| HN Mirror

> Doesn't this just move your single-point-of-failure over to the service you bought your domain name from?

Unfortunately this is very long but this has saved my butt countless times.

Everyone hates it, but it'll be better to know these definitions. TLD means top-level domain, the .com on ycombinator.com. Registry means the company operating the specific TLD, for example Verisign operates .com and .net. Registrar are those that handle registration, like Namecheap. Registrant is you or your company. gTLD are "generic" TLDs, .com, .net, and even those newfangled ones like .xyz and .dev. ccTLDs are two-letter (exceptions apply) TLDs attached to a sovereign nation or territory (like .uk for UK and .gg for Guernsey, a UK dependency), and from time-to-time includes (all US) .gov, .mil and .edu. For the purposes of this discussion, TLDs like .wales and .scot are gTLDs and not ccTLDs, but there are IDN ccTLDs like .рф and .中国. .int is a special TLD not generally considered as gTLD nor a ccTLD, and .arpa is a special technical TLD for internet maintenance. ICANN generally has jurisdiction over gTLDs, countries (usually governments or independent organisations int that country) control ccTLDs.

First: use only a registrar listed on ICANN: https://www.icann.org/en/accredited-registrars, preferably one that those clearly has presence in your country of citizenship/residence. Domain resellers (without ICANN accreditation) go bust nearly everyday and recourse is hard if you decide to go to a reseller, but an ICANN-accredited registrar is required to send who owns their domain to a trusted independent ICANN-approved third party (formally called an escrow, usually DENIC unless you're in China then it's CNNIC). This is not applicable to ccTLDs, especially those with restricted registration (like .cn, .kr and .jp), but ICANN accreditation means that they have a baseline to follow. This will only work if you provide complete and accurate WHOIS information, but if you're using a registrar which has a privacy service the information sent to the escrow is the real contact info and not the one that's redacted at your WHOIS. If you decline to provide real information unfortunately you have no recourse if something bad happens as it relies on you being contacted, even if it's through postal service.

Second: are your registrar accredited by the specific registry? For .com, .net, .name and some others, Verisign is the registry (the one operating the specific TLD): https://www.verisign.com/en_US/domain-names/domain-registrar..., and for .org it's https://thenew.org/org-people/work-with-us/find-a-registrar/. Newfangled gTLDs are required to serve a page at nic.tld (like https://nic.xyz or https://nic.dev). Unfortunately, it's hard to find who is the registry for your ccTLDs. Wikipedia might help though, for example .uk has information here: https://en.wikipedia.org/wiki/%2Euk and for .gg here: https://en.wikipedia.org/wiki/%2Egg.

Third: if considering a ccTLD, only use a one connected to your citizenship or residence, unless you treat it as disposable. I'm not kidding here. If you're using .io, prepare to migrate due to this: https://en.wikipedia.org/wiki/Chagos_Archipelago_sovereignty.... Notion is stupid to use Somalia's and this happened: https://news.ycombinator.com/item?id=26113444.