Module 7 · Lesson 4
Managing Registrars and Registries
⏱ 16 min
The actual difference between a registrar and a registry, how to evaluate registrars beyond price, and whether to consolidate or diversify your portfolio across providers.
Managing Registrars and Registries
Most people use the words "registrar" and "registry" interchangeably. They are not the same thing, and confusing them will cause you to misunderstand how the domain system actually works, which matters when things go wrong.
I spent nine years as CTO of EuroDNS, which is a registrar. Not a registry. The distinction shaped every technical and business decision we made.
The Actual Difference
A registry operates a TLD. Verisign operates .com and .net. PIR (Public Interest Registry) operates .org. DENIC operates .de. The registry maintains the authoritative database of all registered domains in that TLD. When you register yourcompany.com, Verisign's systems record that registration.
Registries don't sell domains directly to end users. They sell to registrars.
A registrar is an ICANN-accredited company that sells domain registrations to the public. GoDaddy, Namecheap, Cloudflare, EuroDNS, these are registrars. They connect to registry systems via EPP (Extensible Provisioning Protocol), handle billing and customer relationships, and manage the registrant-facing experience.
The flow: You pay a registrar → registrar communicates with the registry → registry records the domain as registered → you get a domain.
Why it matters: If your registrar shuts down, your domain is still recorded in the registry. It doesn't vanish. ICANN requires registrars to maintain an escrow of all domain data precisely so that a registrar failure doesn't kill its customers' domains. The transition process is documented and has been executed multiple times when registrars have gone out of business.
However: the registrar controls the credentials (login, EPP/auth code) and the nameserver settings until the domain is transferred. A failed or hostile registrar can cause serious operational problems even if your domain technically "exists" in the registry.
How to Evaluate a Registrar Beyond Price
Price is table stakes. A $2 cheaper registration fee is irrelevant if the registrar's API is broken, their 2FA is optional, or their support team takes a week to respond to a transfer emergency.
API quality: Does the registrar have a documented REST API for programmatic domain management? If you're managing more than 50 domains, you need API access. Check: Is the API stable? Is it versioned? Does it cover the operations you need, registration, renewal, DNS management, transfer initiation? Cloudflare's API is excellent. Namecheap's is functional. GoDaddy's API exists and works, but has historical stability complaints. Some registrars have APIs that were built in 2010 and haven't been touched since.
Security features: At minimum: 2FA on account login. Better: hardware key support (FIDO2/WebAuthn). Best: IP allowlist for API access, login notifications, registry lock availability for high-value domains. If a registrar offers no 2FA, move your domains. Full stop.
DNSSEC support: Can the registrar publish DS records to the registry? Not all registrars support this. If your DNS setup uses DNSSEC, your registrar must be able to accept DS records and submit them to the registry. Check this before committing.
Support quality: How fast do they respond to a domain theft scenario at 2am? For critical domains, test this before you need it. Send a non-urgent support ticket and measure the response time and quality. A registrar that takes 72 hours to respond to tickets is a liability when a domain is in the wrong hands.
Transfer processing speed: Some registrars drag their feet on outbound transfers. This is partially a retention tactic. Check whether they process transfer requests promptly or create artificial delays. (ICANN rules limit how long a registrar can sit on a transfer request, but the rules have some flexibility built in.)
Pricing transparency: Does the registrar charge the same for renewals as registrations? Many registrars offer low registration prices and high renewal prices. Check the renewal rate before registering. A $1 registration that renews at $25/year is not a good deal.
The Major Registrars: An Honest Assessment
GoDaddy: The largest registrar globally. User-friendly interface, wide TLD coverage, large support team. Downsides: upsell-heavy checkout experience, historically aggressive renewal pricing, API quality has been inconsistent. The sheer scale means their infrastructure is generally reliable, but the customer experience is optimized for consumer sales, not enterprise management.
Namecheap: Solid mid-tier choice. Good pricing, better-than-average privacy protection included, reasonable API. Support is adequate. Not the best for very large enterprise portfolios, but excellent for portfolios under 500 domains.
Gandi: Popular in the developer and open-source community for years. Historically known for "No Bullshit" (literally their slogan) and clear pricing. In 2023-2024, Gandi was acquired and went through significant changes, pricing increased, some features changed. The community remains cautious about the direction. Worth monitoring if you use them.
Cloudflare Registrar: Unique proposition, wholesale pricing with no markup. They charge exactly what Verisign charges them for .com registrations (~$9.15/year). No profit on domain registration. Their business model is selling other services. The API is excellent. The limitation: they have a narrower TLD selection than specialized registrars, and they don't support registering new domains through the API (only transfers in). Good for consolidating your .com heavy portfolio; less ideal if you need obscure ccTLDs.
Porkbun: Consistently competitive pricing, good UX, increasingly popular in the independent dev community. Supports DNSSEC, has a decent API. Not the biggest name, but a solid choice particularly for .com and common gTLDs.
Specialized ccTLD registrars: For country-code TLDs, local registrars often have advantages: better registry relationships, local support, in-country presence requirements met. EuroDNS, for example, handles European ccTLDs with direct registry connections that give better reliability than a US-based registrar routing through a European reseller.
Multi-Registrar Strategy: Why and How
There are good reasons to use more than one registrar:
Risk diversification: If your registrar experiences an outage, a security incident, or business failure, having all your critical domains at a single provider is a single point of failure. Spreading your top 10-20 most important domains across two registrars provides a hedge.
TLD coverage: No single registrar covers every TLD with equal quality. Use specialists where it matters.
Regulatory requirements: Some ccTLDs require registrations through in-country registrars or registrars with specific accreditations.
The consolidation argument (also valid): Managing domains across 8 different registrars is operationally painful. Renewal dates scattered across platforms, different 2FA setups, multiple billing relationships. The more consolidated your portfolio, the lower the administrative overhead.
Practical recommendation: Consolidate onto 1-2 primary registrars for 90%+ of your portfolio. Keep a second registrar for your top 3-5 most critical domains as redundancy. Use specialist registrars only for TLDs your primary can't handle well.
ICANN Accreditation as a Trust Signal
An ICANN-accredited registrar has met baseline requirements for technical competence, financial stability, and compliance with ICANN policies. Buying through an unaccredited reseller (common for cheaper options) means you're actually a customer of whoever the reseller's upstream registrar is, adding a layer of dependency.
For critical domains, buy directly through an ICANN-accredited registrar. The list is public at icann.org/registrar-reports.
Key Takeaways
- A registrar sells domains to end users; a registry operates the TLD, these are different organizations
- Registrar failure doesn't destroy your domains (ICANN escrow), but it can create operational problems
- Evaluate registrars on API quality, security features, DNSSEC support, and support responsiveness, not just price
- Cloudflare's at-cost pricing model makes it excellent for
.comheavy portfolios; specialized registrars are better for specific ccTLDs - Use 1-2 primary registrars for consolidation, with deliberate redundancy for your most critical domains
- Buy through ICANN-accredited registrars for critical domains
Further Reading
- ICANN accredited registrar list: icann.org/registrar-reports
- Cloudflare Registrar pricing: cloudflare.com/products/registrar
- EPP (Extensible Provisioning Protocol): RFC 5730-5734
Up Next
Lesson 05: How to audit a portfolio you inherited, categorize what you find, and optimize for cost without creating new exposure.