Commodity Approach to DNS Servers & Ultra High End Security Options for Domain Names
Cloudflare announced this week that the company will begin operating services as a domain name registrar in late 2018 with a wholesale price guarantee to customers to take no commission on sales. In a radical press release, Matthew Prince stated that the current domain name registration system is “crazy… messed up” and “as nutty to us as certificate authorities charging to run a bit of math.” Prince writes that Cloudflare views the current domain name registry system as a broken market, mostly dominated by middle-ware companies with up-sell offers that are adding little value to the supply chain. Worse, domain name registrars make businesses reliant on the host company’s security policies, creating a potential link in the web hosting chain that hackers can exploit for access or control to websites. Prince revealed that Cloudflare almost lost control of their own domain names to hackers through a registrar company, where the new service includes “ultra high end” security that can be as advanced as having multiple people required to verify DNS changes for a domain for the configuration to be saved. Cloudflare now has security features for domain name registration & DNS servers that are beyond what any other company on the market offers, although the new service is still invite-only. Combined with Cloudflare’s CDN, Edge server, & anti-DDoS security products, as well as weakness in competitors in the sector, the new Cloudflare domain registration platform looks poised to become very successful, with Namecheap, GoDaddy, Enom, etc. potentially losing profit & customers to the venture-funded ($182 million USD) start-up platform.
Cloudflare Domain Registrar: Guaranteed Wholesale Pricing on TLDs – $8 for .com
The domain name registration system is one of the fundamental aspects of the internet that dates back to the early 90’s and involves ICANN certification of different companies as domain registrars. More recently, there has been the vast expansion of TLD options past .com, .net, .org, etc. where there are thousands of different options for domain names in web hosting. Some domain extensions have introductory offers at $.99 or less for the first year, then varying rates of renewal. Additionally, the pricing between reseller hosting companies, domain name registrars, & the extension licensing organizations all is very speculative. Cloudflare estimates companies could save $50 million easily in the first year just by switching to their service.
On a technical level, the amount saved depends on the pricing of the competitor, but Cloudflare is guaranteeing wholesale pricing for life on domain name registrations with no mark-up in fees, essentially removing the reason to continue with competitors like GoDaddy, Enom, or Namecheap unless they offer equivalent pricing or value-added services. Domain registration services typically just include the settings for the DNS server that point requests for the domain to the web server architecture on the host. Matthew Prince of Cloudflare writes:
“Registering a domain is a commodity. There’s no meaningful difference between any of the existing mass market registrars. Each top level domain registry (TLDs like .com .org .info .io, etc) sets a wholesale price for registering a domain under them. These prices are known and remain relatively consistent over time. All the registrar does is record you as the owner of a particular domain. That just involves sending some commands to an API. In other words, domain registrars are charging you for being a middle-man and delivering essentially no value to justify their markup.”
The entry of Let’s Encrypt free SSL/TLS certificates disrupted the landscape of registrar companies who had a semi-protected monopoly for licensed services. However, for domain names, it is not possible for Cloudflare to offer free TLD extensions, so the best they can do is offer the new services free, non-profit at wholesale prices along with better security features on account protection than competitors. Cloudflare is publicly avowing up-sell techniques.
Cloudflare will not be operating a domain name marketplace, auctions, or otherwise encouraging domain name speculation on the new registrar platform. The service will open up in the fall of 2018 as a domain transfer facility only, then scale-up in the coming years to offer full domain name registration services for both businesses and individuals with advanced security plans. Considering how ripe for disruption the domain name sector is, this service should fare well.
The Cloudflare Registrar Promise:
Here’s the promise of the Cloudflare Registrar: we’ll follow the best possible security practices and offer you the best possible price. What do we mean by that? From the security side, we promise we’ll allow you to enable two-factor authentication, we’ll lock your domain registration by default, and automatically enable best-practice security services like DNSSEC. From the price side it’s even simpler: we promise to never charge you anything more than the wholesale price each TLD charges. That’s true the first year and it’s true every subsequent year. If you register your domain with Cloudflare Registrar you’ll always pay the wholesale price with no markup.
Universal DNSSEC & Universal SSL: Free Domain Name Security Offers
Cloudflare has scaled rapidly in the competitive CDN sector by relying on the freeware business model, and it is the most common partner CDN company in cPanel web hosting. For domain name registrations, Cloudflare has adopted a similar tactic of offering free Universal DNSSEC & Universal SSL services on the platform. Cloudflare introduced Universal SSL in 2014 with support for SPDY & HTTP/2 out of idealistic considerations for the future of encryption on the internet, despite the fact that many users were paying subscription fees for TLS upgrades. Universal DNSSEC support was added in 2015 and is part of the standard web security suite of products offered by Cloudflare to CDN hosting customers.
Many customers are looking for a company that offers the lowest prices while simultaneously leading the industry in web standards & internet security. Cloudflare’s announcement of domain registration services has the potential to bring millions of new registered users to the company.
Ultra-high security practices for enterprise corporations is military-grade at Cloudflare:
“Every client using Custom Domain Protection defines their own process for updating records. For instance, if a Custom Domain Protection client wants us to not change their DNS records unless 6 different individuals call us, in order, from a set of predefined phone numbers, each reading multiple unique pass codes, and telling us their favorite ice cream flavor, on a Tuesday that is also a full moon, we will enforce that. Literally.”
These services were based on Cloudflare’s experience in managing millions of domain names for clients daily in their CDN data centers. With Cloudflare you can run DNS, TLS, & CDN services natively on one platform with industry-leading security tools, a major benefit for webmasters.
The difference with Cloudflare is that you are not paying for a white-label services through a middle-man company but rather contracting with a rapidly scaling IT start-up that is continually innovating in the cloud hosting sector. Cloudflare already encrypts all data transfers between a domain & CDN server. Cloudflare currently operates 152 data center locations worldwide with support for more than 10 million domain names daily. Cloudflare now holds 35% of the managed DNS market share, making this move into domain name registration services a natural extension of ongoing expertise in cloud hosting platform technology. The company is funded financially by Google, Microsoft, Baidu, & Qualcomm.
Cloudflare Universal SSL:
For all customers, we will now automatically provision a SSL certificate on CloudFlare’s network that will accept HTTPS connections for a customer’s domain and subdomains. Those certificates include an entry for the root domain (e.g., example.com) as well as a wildcard entry for all first-level subdomains (e.g., www.example.com, blog.example.com, etc.). For a site that did not have SSL before, we will default to our Flexible SSL mode, which means traffic from browsers to CloudFlare will be encrypted, but traffic from CloudFlare to a site’s origin server will not. We strongly recommend site owners install a certificate on their web servers so we can encrypt traffic to the origin.
Cloudflare Registrar: Request Early Access for Domain Name Transfers
Currently, businesses and individuals looking to sign-up for the Cloudflare domain registration service are limited to requesting early access. Because Cloudflare is guaranteeing the lowest prices in the industry, they are expecting a high rate of uptake to the service. Multi-domain portfolio publishers frequently have hundreds of domains, and speculators may own thousands. Large enterprise companies have domain names associated with every brand that need robust security including better protection against identity spoofing & confidence attacks.
Because there is no dominant industry solution for this segment of the internet publishing process or supply chain, and many of the competitors like Tucows, Network Solutions, GoDaddy, etc. are declining from the DotCom era, Cloudflare has the potential to create a groundswell of new clients off of the basis of their wholesale pricing initiative. Overall, the difficulty involved with domain name transfers for business owners is offset by the lower cost or annual savings, as well as the better long-term platform security features at Cloudflare.
Custom Domain Protection for Enterprise:
Custom Domain Protection, a Cloudflare Registrar feature available on the Enterprise Plan, is the highest level of registrar security. It protects your organization from domain hijacking with high-touch, on and offline verification of any changes to your Registrar account. Cloudflare is an ICANN accredited registrar providing secure domain registration for high-profile domains.
Cloudflare Domain Name Registrar: Anyone can request early access to the service here.