How does domain name registration work?
An important part of the process of creating a new website, blog, email, or other Internet service is registering the new DNS domain name. Registration inserts the new domain name into the global DNS so that everyone across the Internet can resolve it and make use of its services.
You can create a new website or other Internet service without registering a domain name. For example, you could create a new blog and publish it through someone else's domain, such as
example.wordpress.org. However, you might instead want your very own domain name, perhaps at
example.org. To make this happen, you will have to register
example.org in the DNS.
When you register a domain name, your registrar adds it to the set of domain names on the Internet DNS. In reality, of course, it's a bit more complex. So let's see how it really works.A regional phone book is analogous to a ccTLD's registry. Photo by Brittany Colette
Registrants, registries, registrars, and ICANN
There are four main players in the process of registering a new domain name:
- The registrant
- The registrar
- The registry
This may be you! The domain registrant is the person or company who would like to register a new domain name. This may be the owner of a small business, the IT department of a large corporation, or an individual person who wants to register a name for their personal blog.
A domain registrar is a company that sells services to allow end users to purchase and manage their own domain names in the DNS. A registrar leases domain names and provides the services necessary to insert that domain name into the global DNS.
Domain names are leased on a yearly basis, not bought outright. If the lease is not renewed, the domain name will be removed from the DNS and will become available for someone else to lease.
As mentioned earlier, registrars are companies that sell domain name registration services. Domain registries, on the other hand, are databases of DNS names under each of the TLDs. Each registry is operated by a different organization. For example, VeriSign operates the registry for the
The registrant is the customer who wishes to register a new domain name. The registrant engages a registrar to create and manage registration of a domain name. And finally, the registrar works with the registry to actually create the NS records in the TLD for the new domain name.
As the registrant for a new domain name, you will need to work only with a registrar. The registrar will work with the registry on your behalf.
All this, at a very high level, is overseen by ICANN (Internet Corporation for Assigned Names and Numbers). ICANN is a non-profit organization with headquarters in California. Formed in 1998 by the US government, ICANN transitioned in 2017 to a global multi-stakeholder model. ICANN manages domain name registries and IP addresses to ensure the stability of the Internet and to foster competition and customer choice. ICANN also oversees operation of the Internet root zone. ICANN also grants accreditation to registrars.
Accreditation by ICANN is a long and complex process. Each registrar pays a fee to apply, plus a yearly accreditation fee, and also a quarterly fee. These fees go towards the operation of ICANN itself. Some of the requirements include:
- A solid business plan
- Financial solvency
- A secure and robust network architecture
- A plan for good customer service
- Processes to prevent domain name abuse
The DNS begins at the root zone
"." and flows downwards into the top-level domains (TLDs). As we discussed in our article on zone delegation, the DNS resolves names starting at the root and moving downwards through delegations. The root zone and the TLDs are involved in resolving every single DNS name on the Internet!
Originally, the TLDs included the single label domains we are all familiar with today such as
mil, and others. Today, these TLDs are called Generic Top-level Domains (gTLDs) because they are associated with a theme rather than a nation.
There are also over 300 Country Code Top-level Domains (ccTLDs). Each ccTLD is for a specific nation such as
au. Some ccTLDs have become popular names for business because they are catchy. For example, the ccTLD
fm is for the Federated States of Micronesia but is often used by FM radio stations and podcasts, and the ccTLD
io is for the British Indian Ocean Territory but has become popular with technology companies and startups (because IO is the acronym for Input/Output).
What happens when you register a domain name?
As a new domain's registrant, here are the steps you will need to follow and the events that will occur in the background:
- Select a registrar
- Select a new domain name and create a zone
- Claim the new domain name with the registrar
- Registrar sends NS records to the registry
Select a registrar
A registrant may use any registrar they wish, but not all registrars support all registries. Some newer TLDs and some ccTLDs may operate with only a few registrars, or perhaps even only one registrar.
Enable strong MFA on your registrar account to protect your domains from hijacking.
Select a new domain name and create a zone
You may have a domain name in mind already, or you may use search tools provided by your registrar to see what names are available.
Once you have selected your new domain name, you must create a DNS zone for it. Your registrar may offer this as a service. Or you might prefer to create and manage the DNS zone yourself using a DNS hosting provider, or even on your own DNS servers.
If you are going to register
example.org then you or someone acting on your behalf must create that zone somewhere. There must be an SOA record at the root of the zone, which must contain an administrative email address for the zone in the Responsible Person field and the host name of a DNS server authoritative for the zone in the Primary Name Server field. The zone must also have at least two NS records at the root of the zone. Each NS record must list a DNS server authoritative for the zone.
It is important to set up the zone correctly so that the new domain will function properly. Some registrars will validate the zone before they will publish NS records in the appropriate registry to protect their customers from accidental misconfigurations. Also note that a zone that is not set up correctly may cause the domain to be flagged as a potential source of spam or suspicious activity.
Some registrars may allow you to claim a domain before creating the zone. Check with your registrar for the details of their exact process.
Claim the new domain name with the registrar
Log onto the web portal of your registrar using your account and purchase the new domain name for at least one year. The cost may run anywhere from a few dollars up to several hundred dollars per year, depending on the registrar and the new domain's TLD. The registrar may perform validation that your DNS zone has been properly created before allowing you to complete this step.
Part of this process will be to set contact information for the domain. This is called Whois information after the name of the Internet directory where it is stored. ICANN requires that all domains have owner information including the name of a person or company, a physical mailing address, and other information. Your registrar will insert this into the registry on your behalf, but it will be hidden for privacy.
Registrar sends NS records to the registry
Once you have submitted the domain registration request to the registrar and paid for one or more years of lease, your work is complete. The registrar will communicate your request along with the NS records for the new domain to the registry for the TLD. The changes will propagate through the network infrastructure of the registry and become visible to the DNS on the Internet. This process may take as little as 20 minutes up to several hours, or longer depending on the registrar and the registry.
If at some point in the future you change the NS records for the domain, you must change them with your registrar as well. This change will also take minutes to hours to propagate to the DNS servers authoritative for the TLD. NS record changes for a domain should be done carefully and incrementally, with consideration for the TTLs of the records and the propagation time for the registrar and TLD.
This is a good kind of hacking. "Domain hacking" is coming up with a clever domain name that incorporates the TLD as part of a word or phrase. For example, ta.co redirects to Taco Bell's main website and n.pr redirects to National Public Radio's (NPR) main website. These domain hacks use the ccTLDs of Columbia and Puerto Rico, even though neither is tied to those locales.
Different ccTLDs have different restrictions on who may register domains with them. Some welcome registrants from across the globe, but other ccTLDs require registrants to have ties to the country or territory of the ccTLD.
Changing an existing domain
After registering the domain, there are two major types of changes that might be made to DNS records for the domain:
- Changes to DNS records within the zone
- Changes to the zone's NS records
example.org has been registered, then at any time the DNS administrator may add or change DNS records inside the zone. For example, to add or update records at
www.example.org. This includes all records other than type NS at
example.org itself. This type of change can be made in the zone at any time. No changes by the registrar are necessary, and it is not necessary to inform the registrar that changes in the zone are being made.
If the NS records at the root of the zone are changed, however, this must be communicated with the registrar. This type of change can be very tricky and if not done correctly can result in a lame delegation and outage for the domain.
There are a number of strategies that can be employed to safely change NS records. These may involve making a single NS record change at a time, with a pause between stages to ensure that nothing has gone wrong. Good monitoring and a plan to roll the changes back if something goes wrong are strongly recommended.
ICANN supports transferring domains from one registrar to another, and transferring ownership from one party to another as part of its mandates to promote competition and customer choice.
Transferring ownership of an existing domain replaces the current owner of the domain in the registry with a new owner. Each registrar has their own process to ensure that the request is legitimate. Generally, both parties must agree to the transfer via a secure mechanism.
The owner of a domain may also transfer the domain to a new registrar. You might transfer to a new registrar if you are unhappy with the service provided by your current registrar.
There are some restrictions on this. For example, a domain transfer request may be denied if the domain is less than 60 days old to prevent abuse by malicious parties.
Many registrars offer the ability to "lock" the domain to the registrar due to incidents of malicious domain hijacking in the past. The registrar will automatically refuse any request to transfer the domain to another registrar while a domain is locked.
Domain locking is a good safeguard against domain hijacking, where a malicious party attempts to fraudulently transfer the domain to another registrar, so they can take it over. The domain can be unlocked at any time. This requires an additional factor of authentication.
Keeping domains safe
It's important to keep your domains safe. An attacker may attempt to hijack your domains through social engineering or other means, to steal data from your customers or to use your domain for some other nefarious purpose.
There are a few things that DNS administrators can and should do to keep domains safe:
- Strong passwords: Use unique and strong passwords for registrar accounts.
- Use multi-factor authentication (MFA): Enable strong MFA on registrar accounts. Note that MFA based on text (SMS) is not particularly strong.
- Use domain locking: Domain transfer is rare, so keep domains locked to the registrar whenever possible.
- Don't allow domains to expire: Once the lease expires, another party may be able to register the domain. Use auto-renewal for payment and update payment methods when necessary, for example when a new credit card number is issued. You may want to pre-pay for a number of years if the registrar permits.
How to select a registrar?
There are many registrars out there these days, all offering similar services. There are a few things you might consider when selecting a registrar:
- Security: Many domains have been hijacked in the past, often through social engineering and sloppy security practices by registrars. It is worth selecting a registrar that offers strong multi-factor authentication (MFA) and is known for a commitment to security.
- Reputation: It may be tempting to select a small registrar to save a few dollars. The security of your domain is likely very important to you, so it may be worth selecting a well-known, large registrar that has a good reputation for security and customer service.
- Ecosystem: You may already host your website or service on a platform that also offers domain registration. It may be easiest to purchase all of your services from a single vendor. This will most likely make administration tasks simpler.
- SSL support: If you are creating a new website, you may want to also purchase SSL certificates for your new domain name, so selecting a registrar that offers this service may be important.
- TLD support: Not all registrars can lease names in all TLDs. If you have a particular TLD in mind, for example the ccTLD of your home nation, you may need to select a registrar that can operate with that TLD.
How to select a domain name?
Finding the right domain name for your new website or service can be challenging.
Most registrars offer search tools to help you find a domain name. If you want your domain name to include a particular word, these search tools can give you a list of variants that are available and show you which TLDs do not already have that term registered.
Domain names should be short and easy for people to remember. It is generally best to avoid numbers in domain names, but they are legal. It is advisable to avoid trademarks and confusion with other businesses.
Part of selecting a domain name will be to select a TLD. It's best to choose a TLD that will be easy for customers to remember. The
com TLD is always a good choice for a business website, or you may choose a TLD that is commonly used by other businesses in your industry. If your business is strongly tied to a particular country, then the ccTLD for your country may be a good choice.