[wise_young_man]

I started moving all of my domains back to NameCheap from Badger after they raised their prices to what Hover charges.

The domain renewal with whois privacy/guard at NameCheap ends up being a little more than Google Domains.

I keep hoping NameCheap will overhaul their control panel design like they did with their main site.

I will probably end up moving to AWS Route53 or Google Domains or to use their DNS and a clean/modern interface and simpler pricing (include whois privacy).

[zippergz]

I always have a hard time understanding why price is such a motivator for people in domain registration, when we're talking about differences of a few dollars a year, and when a bad registrar can screw you over royally. I mean, sure, if you have thousands of domains, it matters. But if you have a handful, isn't it worth paying a bit more if needed to get a better registrar? Not really aiming this directly at the parent; it's just that it seems like price is the main thing that ends up being discussed every time this topic comes up.

[Someone1234]

Everything you said is correct.

But really all registrars boil down to two "types" the sub-$20/year ones (which are like 90% of the market) and then the $1K+/year ones which bundle in all kinds of brand protection products and domain protection stuff (e.g. Mark Monitor).

Neither Google or Name Cheap are different enough for price to be a deciding factor, but NameCheap has a better track record than Google in this specific space. GoDaddy is someone I wouldn't touch even if they were cheaper, I hate their bullshit (e.g. upsell, misleading checkout, misleading prices, etc).

If you could pay $5 extra a year and get better service, if it was a business website I'd definitely consider it, but for personal shit I wouldn't, and in general there is no way to spend just $5 or similar more a year and get any marked improvement.

The only thing which might be an upgrade is $12/year for the registrar and then $6~7 for Route53 on top. That's a nice improvement for an extra few bucks.

[zippergz]

Not to derail too much, but I have worked with MarkMonitor, and their price is FAR less than $1k/yr per domain. Much closer to the $20 end, though I'm sure it depends on the specific deal, and I'd guess they probably have some minimum number of domains they'd want to manage for it to be worth it to them.

[AlyssaRowan]

The dealbreaker for us with NameCheap/eNom is simple: still no DNSSEC.

It's been how many years now? And all they say is "we're working on it" and have no ETA. So we moved most things to Gandi.

Feels good having no GoDaddy, however.

[tptacek]

Seriously? I'm surprised to see you of all people write that. No DNSSEC is a feature, not a bug.

[ademarre]

Care to elaborate on DNSSEC? I've been interested in seeing wider adoption of DNSSEC for things like DANE.

[tptacek]

DANE is a replacement for the CA system that effectively cedes cryptographic control of most of the Internet to world governments.

[danyork]

No... DANE doesn't cede control to world governments.

<insert-standard-many-hundred-line-exchange-between-you-and-I-that-has-happened-in-other-HN-threads-here>

DANE can work perfectly fine with the existing CA system to provide another way of verifying that the correct TLS certificate (or CA) is being used. Or... it can be used with a completely different trust anchor or TLS certificate that you control. Your choice.

But you and I will just have to disagree on this topic. Your dislike of DNSSEC is well-known, as is my support for it.

[tptacek]

The USG controls .com, .net, and .org. The government of Libya controls .ly. DNSSEC puts cryptographic key material under the influence of the DNS. "No it doesn't" isn't a rebuttal to that.

[ryanlol]

Asking the compromised DNS server if it's been compromised is a really good way to find out if it's been compromised.

[danyork]

I agree with you AlyssaRowan. I also moved some domains away from NameCheap/eNom when they didn't provide DNSSEC support.

I did move a couple of domains to Google Domains. While they do not provide DNSSEC in their DNS hosting, they do support DNSSEC records (DS) if you host your domains somewhere else that supports DNSSEC signing.

[ryanlol]

Why bother? DNSSEC is hardly useful in real life anyway.

[toxican]

Yeah I'll never forget the shock I had when I first got into their control panel after experiencing the well-designed half of the site. Youch.

[tamar]

Tamar from Namecheap here.

* Use code WGSPECIAL for a discounted whoisguard. :)

* Renewals for several years at a time offer a baked-in savings.

* Our control panel overhaul is underway. It's a huge project for us, but we're ecstatic.