Tell HN: Never search for domains on Godaddy.com
searched a few days ago for felons.io,
looked for unique names for simple game
didn't know if I wanted it or not
guess godaddy decided for me: 1 days old Created on 2020-09-16 by GoDaddy.com, LLC
just a warning if you have a special name do not use godaddy to check if its available
750 comments
[ 4.9 ms ] story [ 520 ms ] threadWe show results quickly because we check if your search is in the zone file. We keep a copy of the zone file in memory, and check searches against that. Some names are "unconfigured" for a variety of reasons, and do not appear in the zone file. So this means we might show a name as available, but when you go to register it, it's gone. This sometimes leads people to believe that we've registered it for ourselves. If you check the WHOIS record, you'll usually find that it's been registered for years before you searched for it.
The only major registrar that I know of that did this was Network Solutions. They did it for a few days in 2008 before getting trashed in the press:
https://arstechnica.com/uncategorized/2008/01/network-soluti...
More recently, when we show a name as available, we'll check again with VeriSign (who runs the .com registry) to make sure. And if it's not available, we'll switch the color from green to red -- a good example is eager.com. It's not in the zone, but not available to register.
And they registered it for two years.
man page: https://www.freebsd.org/cgi/man.cgi?query=whois
source code: https://github.com/freebsd/freebsd/blob/master/usr.bin/whois...
whois godaddy.com
whois superuselessdomainforeveryone.com
look for "No match for domain" at the end
Is this actually causing other problems? Probably.
It sounds like the culprits' big sin was pocketing the money instead of letting the company pocket the money.
But, what godaddy does with the domain they registered? Do they try to sell it to you for an exorbitant price? What's their deal?
But, if you're working in a TLD where Freedom<tm> is more important than actual free markets, do your domain checks against the root servers yourself with dig +trace.
In recent years IANA has run a whois server that provides referrals to the appropriate registry, so in most cases a whois client can start by querying whois.iana.org and follow whois: or refer: lines to the right whois server without leaking too much information. (whois is still cleartext and a very crappy poorly-defined protocol...)
FreeBSD's whois mostly works by following referrals with heuristics for filling in the ghen that doesn't work; Debian's whois mostly uses a built-in database of whois servers and heuristics for finding them.
https://en.m.wikipedia.org/wiki/Domain_name_front_running
Yet now it turns out not only is this established practice, there is even a Wikipedia entry on it.
"It's only paranoia if they're not really after you!"
As a PSA to everyone, you should only ever use whois in a terminal window to see if a domain is available.
It's included with macOS, Windows (?), Linux or any other OS anyone's likely to use. [Edit: a reply says it's not included in Windows. It seems you can download it free here: https://docs.microsoft.com/en-us/sysinternals/downloads/whoi...]
I guess ICANN's lookup tool (https://lookup.icann.org/) is probably more trustworthy than commercially operated ones; it would be a terrible look for them to engage in this practice.
But I always feel much safer using whois in a terminal than any website that can see what I'm searching for.
Is it? I don't think it is included on Windows --- it is available on sysinternal, sure, but not included. (Unless something has changed from when I stopped using Windows)
>But I always feel much safer using whois in a terminal
Also as a minor FWIW, there are plenty of simple GUI's (often built-in) on whois as well so someone can just use one of those if they prefer. macOS for example still has some of the old useful utilities included for free including in this case Network Utility, though for whatever reason Apple moved them out of /Applications/Utilities and into /System/Library/CoreServices/Applications (that's also where a pile of other useful ones went).
A month or so ago, I discovered .wang was a TLD, and I immediately brought it up with friends, and we spent some time happily and goofily brainstorming. I'm not sure about the exact count, but after dozens of queries, whois started returning errors for too many requests.
I thought I saw a complaint about them domain frontrunning once, but it surprised me and I didn't see any hard evidence, and it doesn't seem like them.
But I'll still always feel safer using whois in the terminal. I've been online too long to trust anyone on matters like this.
Besides, whois is right here in my terminal, so it's quicker anyway.
https://en.wikipedia.org/wiki/Domain_tasting
https://icannwiki.org/Domain_Kiting
PS: Use gandi.net, both for search and registration.
I'm not saying they didn't do it, but I base my opinions on facts, not speculation or "they've been doing it for years".
I'm just not seeing any evidence in the WHOIS record that GoDaddy registered that domain--it could have been one of their customers.
Lots of instances of it, I won't bother listing all of it here as I'm on a phone.
https://news.ycombinator.com/item?id=2326790
Their interface is very clean, their business model is no-nonsense, and I dig the managed DNSSEC.
Also, namecheap’s beast mode if you want to check hundreds of domains at once.
There's a reason my personal domain is nothingofvalue.org instead of .com. Because when I went to register the .com originally and backed out at the last minute to give myself time to setup a PO Box (didn't like the ICANN publicly displaying my mailing address), I came back two days later and noticed that someone had registered the .com domain.
You could be right that it's Google, but I doubt they would risk a scandal to make a few bucks like that.
> You could be right that it's Google, but I doubt they would risk a scandal to make a few bucks like that.
I think this HN thread has shown that it seems to be something of an open secret among domain registrars, so I'm not sure it would necessarily be a "scandal", particular given how hard it would be for me to prove it.
The whois information is masked, because that's what we do to protect customer privacy.
https://domaininvesting.com/godaddy-whois-records-no-more-co...
It's registered to someone in New York, not to GoDaddy.
Registrant Organization: Registrant State/Province: New York Registrant Country: US
Respectfully, I stated an objective fact and nothing more, backed by an evidentiary link. As the other reply and yours seemed to have missed the context to which I was replying, "This is really bizarre behavior for HN" which was being contested by my reply - in hindsight I should have quoted it to be blatantly obvious to speed readers.
https://domaininvesting.com/godaddy-whois-records-no-more-co...
It's registered to someone in New York, not to GoDaddy.
Registrant Organization: Registrant State/Province: New York Registrant Country: US
(As a bonus - securities regulators can easily request business records, and will raid offices if they need to - it could be argued a more energetic approach like this in the tech space would not be a bad thing and I would expect travel in this direction as economies continue to rely on further on IT and if companies pull stunts like this it will be deserved).
The whois information is masked, because that's what we do to protect customer privacy.
https://domaininvesting.com/godaddy-whois-records-no-more-co...
It's registered to someone in New York, not to GoDaddy.
Registrant Organization: Registrant State/Province: New York Registrant Country: US
Domain name registration is quite broken and should probably be quasi-regulated in a way TLS certificate registration is.
Pro Tip: Stay the hell away from GoDaddy for everything. I've had the unfortunate task of managing a server hosted with them and it's been consistently awful (ex. I literally cannot upgrade PHP because the VPS doesn't support it and there is no upgrade path without spinning up an entirely new VPS on a different, and of course more expensive, plan). The constant upsells on garbage are basically predatory at this point, too.
It's been so problem-free that I couldn't even remember the provider's name -- I had to WHOIS my domain to figure out who was hosting it.
I like Porkbun quite a bit but sometimes Namecheap is cheaper or it’s easier to just add to that account.
I think I can proudly say I’ve never used GoDaddy as a registrar, but I’ve been with some bad ones over the last 20 years so I can’t claim full moral high ground either.
But Ted's comment implies you can register .is through Namecheap. I wonder how/if they get around the Icelandic NS host problem.
DNS service for my .is domain is handled by AWS Route 53.
I believe Namecheap offloads some of the info for .is back to ISNIC. The only reason I don’t do it under Namecheap is that I’ve had the ISNIC account for 11 years and it’s easy enough to get my annual email reminding me to renew, but I was able to get my friend’s registered through her Namecheap account without issue at the end of last year.
GoDaddy are just bad in every conceivable way.
For those that don't know me, I work for Fabulous.com. I can confirm Fabulous has never and will never engage in activities as described by the OP.
If anyone has any questions, needs assistance with anything relating to Fabulous, feel free to reach out. My email is mike@fabulous.com.
You get free email forwarding (even wildcard), free domain privacy, free website forwarding (with ssl), Google infrastructure behind all of that and the authoritative DNS they offer.
Cloudflare also offers a registrar service and its good.
Any idea if the '£10/year' is every year? Or does it go up after the first year?
Also, I found it weird that they promote a .app and .dev TLD as 'More Secure'.
GD was good when I was brainstorming ideas and wanted to buy domains for peace of mind just for $1.99 or some other big promo discount. But is goes to $22+ the next year, while the normal price is $12. Google.Domains offers flat $12 + lots of value in email forwarding et al. I used to add domains as aliases to my old free GSuite subscription just for emails, which was highly inconvenient. Also redirects from e.g. .org/.info/.net to .com is small but handy thing.
Last time I registered 3 domains with GD 3 months ago there was no promo give-away prices for the first year. Registered with them by inertia. But without almost free prices to "reserve" a domain dealing with GD makes no more sense.
One good thing about GD is that domain transferring from them to Google takes couple of clicks and is pretty fast. I did not have to leave my PC during the process - couple of page refreshes.
Biggest problem is that the site doesn’t work well in ios on iPhone so I use mobile chrome.
https://www.cloudflare.com/tld-policies/
If you use Google Domains, you risk losing access to the domains if Google suspends or terminates your Google account for some reason unrelated to the domains.
https://news.ycombinator.com/item?id=21826368
https://news.ycombinator.com/item?id=24109809
Google Domains charges $12.00/year for .com renewals, compared to $8.56/year at Porkbun and $8.03/year at Cloudflare. With Google's reputation for poor support, most domain owners simply have no good reason to use Google Domains.
And you can expect that they're not going to turn _into_ a scammy registar at any point since, well, it's AWS.
Looking their site they have an intro deal going now to host for a year for $2/month
I use gandi.net because every domain includes email hosting. And France privacy laws.
https://www.gandi.net/en/no-bullshit
Same. I like to see it myself and look for it each time I visit.
I consider it a canary. When that go÷s away, time to evaluate things again.
Versus: https://www.nearlyfreespeech.net/help/abuse
I'm a big fan. I've never had any issue at all, and their DNS hosting seems incredibly robust (I'm not qualified to really analyze it - there's a reason I don't do my own DNS).
Can’t comment on its customer service, because in 23 years I've never had anything go wrong.
I work for Directnic. I can confirm Directnic has never and will never engage in activities as described by the OP.
If you (or anyone) has any questions, needs assistance with anything relating to Directnic, feel free to reach out. My email is mrobertson@dnc.io.
They email me once a year that stuff is about to expire, I renew it.
I've never had to interact with them otherwise about anything, which in this case means they're clearly doing something right.
Then they'll search for technical people to implement their idea. So being hosted there is not necessarily connected with the people actually doing the work.
I think you may be used to cases where the startup idea generator and implementer is the same person. But it's not always that way.
Let's just say it can be used as an indicator.
Most registrars will include a year as part of the transfer so if you have a domain at GoDaddy that expires in 2024, you can transfer it to Namecheap and then it'll expire in 2025 -- without "wasting" what you've already paid for.
brian1999@yahoo.com
I'd be interested to know what percentage of 21 year olds know what yahoo is (they would have sold Tumblr right around them being 18 years old).
Bonus laughter if it's something massively inappropriate. Some e-mail stems from the last position search (this is at a college, granted it is an entry level position, but it's still a college): cuntcrasher, c00rslight, bigswag420, trideltaFcups, and my personal favorite, milfhunter9inch.
These are supposed to be professional people. This is real life. This is real. I can't wake up.
I used to work with a guy whose first + middle initials and last name resulted in an official corporate email of "xlwang", no lie.
Only you can save Corbin Untcrasher and Tyrone Ridel-Tafcups from crushing student loan debt.
1: I didn't make up the terminology, I'm just using it because it exists...
I'm technically competent but have one domain on GoDaddy for a startup I'm handling.
See, the domain we wanted was after market, and the purchase deal was done through a service that requires GD as the registrar.
So, after $12000 for the domain, we have to wait before we can transfer into our AWS.
I imagine that is the class of companies the GP is trying to avoid.
I work for a startup with ~60 employees. The DNS was setup through GoDaddy by our CEO over 6 years ago when the company consisted of just founders.
Employee #1 updated GoDaddy to point to AWS for nameservers. We've been managing DNS through Route53 ever since. It's tech debt, sure, but migrating domain ownership to AWS gives us almost no benefits. I guess having more consolidated billing would be nice, but until finance complains at me I'm not bothering to change it.
It would pain me to find out that a candidate would red flag the company based on domain registrar. Then again, I don't know if I'd care to interview someone who makes such large decisions based on small details with no context.
Everything always depends... But the initial team tends to turn into the top management team, and a company managed by people that can do its main work is completely different from one managed by people that can't. It's reasonable for somebody to want to avoid it.
GoDaddy are on my shitlist after the elephant killing incident, their predatory business practices and low quality tooling. And don't ever forget to renew your domain or GoDaddy will squat it.
I would absolutely yellow flag a tech company for using GoDaddy.
I was not aware of the elephant killing incident, have not experienced their poor tooling (because I have not used them) and was not aware that GoDaddy squats expired domains.
Does this lack of knowledge yellow flag me as a competent person?
Domain registration often happens in a hurry. After a brainstorm that revealed an aha! In that moment, the only thing that matters is grabbing that domain while it's still available. Someone hurriedly registers the thing, with knowledge that it can always be moved later.
If you want to judge a company based on the early inception of the domain, often before deeply technical/experienced folks get involved, that's obviously your prerogative. But I think you'd be unnecessarily filtering out great opportunities in the process.
Oh, and didn't Google Domains use GoDaddy and others behind the scenes for awhile?
Obviously it's not a 100% sign. Just a heuristic. One of many, I'd assume. But I can't fault someone for using one when the cost of a false positive so far outweighs the cost of a false negative.
> until finance complains at me I'm not bothering to change it.
> would pain me to find out that a candidate would red flag the company
You have a good grasp on one perspective, what I would call the purely pragmatic business-owner perspective.
There is another (perhaps flawed) perspective, let's call it the idealistic engineer's perspective. This perspective notices the vestigial godaddy remnants. The flawed DB schema fragments from two refactorings ago which stubbornly survive. The fact that the site goes down for 30 seconds every time someone ships a change to production. The fact that shipping frequently is discouraged because of this. The overly aggressive cache invalidation strategy which causes 30% more DB load. The fact that no one is monitoring the DB load. The API endpoints with 4,000ms of latency. The fact that this will never be fixed because you are way too deep in bed with a poorly chosen framework and ORM.
All of these things can be justified from a business perspective as "not worth the effort to fix". Customers aren't leaving, revenue isn't dipping. It's fine. Just focus on the sprint.
But on every engineer's internal balance scale of "should I stay or should I go", all of these things get noticed. Each one adds a pebble to the "leave" side of the scale. For your talented engineers, two pebbles.
Don't let too many pebbles pile up.
Edit: It is also exactly this kind of thinking that keeps people in bad situations. Nobody wins when anyone thinks like that, except of course the people in the exploiting position in the first place.
You are touching on an important point, which I did not state: that there are no companies with zero pebbles on the scale.
The goal is not perfection. The goal is to avoid a pile of pebbles large enough that engineers feel hopeless / "why do I bother" / "this place is a joke anyway". Good people don't stick around long for that.
But the main point was that thinking that a technical blemish has "zero cost" is a trap. The cost is not zero. The cost is having one more pebble on the scale.
I.e. "technically incompetent"?
yes, a startup registered through Route 53 is a better sign of competency on staff or in their network
but propping up domains wherever you want and changing the cname whenever you want doesn't tell you anything
I typically don't use them by choice (I actually like the AWS admin for DNS, but they aren't cheap - I probably need to check out other services like NameCheap).
But I don't think it is fair to label them technically incompetent, when it is not uncommon to get shanghai'd by accident (maybe that's what you mean by technically incompetent - but frankly if it burns more than 1 hour of my time to fix - I leave it alone because I have other priorities. I also only change about 10~20 vim defaults on a new VM. Fight me.)
That's a mixed signal. I can really help my technically incompetent clients.
All that said: If the startup is using GoDaddy's name servers or certificates (but not their hosting), that actually is a pretty good indicator of ineptitude.
And if a startup is using GoDaddy _hosting_, that is completely indefensible. No startup should be on that sort of shared web hosting, GoDaddy or otherwise. You spin up the VMs, containers, functions, or PaaS (ie Heroku, Firebase) service of your choice in the cloud. Hell, put it on IPFS, host it on a push CDN, distribute it via a data: url. Pretty much anything would be better.
You don't build software at your startup and all this sounds complicated? Then perhaps consider SaaS solutions like GSuite, Shopify, Squarespace etc.
GoDaddy's hosting is unfit for any purpose.
They wrote a blog about their bad experiences with registrars in 2016 (I guess). Since then they have steadily worked to make it a reality.
https://www.cloudflare.com/products/registrar/
When I checked last, it was not possible to buy a domain at Cloudflare, but you could buy it at other providers and transfer to Cloudflare. It might also be possible to buy directly now.
All my domains are transferred to Cloudflare. Their UX is dope. It's like Apple vs Windows. Also since I use CF for DNS and Cache, it makes sense to let CF manage the domain too.
That's because all domains transferred to CloudFlare are required to use CloudFlare's DNS servers. It's just a different business model.
tl;dr never attribute to malice that which is bound to happen because statistics
In this case, I don't see any evidence of front-running. It's more likely that it's a coincidence that someone registered the domain name a day after you searched for it. In fact, I personally would consider that to be more of a 'premium' domain, so it's logical that someone simply also searched for it and bought it.
Personally, when I search for domains, and it's available, I usually just register it and don't wait. I only wait and not register it right then and there if I'm OK with not getting it.
You might want to disclose your affiliation on these kinds of topics, especially when you're arguing the company's side.
There are DNS related articles by "Bill Hartzer", but they seem more to be calling out places for doing shady crap. Including GoDaddy (for front running?). eg:
https://www.billhartzer.com/domain-names/godaddy-caught-regi...
That's just an initial impression anyway. ;)
[1] https://www.godaddy.com/garage/what-is-deep-linking-and-how-...
Good find. :)
https://news.ycombinator.com/item?id=23754056
I’ve written a ton about domains over the years, and the articles you’re referring to that appeared on the GoDaddy blog were syndicated. They actually picked them up through another source.
No disclosure needed, I’m not affiliated with GoDaddy in any way.