Tell HN: Never search for domains on Godaddy.com

1656 points by wasteme ↗ HN
searched a few days ago for felons.io, looked for unique names for simple game didn't know if I wanted it or not

guess godaddy decided for me: 1 days old Created on 2020-09-16 by GoDaddy.com, LLC

just a warning if you have a special name do not use godaddy to check if its available

750 comments

[ 4.9 ms ] story [ 520 ms ] thread
Yes. If you search it 2-3 times, they buy it in most cases.
Then I wonder what if someone trolls Godaddy by searching many names.
I wonder if they have any logarithms that would attack this vulnerability? Someone could write a script to simply search several times for 1000's of names and bankrupt godaddy...
Their domain cost as a registrar is a fraction of retail pricing.
No it's not. GoDaddy has to pay the domain registry (verisign, donuts , etc) for the registration plus a small fee to ICANN. Domains are typically extremely low margin and profit is made up on add-ons.
It might be completely automated, but there could also be an algorithm that selects searched domain names and then puts them in a "review" shortlist for a human (or a team) to scan through and flag for purchase.
It doesn't cost them anything to do this. As a registrar they can register a domain name for free for seven days.
I assume you meant "algorithm", but I wouldn't call it that either. Yes, you could try to exploit this to make them register a bunch of domains, but it costs them basically nothing, and you'd be rate limited/banned for the suspicious behavior long before it put a dent in their wallet.
I had this happen to me with instantdomainsearch.com, which is owned by GoDaddy, I believe.
Hi, I own/operate Instant Domain Search. We make plenty of money from GoDaddy and other partners by helping them find domain names.

We show results quickly because we check if your search is in the zone file. We keep a copy of the zone file in memory, and check searches against that. Some names are "unconfigured" for a variety of reasons, and do not appear in the zone file. So this means we might show a name as available, but when you go to register it, it's gone. This sometimes leads people to believe that we've registered it for ourselves. If you check the WHOIS record, you'll usually find that it's been registered for years before you searched for it.

The only major registrar that I know of that did this was Network Solutions. They did it for a few days in 2008 before getting trashed in the press:

https://arstechnica.com/uncategorized/2008/01/network-soluti...

More recently, when we show a name as available, we'll check again with VeriSign (who runs the .com registry) to make sure. And if it's not available, we'll switch the color from green to red -- a good example is eager.com. It's not in the zone, but not available to register.

Okay, I suppose that’s plausible. I just had a few questionable situations and it seemed fishy.
Can't be totally free. If we all would run random garbage through their search, at some point this evil mudy collapse somehow?
They have some systems that suggest words, word combinations, adjacent terms, and such for domains / related domains. I suspect that by leveraging those existing systems they can relatively easily tell if the names you're entering are complete garbage or not (length, any dictionary terms, high value words, etc).
Then someone cobble together a tool that automatically queries words from a dictionary on godaddy, maybe with variations like numbers appended, "the" prefixed or hip things like turning -er into -r.
I assume “felons” matches a dictionary search that “ajandneeksiciajenebdh” does not
And during the free period they can do "domain tasting", see how many ads they can deliver on that domain and consider keeping it.
Happened to me too. In my case it was sslnx.com
This happened to me too. I was searching the domain on a variety of tools to make sure it wasn't like, secretly a swear word in another language or whatever, then a couple days later it was registered by GoDaddy. I wasn't sure which tool leaked it, or whether that was actually GoDaddy or their domain holder protection. But it was pretty annoying.

And they registered it for two years.

Is there a safe method to search for domains?
Yes, asking for the SOA record for the zone within the parent domain is safe and usually good enough -- and will tell you if it is registered (but not definitively if it is NOT registered). Following up with a single normal WHOIS.
I've been using iwantmyname.com both as a registrar and domain search engine. Never had a name sniped from me.
Agreed. Plus whoisprivacy is free if the tld supports it. Autorenewal is nice also. Only gripe is that they use authy for 2fa. This is a big gripe though.
yes, whois:

whois godaddy.com

whois superuselessdomainforeveryone.com

look for "No match for domain" at the end

Safest way? Have a budget to buy any domain immediately that is free and that might fit what you want.

Is this actually causing other problems? Probably.

They also say "domain unavailable" if you include "godaddy" in the domain name. Any other site will let you register profane domains with "godaddy" in them.
I wonder if they'd allow you to transfer such a domain to them.
I use domainr.com often and never had this problem. Just in case you need a nice alternative.
I've found Porkbun to be pretty good as well.
Wow, this is a blast from the past. I know Godaddy got busted doing this years ago. I forget whether they were sued or just hounded with bad P.R. but I thought they promised to clean up their act. I wish I could find the article now, but Google only pulls up stuff from the last year or so.
If I recall correctly, it was a VP at GoDaddy and some underlings that were busted for this. They were personally profiting from it. GoDaddy got bad PR, those involved got punished (maybe fired?) and people forgot.

It sounds like the culprits' big sin was pocketing the money instead of letting the company pocket the money.

It happened to me too, while I was trying to find the domain name for the new project. It was free and the next day it wasn't.

But, what godaddy does with the domain they registered? Do they try to sell it to you for an exorbitant price? What's their deal?

That's what I'm thinking as well. You'd think that's counter to their business model to keep on buying domains.
Some TLD registries have policies to prevent registrars from front-running their clients by squat-registering their domain searches.

But, if you're working in a TLD where Freedom<tm> is more important than actual free markets, do your domain checks against the root servers yourself with dig +trace.

For most non-ccTLDs, that's regulated directly by the ICANN. It's pretty easy to file an ICANN complaint, FWIW.
Be warned that a domain can be registered without appearing in the DNS.

In recent years IANA has run a whois server that provides referrals to the appropriate registry, so in most cases a whois client can start by querying whois.iana.org and follow whois: or refer: lines to the right whois server without leaking too much information. (whois is still cleartext and a very crappy poorly-defined protocol...)

FreeBSD's whois mostly works by following referrals with heuristics for filling in the ghen that doesn't work; Debian's whois mostly uses a built-in database of whois servers and heuristics for finding them.

I was always expecting something like this to be going on, so I'd never use any Web-based availability-checking tools but then I also tend to be a bit paranoid at times.

Yet now it turns out not only is this established practice, there is even a Wikipedia entry on it.

"It's only paranoia if they're not really after you!"

So .... how can we use this to our nefarious purposes.... anyone want to build an API Tool and random name generator and get GoDaddy to register tons of bogus names.
It's almost free for them, so there's very little downside for them to register thousands of domains. I'd love to see how long it took them to block malicious searches, though.
This sucks and I feel for you. But the sad fact is that domain registrars have been doing this ever since domain names became big business in the 90s.

As a PSA to everyone, you should only ever use whois in a terminal window to see if a domain is available.

It's included with macOS, Windows (?), Linux or any other OS anyone's likely to use. [Edit: a reply says it's not included in Windows. It seems you can download it free here: https://docs.microsoft.com/en-us/sysinternals/downloads/whoi...]

I guess ICANN's lookup tool (https://lookup.icann.org/) is probably more trustworthy than commercially operated ones; it would be a terrible look for them to engage in this practice.

But I always feel much safer using whois in a terminal than any website that can see what I'm searching for.

Yes, namecheap is also sketchy had some trouble when I tried to renew a domain I bought with them then I tried to transfer it to Google domains to only have it blocked
I’ve started using rdap first for this kind of thing partly because it works in browser and also because corporate firewalls like to block whois. Having a standardised response format is also really nice.
> It's included with macOS, Windows, Linux or any other OS anyone's likely to use.

Is it? I don't think it is included on Windows --- it is available on sysinternal, sure, but not included. (Unless something has changed from when I stopped using Windows)

Not by default, definitely. Unless you count via WSL, but WSL isn't installed by default either.
It's not even installed by default in WSL; I had to apt install who is literally earlier today.
I also wanted say "consider whois", but with a few more caveats. First, obviously the whois server you use matters. There is nothing magical about whois that stops GoDaddy from doing the same thing if you query whois.godaddy.com, you still need to talk to someone less likely to engage in this like going directly to InterNIC's, whois.internic.net (still I think under the US DOC, which whatever other flaws it has isn't really scrounging for change there).

>But I always feel much safer using whois in a terminal

Also as a minor FWIW, there are plenty of simple GUI's (often built-in) on whois as well so someone can just use one of those if they prefer. macOS for example still has some of the old useful utilities included for free including in this case Network Utility, though for whatever reason Apple moved them out of /Applications/Utilities and into /System/Library/CoreServices/Applications (that's also where a pile of other useful ones went).

Network Utility has been deprecated in macOS Big Sur.
Namecheap and Dreamhost are both top notch and would never do this.
> As a PSA to everyone, you should only ever use whois in a terminal window to see if a domain is available.

A month or so ago, I discovered .wang was a TLD, and I immediately brought it up with friends, and we spent some time happily and goofily brainstorming. I'm not sure about the exact count, but after dozens of queries, whois started returning errors for too many requests.

that's not the whois software or the whois protocol returning that, it's the configuration of the particular nameserver you're talking to; whois software/protocol allows you to specify different nameservers, so you could switch
A who is server and a domain name server are two different things. But back to the topic: who is servers in most cases have some kind of limit per a certain time frame so you don't abuse them.
I've never had this issue with Gandi.net. They are excellent.
I use them for all my registrations.

I thought I saw a complaint about them domain frontrunning once, but it surprised me and I didn't see any hard evidence, and it doesn't seem like them.

But I'll still always feel safer using whois in the terminal. I've been online too long to trust anyone on matters like this.

Besides, whois is right here in my terminal, so it's quicker anyway.

Not really familiar with submission rules and customs here, but shouldn't that headline be prefixed by "Tell HN:"?
I agree, I was confused as there was no url following the title.
I hope someone from Godaddy responds to this.
I've been using hover.com for years. never had a problem.
This is a scummy move. In the industry I work in, we call this front-running and it’s a criminal act. If the same laws applied here godaddy would be looking at a nine digit fine and jail time for whoever thought this is a good idea.
But I don't see any proof that GoDaddy is the registrant of that domain, they're just the registrar. I don't see any evidence of front-running in this case. I see it more as coincidence if anything else.
They've been doing it for years, it's a pretty well known thing at this point which is long past the point of needing new evidence.

PS: Use gandi.net, both for search and registration.

In this case, felons.io, there is no registrant listed, even on who.godaddy.com. So how can you definitively say that GoDaddy saw that search from the OP and registered the domain?

I'm not saying they didn't do it, but I base my opinions on facts, not speculation or "they've been doing it for years".

I'm just not seeing any evidence in the WHOIS record that GoDaddy registered that domain--it could have been one of their customers.

It happens way too many times with Godaddy so even though it is still speculation, but seems very likely now that they do this stuff. I have seen this complain from people a few times in the past and they all mention GoDaddy.
(comment deleted)
Can you link some prior evidence? I can believe it but is there proof? Could some other data have led another party to registering OP's domain idea?
Seconding Gandi. I spent the past year transferring my domains over (as registrations lapsed with Route53, which is a Gandi frontend with fewer features).

Their interface is very clean, their business model is no-nonsense, and I dig the managed DNSSEC.

https://domains.google is the best I found.

Also, namecheap’s beast mode if you want to check hundreds of domains at once.

Google Domains did the same thing to me a few years ago.

There's a reason my personal domain is nothingofvalue.org instead of .com. Because when I went to register the .com originally and backed out at the last minute to give myself time to setup a PO Box (didn't like the ICANN publicly displaying my mailing address), I came back two days later and noticed that someone had registered the .com domain.

Did you type nothingofvalue.com in the URL bar? If so, your ISP (assuming you use their DNS) might have sold that data to a squatter.

You could be right that it's Google, but I doubt they would risk a scandal to make a few bucks like that.

No, only through Google Domains. And like I said, I got decently far along in the process before I stopped, due to privacy concerns. That probably flagged it as "of interest" to someone who then promptly squatted on it.

> You could be right that it's Google, but I doubt they would risk a scandal to make a few bucks like that.

I think this HN thread has shown that it seems to be something of an open secret among domain registrars, so I'm not sure it would necessarily be a "scandal", particular given how hard it would be for me to prove it.

My team built Beast Mode. Would love any feedback you may have.
It is amazing! API available for the beast mode type queries? I wanna build a domain name exploration tool and the kick it off to you guys for registration (perhaps referral kickback would be nice). Email in my profile.
They were on my radar when I moved over to Gandi, but I'm avoiding using Google whenever possible.
I want to see the evidence before I believe that. I've seen nothing but speculation in this thread.
Agreed. This is really bizarre behavior for HN. This thread reads like a paranoid Reddit post, and people who are requesting evidence are being downvoted into oblivion... Because it's more fashionable to jump on the "godaddy is a cartoon supervillain" bandwagon?
HN has been talking about GoDaddy front-running domains since 2012. https://news.ycombinator.com/item?id=4362478
Talking != proof. Some people at GoDaddy seem to have been busted for doing this independently, and were likely fired. Is it still happening since then? Nothing here would give you a clue.
This is a complete lie and total slander of GoDaddy. https://domaininvesting.com/godaddy-still-not-frontrunning-d...

The whois information is masked, because that's what we do to protect customer privacy.

https://domaininvesting.com/godaddy-whois-records-no-more-co...

It's registered to someone in New York, not to GoDaddy.

Registrant Organization: Registrant State/Province: New York Registrant Country: US

> This is a complete lie and total slander of GoDaddy

Respectfully, I stated an objective fact and nothing more, backed by an evidentiary link. As the other reply and yours seemed to have missed the context to which I was replying, "This is really bizarre behavior for HN" which was being contested by my reply - in hindsight I should have quoted it to be blatantly obvious to speed readers.

I should have been clear, I was referring to OP’s statements which were easily refuted by the Whois search. I thought that was relevant to tying this situation to some HN perceived history of this behavior.
When you recommend something, please mention what is good as well else I can't tell if it's a shill account or not.
How about "doesn't scam you"? Gandi is widely respected. I've registered all of my domains there for over a decade.
It would be easy to test - query for some random domains on their site and see what happens. Which seems close to the story here.

(As a bonus - securities regulators can easily request business records, and will raid offices if they need to - it could be argued a more energetic approach like this in the tech space would not be a bad thing and I would expect travel in this direction as economies continue to rely on further on IT and if companies pull stunts like this it will be deserved).

Happens way too often to be coincidence and can occur on domains nobody else would want. I use GoDaddy and I'm happy with their services, but I never search for a domain before I buy it.
It is called front running in DNS too, and it is perfectly legal.
Honestly, I never expected anything else to happen. With all these ads, loading bars, extremely high domain prices... of course people take all measures to drive prices up. There are even worse people (that are probably/hopefully not affiliated with Godaddy etc.) that just register interesting domains to sell them at some point to someone who actually uses the domain.

Domain name registration is quite broken and should probably be quasi-regulated in a way TLS certificate registration is.

That gave me a chuckle. I take it you work in finance and a subtle form of front running is literally what bulge bracket trading desks do day in day out.
I had this happen as well in the past when researching domain names for a new product.

Pro Tip: Stay the hell away from GoDaddy for everything. I've had the unfortunate task of managing a server hosted with them and it's been consistently awful (ex. I literally cannot upgrade PHP because the VPS doesn't support it and there is no upgrade path without spinning up an entirely new VPS on a different, and of course more expensive, plan). The constant upsells on garbage are basically predatory at this point, too.

I have no choice, they bought out my hosting provider a year ago.
Why not to migrate to another one? There are plenty of them nowadays
Eventually I probably will, but I'm not looking forward to the effort. I'm paid up for now so there's no rush. Luckily my domain service is with a different company.
I have had serious issues with Godaddy as well. Absolutely horrible performance as well.
Me too. But the worst was that I can only contact them by calling them. What?
At least you are able to talk to a real person. I've always had good experience calling GoDaddy customer service. Many other online companies make it a very big hassle if you have an issue that's outside the scope of their FAQs.
Godaddy spammed me so much and so often that I transferred my domain to porkbun.com.

It's been so problem-free that I couldn't even remember the provider's name -- I had to WHOIS my domain to figure out who was hosting it.

I've been using Porkbun for a few years and have no complaints.
I've been using porkbun for a while and it works great. Worth a look.
Spam
honestly, the company is amazing, they are the discord equivalent of domain hosting
Wait, do you mean something positive by this? Discord has always struck me as pretty horrible... I'm not even quite sure how to interpret what you've said in a positive way. Maybe implied popularity, but it's debatable whether popularity is in fact a positive even.
What about discord has been horrible for you?
No ability to use third-party clients without being banned.
Sure, it's against the TOS, but I've been using an external client for probably 2 years and haven't been banned or warned. If Discord are aware then they've explicitly chosen to do nothing.
I use a combo of porkbun, Namecheap, Google domains (primarily all the .dev stuff from that landrush), hover (some legacy stuff) and Isnic (the Icelandic registrar for .is domains).

I like Porkbun quite a bit but sometimes Namecheap is cheaper or it’s easier to just add to that account.

I think I can proudly say I’ve never used GoDaddy as a registrar, but I’ve been with some bad ones over the last 20 years so I can’t claim full moral high ground either.

I found it interesting that Ted mentions Namecheap searching .is. I have a .is domain through Isnic (actually just renewed yesterday), and I'm using 1984 for DNS because Isnic requires a domestic NS provider.

But Ted's comment implies you can register .is through Namecheap. I wonder how/if they get around the Icelandic NS host problem.

I've had an .is domain for a few years now and wasn't aware of that requirement.

DNS service for my .is domain is handled by AWS Route 53.

I think that there was a time when a smaller number of DNS providers was registered with ISNIC. As the gTLD has become more popular, more DNS providers have gone through that process.
I believe that requirement ended. I had to get a different DNS at one point for my .is (registered in 2009) and I still maintain that account with DNSMadeEasy out of laziness), but when I helped a friend register a .is and when I got some additional ones more recently, I didn’t have to do that anymore.

I believe Namecheap offloads some of the info for .is back to ISNIC. The only reason I don’t do it under Namecheap is that I’ve had the ISNIC account for 11 years and it’s easy enough to get my annual email reminding me to renew, but I was able to get my friend’s registered through her Namecheap account without issue at the end of last year.

Thanks folks. I haven't had mine that long -- maybe since 2015 at the earliest. Must have changed shortly after I registered, since it seems that it changed some time ago. I'm certainly not an Isnic OG :)
Yes, we support .is directly. There can be some quirks but we have a ton of happy registrants.
cosmotown.com does spam big time. I created a domain with name ending *cookbook.com, so much spam. I feel miserable for creating one with them.
I've been really happy with Gandi on this front. I just checked, and I haven't received an email from them since I had to confirm my email address two months ago.
Second gandi, not always cheapest but close enough. Good interface and support.
I originally was also on Godaddy, but now I moved to Porkbun and never look back. Love their website and their name.
Recommendations for superior alternatives? I'm an indifferent GoDaddy user but would be happy to switch to something else since I've never liked them as a company.
NameCheap (which I use) and Gandi are common recommendations on HN AFAIK.
I've had great experience with Gandi over the last 10 years.
Gandi is fine. Their domains are slightly more expensive than others.
CloudFlare (yes they are a registrar now) or Gandi are my go-tos! Never had an issue.

GoDaddy are just bad in every conceivable way.

Wow, I didn't know CF did registrations (makes sense though). And looking at their rates shows they don't markup prices. For example, most places charge $12 for a .com address. CloudFlare charges $8.03, which is their cost, they add nothing.
Yep, can't wait 'till they support .cc and whatnot.
The same cloudflare whose ceo decided to deplatform a client not too long ago?
(comment deleted)
Epik, Namecheap, Fabulous for domains.
Thanks for the support and being such a loyal customer bhartzer. Always good to hear from you.

For those that don't know me, I work for Fabulous.com. I can confirm Fabulous has never and will never engage in activities as described by the OP.

If anyone has any questions, needs assistance with anything relating to Fabulous, feel free to reach out. My email is mike@fabulous.com.

Hey Mike! Hope you're well.
I love http://domains.Google

You get free email forwarding (even wildcard), free domain privacy, free website forwarding (with ssl), Google infrastructure behind all of that and the authoritative DNS they offer.

Cloudflare also offers a registrar service and its good.

Does Cloudflare still require you to transfer in or can you actually buy domains from them directly now? The buy and then wait 90 days to transfer in thing is a hassle.
you can buy now but the tld is limited
Interesting. I'd never considered Google for my domains.

Any idea if the '£10/year' is every year? Or does it go up after the first year?

Also, I found it weird that they promote a .app and .dev TLD as 'More Secure'.

I think all domains under `dev` have HSTS turned on.
They call them more secure because the whole TLD is on the HSTS preload list, so no downgrade attacks.
It’s the same every year. I’m sure they could raise the price later on, but if you’re that worried, you can extend your registration to 10 years for 10x the one-year price. And if they do end up raising the price, you can also transfer your domain away.
Second this. Transferred 8 domains a months ago from GoDaddy to Google.

GD was good when I was brainstorming ideas and wanted to buy domains for peace of mind just for $1.99 or some other big promo discount. But is goes to $22+ the next year, while the normal price is $12. Google.Domains offers flat $12 + lots of value in email forwarding et al. I used to add domains as aliases to my old free GSuite subscription just for emails, which was highly inconvenient. Also redirects from e.g. .org/.info/.net to .com is small but handy thing.

Last time I registered 3 domains with GD 3 months ago there was no promo give-away prices for the first year. Registered with them by inertia. But without almost free prices to "reserve" a domain dealing with GD makes no more sense.

One good thing about GD is that domain transferring from them to Google takes couple of clicks and is pretty fast. I did not have to leave my PC during the process - couple of page refreshes.

how's google support?
It’s Google, I haven’t had any issue with the service and been using it since launch.

Biggest problem is that the site doesn’t work well in ios on iPhone so I use mobile chrome.

Cloudflare Registrar offers domains at cost, which makes it the least expensive option for the TLDs it supports:

https://www.cloudflare.com/tld-policies/

If you use Google Domains, you risk losing access to the domains if Google suspends or terminates your Google account for some reason unrelated to the domains.

(comment deleted)
You can add multiple Google accounts to admin a domain. Increases the survivability of access to them.
DNSimple is great for domain names.
We use AWS Route 53 for domain registration. Works like a charm.
Can also recommend them. No race-to-the-bottom scammy upsell shit since... it's basically just there as a value-add on AWS. And you're piggy-backing on all the infrastructure/support/etc that people expect from AWS instead of a domain registrar where people are generally shopping pretty exclusively on price.

And you can expect that they're not going to turn _into_ a scammy registar at any point since, well, it's AWS.

They use Gandi under the hood. Using Gandi directly is a much better experience
If your servers are in AWS, then Route53 is a no-brainer - it lets you do things no other DNS host can do, and it's infinitely better plumbed into the AWS ecosystem (CloudFormation automation, etc.)
I second Route 53 for domains. It’s straight to the point and clear cut unlike other registrars that try to upsell gimmicky features at every step.
I use ipage for domains and hosting and never had a problem with it. I am looking at my past bill and I paid $96 for a year of hosting. I don't use it for much, just static HTML. I use ftp to push changes. Dead simple.

Looking their site they have an intro deal going now to host for a year for $2/month

(comment deleted)
Basically everyone else is a superior alternative.

I use gandi.net because every domain includes email hosting. And France privacy laws.

Same, but different reasons. I just like seeing 'No Bullshit' on their site, since that's basically what I'm thinking when looking for such services.
I just checked-out gandi.net, and I found their page in defense of No Bullshit. What a nice page to see amidst the many other sites filled with Bullshit.

https://www.gandi.net/en/no-bullshit

  "No Bullshit is our philosophy"
  "Above all, "no bullshit" is our golden rule—to treat
   our users how we want to be treated. It's a promise
   to respect your rights and to level with you about our
   shortcomings."
That slogan has probably done them more good business than they know.

Same. I like to see it myself and look for it each time I visit.

I consider it a canary. When that go÷s away, time to evaluate things again.

No spam either. Their UI is also really transparent. You can even edit all of your DNS records as a single plain text file.
I migrated everything to Namecheap a couple of years ago, they have been great. I’m happy not to be giving money to GoDaddy any longer.
dnsimple has been a fantastic provider for me for at least 5 years. it’s just... simple.
Dynadot.com, they've been around a long time, for me it's been the provider I always come back to.
Big fan of NearlyFreeSpeech.net and use them for any TLD they support, unfortunately not including some of the newer more esoteric ones like ".cool", but I'm sure that's probably in the works. I moved over from GoDaddy after GoDaddy pulled down seclists.org for Myspace with no due process: https://mashable.com/2007/01/25/myspace-godaddy/

Versus: https://www.nearlyfreespeech.net/help/abuse

How do registrars “take down” domains? Is it a simple nameserver change that would then propagate over the next few hours?
Yes, in the same way a registrar would redirect a domain to an “expired” page during the non-renewal grace period.
For DNS hosting, not just name registration, EasyDNS is far and away the best. Epik and Namecheap are also really good, and a bit cheaper, if you don't need all the services EasyDNS provides. Both EasyDNS and Epik have a strong commitment to supporting free speech (especially Epik, the DNS hoster for Gab).
I've been using EasyDNS for years.

I'm a big fan. I've never had any issue at all, and their DNS hosting seems incredibly robust (I'm not qualified to really analyze it - there's a reason I don't do my own DNS).

DirectNIC. Based in Louisiana. Been around forever. Fair prices.

Can’t comment on its customer service, because in 23 years I've never had anything go wrong.

Thanks for the support and being such a loyal customer reaperducer.

I work for Directnic. I can confirm Directnic has never and will never engage in activities as described by the OP.

If you (or anyone) has any questions, needs assistance with anything relating to Directnic, feel free to reach out. My email is mrobertson@dnc.io.

I've been using Hover for years and like them.
Appreciate it! I can personally state for the record we don't do what is alleged. I also seriously doubt GoDaddy does it.
I've been using https://internetbs.net/ for the better part of a decade now.

They email me once a year that stuff is about to expire, I renew it.

I've never had to interact with them otherwise about anything, which in this case means they're clearly doing something right.

Gave up Godaddy recently, after 10 years. Overpriced ssl, old php version and no sign for upgrades and improvements.
If you are hosting a PHP website, then just host it yourself. You can get cheaper and better hosting from one of the "economy" clouds like DigitalOcean or Linode, and nowadays TLS certs can be automated for free with LetsEncrypt. GoDaddy as a registrar is fine but the rest of its services are completely unnecessary today.
Whenever I talk to startups, I check their domain. If they are on GoDaddy, it means that they are technically incompetent.
Not necessarily. I used to think that, but it's rather common for the person with the idea to just go and buy the domain on GoDaddy.

Then they'll search for technical people to implement their idea. So being hosted there is not necessarily connected with the people actually doing the work.

I think you may be used to cases where the startup idea generator and implementer is the same person. But it's not always that way.

Yeah, I joined a startup as the first engineer and inherited a GoDaddy registration, which the non-technical founder had purchased. I may have been technically incompetent but the startup's GoDaddy registration had nothing to do with it. :-)
>If they are on GoDaddy, it means that they are technically incompetent.

Let's just say it can be used as an indicator.

One exception is domains picked up from a GoDaddy auction. I believe you have to pay for a year, which you might not want to waste. Or even a transfer takes a while to complete.
You don't lose or "waste" the registrations/renewals you've already paid for when you transfer a domain to a new registrar.

Most registrars will include a year as part of the transfer so if you have a domain at GoDaddy that expires in 2024, you can transfer it to Namecheap and then it'll expire in 2025 -- without "wasting" what you've already paid for.

You're right. I think my memory was domains where you wanted to prepay for "privacy", so the ownership didnt show during the xfer after the auction.
GoDaddy forces you to disable privacy protection to transfer domains off of them. One more truly villainous practice designed to force people to stay. Eventually I became so dissatisfied with GoDaddy that I took the risk and transferred my really old domains off of them anyway. I got lucky and scum websites like domainstools didn't manage to archive my name and address to sell to online stalkers in time, but it's a risk you'd have to take.
Another exception is that at least for awhile (not sure if they still do), Google Domains would farm our registrations to GoDaddy, eNom, etc. So you might not have even realized GoDaddy was in the picture (at least initially).
(comment deleted)
Absolutely. You sound like someone that could really be of benefit to my latest startup. We're doing bigly things. If you're interested in finding out more drop me a line... gator3827@aol.com
Wow, samesies!

brian1999@yahoo.com

> brian1999@yahoo.com

I'd be interested to know what percentage of 21 year olds know what yahoo is (they would have sold Tumblr right around them being 18 years old).

Back in the day it was trendy to affix the year you signed up for an account to your account name - rather than the birth year. It was interesting to see things like sandra96@yahoo.com still the primary email address when sending someone an email to catch up post uni.
God help me, I cannot stop myself from laughing every time I see a @yahoo or @aol e-mail address on job applications/resumes.

Bonus laughter if it's something massively inappropriate. Some e-mail stems from the last position search (this is at a college, granted it is an entry level position, but it's still a college): cuntcrasher, c00rslight, bigswag420, trideltaFcups, and my personal favorite, milfhunter9inch.

These are supposed to be professional people. This is real life. This is real. I can't wake up.

Hey, maybe that's short for Bret Igswag (born April 20).

I used to work with a guy whose first + middle initials and last name resulted in an official corporate email of "xlwang", no lie.

Only you can save Corbin Untcrasher and Tyrone Ridel-Tafcups from crushing student loan debt.

You assume 1999 is their birth year...could be a graduation year.
Or a random year. I like using random dates in usernames.
(comment deleted)
21 here: anecdotally, almost all of them. Having a @yahoo.com address is pretty uncool, though.
I've never had an AOL email but you just inspired me to sign up for one.
there's kinda that ironically-lame hipster vibe to using aol.com email addresses. they're coming back in style.
Just imagine having the OG handle[1] joe@aol.com. That person either has some credibility as being around for quite a while, or paid quite a bit for it.

1: I didn't make up the terminology, I'm just using it because it exists...

I feel attacked. I still have my aol email, HNUSERNAME@aol.com
There is another option here.

I'm technically competent but have one domain on GoDaddy for a startup I'm handling.

See, the domain we wanted was after market, and the purchase deal was done through a service that requires GD as the registrar.

So, after $12000 for the domain, we have to wait before we can transfer into our AWS.

If you can afford $12k for a domain hopefully you’re not worried about the registrar signaling to an investor.
I'm one of the investors too.
I really dislike GoDaddy but this is not the best signal to use. A lot of startups are rather low in engineering talent early on when they're trying to find market fit and make a product. A lot of things about startups are just crap early on. People do things that they shouldn't or will have to pay for in the long run. Startups accumulate debt in many ways. Being on GoDaddy might be one of those. And if the DNS resolves just fine, many won't do anything about it except pay the yearly fees. More importantly, startups should ideally improve as they survive from year to year and not using GoDaddy is going to be pretty low on the list of things they need to fix.
> A lot of startups are rather low in engineering talent early on when they're trying to find market fit and make a product.

I imagine that is the class of companies the GP is trying to avoid.

It would be worth avoiding at that initial stage, but would be less and less of a factor as the company grows and matures.

I work for a startup with ~60 employees. The DNS was setup through GoDaddy by our CEO over 6 years ago when the company consisted of just founders.

Employee #1 updated GoDaddy to point to AWS for nameservers. We've been managing DNS through Route53 ever since. It's tech debt, sure, but migrating domain ownership to AWS gives us almost no benefits. I guess having more consolidated billing would be nice, but until finance complains at me I'm not bothering to change it.

It would pain me to find out that a candidate would red flag the company based on domain registrar. Then again, I don't know if I'd care to interview someone who makes such large decisions based on small details with no context.

Wow. That's funny because that's the exact evolution that happened at my current company (GoDaddy points to AWS and AWS does the rest) and we're now a unicorn. Being a unicorn is not a reflection of engineering quality though. That said, the earlier engineers were pretty bad (So bad that someone at one point terminated every line in Python with a semicolon. Those engineers are nearly all gone now) and I like to think that the current groups are decent engineers. But I don't see us ever going back and transferring the domain somewhere else.
Being a unicorn isn't a reflection of leadership quality either. Again, a particular litmus test that has a quality threshold may work for some and not others, it's still valid for consideration.
> It would be worth avoiding at that initial stage, but would be less and less of a factor as the company grows and matures.

Everything always depends... But the initial team tends to turn into the top management team, and a company managed by people that can do its main work is completely different from one managed by people that can't. It's reasonable for somebody to want to avoid it.

> It would pain me to find out that a candidate would red flag the company based on domain registrar.

GoDaddy are on my shitlist after the elephant killing incident, their predatory business practices and low quality tooling. And don't ever forget to renew your domain or GoDaddy will squat it.

I would absolutely yellow flag a tech company for using GoDaddy.

It would help to better understand your criteria vs. an arbitrary label like yellow flag.

I was not aware of the elephant killing incident, have not experienced their poor tooling (because I have not used them) and was not aware that GoDaddy squats expired domains.

Does this lack of knowledge yellow flag me as a competent person?

Domain registration often happens in a hurry. After a brainstorm that revealed an aha! In that moment, the only thing that matters is grabbing that domain while it's still available. Someone hurriedly registers the thing, with knowledge that it can always be moved later.

If you want to judge a company based on the early inception of the domain, often before deeply technical/experienced folks get involved, that's obviously your prerogative. But I think you'd be unnecessarily filtering out great opportunities in the process.

Oh, and didn't Google Domains use GoDaddy and others behind the scenes for awhile?

Is there greater danger in passing over a possibly competent startup with technical debt such as this, or greater danger in ignoring a potential sign?

Obviously it's not a 100% sign. Just a heuristic. One of many, I'd assume. But I can't fault someone for using one when the cost of a false positive so far outweighs the cost of a false negative.

> gives us almost no benefits.

> until finance complains at me I'm not bothering to change it.

> would pain me to find out that a candidate would red flag the company

You have a good grasp on one perspective, what I would call the purely pragmatic business-owner perspective.

There is another (perhaps flawed) perspective, let's call it the idealistic engineer's perspective. This perspective notices the vestigial godaddy remnants. The flawed DB schema fragments from two refactorings ago which stubbornly survive. The fact that the site goes down for 30 seconds every time someone ships a change to production. The fact that shipping frequently is discouraged because of this. The overly aggressive cache invalidation strategy which causes 30% more DB load. The fact that no one is monitoring the DB load. The API endpoints with 4,000ms of latency. The fact that this will never be fixed because you are way too deep in bed with a poorly chosen framework and ORM.

All of these things can be justified from a business perspective as "not worth the effort to fix". Customers aren't leaving, revenue isn't dipping. It's fine. Just focus on the sprint.

But on every engineer's internal balance scale of "should I stay or should I go", all of these things get noticed. Each one adds a pebble to the "leave" side of the scale. For your talented engineers, two pebbles.

Don't let too many pebbles pile up.

Thanks! That scale/pebbles metaphor very nicely describes something that I have been having a difficult time explaining for some time now.
Leave to where exactly ... the company that writes perfect code? Little or no tech debt? Only possible in rare circumstances, probably when it is business critical that it be that way.
No company is perfect, but clearly some are better than others from the technical perspective. I know I would enjoy my work more and remain more productive if I felt like I'm struggling a little, rather than a lot, to release anything.
From experience, there's very big differences between the amount of terrible decisions the upper management forces upon engineers between various companies. When it's very very bad, you should leave because the odds of it being better somewhere else are very high (they might be only average bad instead of objectively terrible).

Edit: It is also exactly this kind of thinking that keeps people in bad situations. Nobody wins when anyone thinks like that, except of course the people in the exploiting position in the first place.

> the company that writes perfect code?

You are touching on an important point, which I did not state: that there are no companies with zero pebbles on the scale.

The goal is not perfection. The goal is to avoid a pile of pebbles large enough that engineers feel hopeless / "why do I bother" / "this place is a joke anyway". Good people don't stick around long for that.

But the main point was that thinking that a technical blemish has "zero cost" is a trap. The cost is not zero. The cost is having one more pebble on the scale.

> A lot of startups are rather low in engineering talent early on

I.e. "technically incompetent"?

/r/gatekeeping is that way

yes, a startup registered through Route 53 is a better sign of competency on staff or in their network

but propping up domains wherever you want and changing the cname whenever you want doesn't tell you anything

And a lot of the time, the non-technical founder will have already registered the name and transferring can be a pain so it is sometimes delayed.
What if a non-technical co-founder bought the domain?
This is likely to happen, too. Parent comment is not being very wise here.
I also used GoDaddy to buy libre.fm back in 2009 because buying an fm domain was harder than it ought to be. I moved it to Gandi when I could, but that's because I have most other domains there.
Then it probably means the technical people didn't have much say in this.
What are you trying to say here? Domain purchases often happen before there are any technical people at all. It's not about who had a say.
Google domains sometimes dumps you onto GoDaddy. Which is/was unexpected and unwelcome. Sometimes you have to buy a domain and that's the way through.

I typically don't use them by choice (I actually like the AWS admin for DNS, but they aren't cheap - I probably need to check out other services like NameCheap).

But I don't think it is fair to label them technically incompetent, when it is not uncommon to get shanghai'd by accident (maybe that's what you mean by technically incompetent - but frankly if it burns more than 1 hour of my time to fix - I leave it alone because I have other priorities. I also only change about 10~20 vim defaults on a new VM. Fight me.)

Please have mercy on those of us whose CEOs set up the email and Office365 accounts.
I downvoted you because I've known many technically competent people, including startup founders, who have used GoDaddy. Many people don't realize how terrible they are.
Frequently it's the non-technical idea person who grabbed a domain before finding technical people to work with.
> it means that they are technically incompetent

That's a mixed signal. I can really help my technically incompetent clients.

The registrar's job is to facilitate the transaction for the domain, charge you for renewals, and give you a way to assign the authoritative name servers. For that purpose GoDaddy works about as good as any other registrar. You can debate the merits of GoDaddy as a company on [oh so] many levels, remark on their absolutely terrible user interfaces, and certainly discuss their sleazy practices, but none of this is an indicator of ineptitude on the part of the purchaser. Having a slick user interface around what amounts to a Purchase Domain button and a text box for setting name servers isn't terribly exciting or something I care about, and GoDaddy covers a very large swathe of the available TLDs (though certainly not all of them), so managing many related domains across TLDs with a single account is appealing.

All that said: If the startup is using GoDaddy's name servers or certificates (but not their hosting), that actually is a pretty good indicator of ineptitude.

And if a startup is using GoDaddy _hosting_, that is completely indefensible. No startup should be on that sort of shared web hosting, GoDaddy or otherwise. You spin up the VMs, containers, functions, or PaaS (ie Heroku, Firebase) service of your choice in the cloud. Hell, put it on IPFS, host it on a push CDN, distribute it via a data: url. Pretty much anything would be better.

You don't build software at your startup and all this sounds complicated? Then perhaps consider SaaS solutions like GSuite, Shopify, Squarespace etc.

GoDaddy's hosting is unfit for any purpose.

I don't see it mentioned anywhere, but Cloudflare has as domain registry service too. They claim to not charge any markup and you pay what they have to pay.

They wrote a blog about their bad experiences with registrars in 2016 (I guess). Since then they have steadily worked to make it a reality.

https://www.cloudflare.com/products/registrar/

When I checked last, it was not possible to buy a domain at Cloudflare, but you could buy it at other providers and transfer to Cloudflare. It might also be possible to buy directly now.

All my domains are transferred to Cloudflare. Their UX is dope. It's like Apple vs Windows. Also since I use CF for DNS and Cache, it makes sense to let CF manage the domain too.

> They claim to not charge any markup and you pay what they have to pay.

That's because all domains transferred to CloudFlare are required to use CloudFlare's DNS servers. It's just a different business model.

Then they must hand select the ones they frontrun because I’ve looked up silly names to see if they did this )like a bunch of random stupid queries like bvrankdorfgherbd.com and I don’t think they squat those. Of course I’m still leery and never use them to search for my actual target domains.
The spirit of GoDaddy's founder soldiers on in it's current policies and behaviors. Disappointing but unsurprising.
It’s a dysfunctional sweatshop. I’ve seen high level execs leave in groups, colonize another company, and bring their dysfunction to the new org.
Or perhaps someone else had the same idea. Domains get registered all the time. For someone else to want the same domain you want on the same day may seem like a low probability event but when multiplied by the number of people and domains purchased through godaddy every day the rate of low probability events happening is quite high. Experiences like yours probably happen to multiple people every day through no malicious activity on the part of godaddy.

tl;dr never attribute to malice that which is bound to happen because statistics

GoDaddy has been doing this since they have existed, I assume. I first used them after the superbowl ad to search for a domain name and they registered it. Never again.
The registrar is GoDaddy, not the owner of the domain as far as I can tell. I don't see any evidence that GoDaddy did anything wrong in this case.
The registrar of that domain is GoDaddy, but that doesn't mean that the owner of the domain is GoDaddy. If you look at who.godaddy.com you'll see that it's not GoDaddy that owns the domain.

In this case, I don't see any evidence of front-running. It's more likely that it's a coincidence that someone registered the domain name a day after you searched for it. In fact, I personally would consider that to be more of a 'premium' domain, so it's logical that someone simply also searched for it and bought it.

Personally, when I search for domains, and it's available, I usually just register it and don't wait. I only wait and not register it right then and there if I'm OK with not getting it.

Do you happen to be Bill Hartzer, contributor for GoDaddy?

You might want to disclose your affiliation on these kinds of topics, especially when you're arguing the company's side.

Searching (on DDG) for "Bill Hartzer" and "GoDaddy" doesn't turn up any obvious affiliation.

There are DNS related articles by "Bill Hartzer", but they seem more to be calling out places for doing shady crap. Including GoDaddy (for front running?). eg:

https://www.billhartzer.com/domain-names/godaddy-caught-regi...

That's just an initial impression anyway. ;)

I have no business affiliation with GoDaddy, and absolutely never have. I am active in the domain industry, so I happened to know how domains work.

I’ve written a ton about domains over the years, and the articles you’re referring to that appeared on the GoDaddy blog were syndicated. They actually picked them up through another source.

No disclosure needed, I’m not affiliated with GoDaddy in any way.

This presents an interesting attack vector. If you know that a competitor is looking at purchasing a particular domain name, type it into godaddy. It costs nothing and the act can’t be traced back to you.