Subscribe to receive notifications of new posts:

Cloudflare Registrar at three months

02/22/2019

4 min read

We announced Cloudflare Registrar in September. We launched the product by making it available in waves to our existing customers. During that time we gathered feedback and continued making improvements to the product while also adding more TLDs.

Staring today, we’re excited to make Cloudflare Registrar available to all of our customers. Cloudflare Registrar only charges you what we pay to the registry for your domain and any user can now rely on that at-cost pricing to manage their domain. As part of this announcement, we’d like to share some insights and data about domain registration that we learned during the early access period.

One-click DNS security makes a difference

When you launch your domain to the world, you rely on the Domain Name System (DNS) to direct your users to the address for your site. However, DNS cannot guarantee that your visitors reach your content because DNS, in its basic form, lacks authentication. If someone was able to poison the DNS responses for your site, they could hijack your visitors' DNS requests.

The Domain Name System Security Extensions (DNSSEC) can help prevent that type of attack by adding a chain of trust to DNS queries. When you enable DNSSEC for your site, you can ensure that the DNS response your users receive is the authentic IP address of your domain.

Across the industry, adoption of DNSSEC is abysmal. According to Verisign, 1% of .com domains use DNSSEC; less than 0.8% of .net domains do. Why is adoption so low? It’s inconvenient to enable DNSSEC for a site. Additionally, some registrars charge for the feature. APNIC observed that registrars who charge for DNSSEC see significantly lower adoption.

Cloudflare has made DNSSEC available for free for years, but we could not address the convenience factor until we launched our registrar. While we can create DS records, your registrar has to post them to the registry. Now that Cloudflare is a registrar, in addition to an authoritative DNS provider, we can make it one-click. We announced that feature in January. Since launching, 25% of domains on Cloudflare Registrar now use DNSSEC.

We’re going to keep working to make it even easier to enable for your domains. We want to help our customers reach 100% DNSSEC enablement by removing the need for even a single click.

Users do not want to wait for transfers

When you begin a domain transfer to Cloudflare, we ask that you input an auth code that your current registrar provides and that is unique to each domain that you transfer. We use that auth code to send your request to the registry, who manages all domain names for given TLD. The registry confirms that the code is valid and then tells your current registrar to release the domain.

Once your current registrar receives that request, you have two options: manually approve the transfer or wait five days. If you wait five days and do nothing, the transfer will complete. While that might feel easier, we’ve been surprised to see that 62% of transfers were completed by manual approval.

gTLDs continue to dominate registrations

Historically, domains used either country-code TLDs (ccTLDs) or generic TLDs (gTLDs). The generic ones include the 4 extensions behind the world’s most popular domains: .com, .net, .org and .info. In 2005, ICANN began considering adding new top-level domain extensions. In 2012, ICANN started accepting applications from registries, current and prospective, who wanted to manage TLDs. They received 1,930.

Of those 1,930 applications, 1,232 became supported extensions and were classified as new gTLDs (ngTLDs). Today, Cloudflare Registrar supports all 4 legacy gTLDs, 1 ccTLD and 241 ngTLDs. gTLDs continue to represent the vast majority of domains registered with Cloudflare. That distribution is consistent with trends in the domain name industry. We expect that to change a bit as we expand into more ccTLDs.

A world of TLDs and we want to support them

2,081 different TLDs are represented on Cloudflare and use our authoritative DNS. I imagine that number has grown in the time it took to publish this post. We support 246 TLDs on Registrar today. We know that many of you have domains you want to transfer that use TLDs we do not support currently, particularly amongst ccTLDs. From massive ccTLDs like .uk, to more obscure ngTLDs like .boutique, we’ve received a lot of requests to expand the list. For a reason I don’t understand yet, members of the Cloudflare engineering team own over 2% of all active .horse domains in the world and use them for internal testing projects. We’re working on that one, too, so we can make this page built on Workers return a Yes.

We’re working on it. Most ccTLDs require a unique accreditation and validation flow. We’re working every day to add to that list of supported TLDs, starting with the largest ones on Cloudflare.

Available to all users

Cloudflare Registrar is now available to all users. You can start transferring your domains by following this link here. Have questions? Instructions are available here.

We protect entire corporate networks, help customers build Internet-scale applications efficiently, accelerate any website or Internet application, ward off DDoS attacks, keep hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.
RegistrarProduct NewsDNSSECSecurity

Follow on X

Cloudflare|@cloudflare

Related posts

March 08, 2024 2:05 PM

Log Explorer: monitor security events without third-party storage

With the combined power of Security Analytics + Log Explorer, security teams can analyze, investigate, and monitor for security attacks natively within Cloudflare, reducing time to resolution and overall cost of ownership for customers by eliminating the need to forward logs to third-party SIEMs...