Numbers)
https://www.icann.org/resources/pages/register-domain-name-2017-06-20-en
Are more simple explanation to your question: https://www.thesitewizard.com/domain/register-with-icann-sans-middlemen.shtml
thanks for the link, exactly what I was looking for!
In theory you could become a registrar and pay the icann’s fee per domain to sell domains to yourself for cheaper. In practice, becoming a registrar is prohibitively expensive because you have to pay ICANN 10k, and then spend a whole lot more on certifications and processes, and audits from auditors. I recommend staying away from GoDaddy as they are infamous for being very bad to do business with, personally I’d recommend gandi.net and google.domains. namecheap also has interesting offerings.
If you are a student, the Github Student Pack gives you a free .me domain for a year.
it’s “only” 10K? It isn’t so much if you think about it, I expected a lot more
If you are a student, the Github Student Pack gives you a free .me domain for a year. cool! after the 1 year you can pay to keep it or just let it go?
10k is just the nominal fee, the real costs are in the certifications and audits.
the student pack just gives you a 1 year free promo code so you can pay to keep it.
Another vote for Gandi here - used them for years and absolutely no complaints.
That said, CloudFlare are a competent registrar as well and if you’re going to use them for your site anyway…
Just to expand on the other (excellent) answers.
Why can’t you buy a bottle of ketchup directly from Heinz? Well, Heinz only sell wholesale to other businesses, like supermarkets. That’s a simple model for them - not having to sell to end users. They don’t want to be in a retail business because it’s cheaper selling to other businesses.
Additionally, most people don’t want to go to the Heinz shop for their ketchup and the Hellmans Shop for their mayonnaise. Most customers want one place where they can buy all their condiments together.
Registrars buy domains wholesale from registries. So you can go to a registrar and buy a .com or .co.uk and email hosting and a blogging platform.
I don’t think there are any Registries which sell direct to end customers. They don’t want your £10 - they want a Registrar’s £10,000.
Q: So does ICANN have its own Doman Name Server (for those who dont know: list of domain and IPs, like a phone catalog) that the other commercial DNS’ (like local ISPs and Google DNS and cloudflare DNS) is connected directly to?
Yes. ICANN has the root DNS servers which point to the DNS servers of the registries (company that manages a domain extension in exchange for a hefty sum each year) which point at the DNS servers of the registrar (company authorized by the registry to sell domains) which either hosts your DNS entries or they can point to any server you tell them.
The commercial DNS you mention are called resolvers and are specialized in retrieving records from the linked chain of servers I mentioned above and caching them so it’ll take less time.
You could point your own resolver to the ICANN root server and then set up your computer to use that resolver.
A small correction: the registrar directs the registry (on your behalf) to configure the registry’s DNS servers to point at whichever DNS servers you specify to host the domain, which default to the registrar’s DNS servers. The chain of delegation is most commonly either:
root -> registry -> registraror
root -> registry -> another DNS hosting provider (CloudFlare, AWS Route53, DNS Made Easy, etc)This is really cool. So if I set my domain’s DNS on the registrar’s website, that DNS record is propogated to the registry? I have had this change start working in under five minutes. It’s insane how fast that is given what is actually being done.
Yes, the registrar controls the NS records (and, if your zone is DNSSEC signed, DS records) for your domain in the zone the registry hosts.
[EDIT: I forgot about this part earlier.] The registrar will typically also give you the ability to “register nameservers”, which means specify one or more names within the name space of your domain that you want to act as nameservers and their IP addresses. The registrar will insert A and/or AAAA records into the registry to be used as glue records.
This is probably much further down in the weeds of “how web domains work” than the OP intended.
Thank you! I didn’t know it was like that, but it makes perfect sense.
If I remember correctly, whoever sells domains is essentially giving you an IP they have access to. You’re essentially buying 123.456.1.10 and pointing it to abcdefghi.net (domain name). When you buy it, and set it to the domain name you chose, then the seller (go daddy) will update ISP DNS providers and such so that people who type in abcdefghi.net will go to 123.456.1.10, AKA your site.
I hope that’s right XD
It’s the other way round. You are buying the right to edit which IP the domain points to.
