DNS (Domain Name System) FAQ

Meta §

Do I need to register a domain to create a website? §

Technically, no.

It’s possible to host a website even in a subdirectory of a larger web server. In the early days of the Web, independent websites with addresses like http://example.edu/users/jrandomhacker or http://users.example.edu/~jrandomhacker were common.

Many web hosting providers will give you third-level domains (such as yoursite.infohof.net). Technically, there is nothing wrong with it — some people intentionally use a third-level domain or a subdirectory as an aesthetic choice or a philosophical statement.

So, are there any issues with it?

The most important advantage of having your own domain is that you can freely switch hosting providers or move from a large provider to your own web server.

Another issue is perception. Large enterprises and business users in general expect that everyone who wants their product or themselves to be taken seriously will have their own domains, so you’ll have to explain them why you don’t (assuming they don’t dismiss you immediately without even talking to you).

One technical issue is that many third-party services such as web analytics solutions and search engines may not consider anything without its own domain an independent website and will not display the information correctly.

Finally, there is a problem of “guilt by association” — some companies or online services may block an entire second-level domain due to malware/spam/etc. found on a subdomain.

So, while you don’t have to register your own domain, there are many reasons why you may want to.

Basics §

What is DNS? §

In the simplest terms, the Domain Name System (DNS) is a system that maps symbolic, memorable names to numeric IP or IPv6 addresses.

That is the system that allows users to type https://example.com into their browser’s address bar — without it they’d have to type something like [http://203.0.113.14] or [https://2001:db8:dead:beef:cafe::42] — example.com is obviously easy to remember.1

It can also store quite a lot of auxilliary information — for example, help email clients automatically set up server settings, or help email servers check if a message is not spam.

How does it work? §

DNS is a hierarchical, distributed database that has domain names and records associated with them. Every domain name can be associated with any number of records of different types.

What is a domain name? §

A domain name is an identifier that consists of one or more parts separated by dots, like www.cs.example.edu. The hierarchy goes right to left.

In that name, edu is the top-level domain, example is the second-level domain under edu, cs is the third-level domain, and www is the fourth level.

Who runs the domain name system? §

All levels of the hierarchy can be (and usually are) managed by independent organizations.

The list of top-level domains is managed by ICANN — a non-profit organization headquartered in the USA.2 It’s a huge investment and a long process to create a new top-level domain.

To get a second-level domain, you just need to pay a registrar to register it.

Third level and below are managed by domain owners.

What kind of top-level domains are there? §

There are three groups of top-level domains open for registration: generic (gTLD), country-code (ccTLD), and sponsored (sTLD).3

gTLD §

Generic top-level-domains (gTLD) can be used for any purpose. The oldest ones of those are .com, .net, and .org — while .com implies “commercial”, no one checks if you are a commercial organization when you register it.

The organization responsible for a gTLD can still have usage politices: for example, .gay has anti-harrassment provisions and can take domains away from those who use them for anti-LGBTQ content.

The number of gTLDs has grown vastly after 2012 when ICANN relaxed the rules and simplified the process for creating them. From the introduction the original gTLDs (.com, .net, and .org) and until 2012, only a few gTLDs were added (e.g., .info, .biz, .name). After 2012, new gTLDs have been introduced by various registrars: .tech, .land, .club — it’s a long list.

gTLDs can be managed by any type of organizations, in practice most are run by commercial companies.

ccTLD §

Country-code TLDs (ccTLD) correspond to ISO country codes: .us for the USA, .fr for France, .tr for Türkie, and so on.

Every such domain is managed by an organization located in the country it belongs to, and the country’s government has complete control over it, with all that entails

Many ccTLDs require some connection with the coutnry to register a second-level domain there (citizenship, residency, physical presence, website language…). However, many countries intentionally opened their ccTLDs to everyone — often to capitalize on the “domain hack” value of their domains, such as .tv, the domain of Tuvalu.

sTLD §

Sponsored TLDs (sTLD) represent a particular group and require you to belong to that group to register a domain.

Historically, most sTLDs were managed by industry associations, such as .aero that is managed by SITA (Société Internationale de Télécommunications Aéronautiques) and only grants domain registrations to airports, airlines, and aviation industry professionals.

Now there are also sponsored TLDs associated with geographic regions or communities: some are associated with languages and communities (.cat for the Catalan community, .eus for Basque, .bzh for Breton), others with cities or regions (.istanbul, .berlin, .paris…). Some are associated with very broad regions, like .asia.

Some of the domains that were historically reserved for entities based in the United States due to the fact that the Internet and its domain name system originated in that country now belong to this category: for example, the .mil domain is a domain sponsored by the US Department of Defense.

How do I choose a top-level domain? §

The choice is mostly aesthetic. Choose whatever you like.

If you use a country-code TLD, you should be aware of that country’s laws and current developments. For example, .af — the ccTLD of Afghanistan — was widely used by English-speaking people because its similarity to a slang abbreviation. After the Taliban takeover of Afghanistan, a lot of such domains, such as queer.af, were suspended due to Taliban’s policies against LGBTQ content (and many other things).

With new (post-2012) gTLDs, you may also want to check what company runs the domain and if you want to support that company.

Are old gTLDs better than new ones? §

You may still hear claims that the original gTLDs (.com, .net, .org) are somehow better than the new ones.

If you need a domain for your website, then all TLDs are equally good, at least now in 2024 when new gTLDs are not news for anyone anymore (back in 2012 when they were new, they did confuse people unfamiliar with them sometimes).

If you plan to also use it for email, you may still run into websites that incorrectly assume that email addresses in those domains aren’t valid and refuse to accept them for account creation. However, there are also still websites that refuse to accept addresses in domains that don’t belong to major email service providers as well — it’s a problem with those websites, not with gTLDs.

Should I register more than one domain in different TLDs? §

In the time when there were only a handful of gTLDs (.com, .net, .org, .info, and .biz), before the 2012 gTLD explosion, it was common to register a domain in all of them to make it easier for people to get to your website: if they can’t remember if it was .com or .net, they would still get to the right place. It could also protect website owners from someone registering the same domain in a different TLD and using it to deceive visitors.

Now that there are hundreds of gTLDs, registering every one of them is impractical. Many registrars still offer to get a .com + .org + .net bundle if a domain is available in all of them, but whether to take that offer is up to you. Nothing terrible will happen if you decline it.

Domain registration §

What is a domain name registrar? §

A domain name registrar is a company authorized by ICANN to create second-level domains on behalf of registrants.

The only way to get a second-level domain is through a registrar, you cannot obtain one in any other way.

How much does it cost to register a domain? §

It varies between TLDs, generally from $20 per year, but some domains are significantly more expensive.

Do I only need to pay once? §

No, domain registrations must be renewed every year. If you stop paying for your domain, it will expire and become available for registration to anyone else.

Why do I need to pay for a domain? Who gets the money? §

Basically, two reasons.

First, hosting a single domain costs basically nothing (it’s just a few kilobytes of data for most domains), but hosting millions of them requires quite a lot of resources.

To make sure that any client can resolve it at any time and with a low latency (to avoid slow page loads), DNS system operators need a good infrastructure, which costs money to run.

Second, since domains are available for registration on a “first come, first served” basis, there are people and companies who hoard domains in hope to sell them to someone — making them free would make that problem even worse.

The alternative would be to require a proof of good-faith use, but it’s a fine line: if a person is using a domain for a “coming soon” page for a project they had to put on hold, is it a more legitimate use than using it for a “this domain is for sale” page?

Using a registration fee covers the costs of running the system and, to an extent, deters hoarders.4

The money you pay goes to the registrar who hosts your domain’s records; and to ICANN, who handles the DNS root infrastructure and coordinates the whole system.

Do I own the domain I registered? §

When you register a domain name, you become its registrant. You do not own it in the same sense as you own your tea mug or copyright to your original works.

Since DNS is a worldwide distributed system that is not governed by any international treaties, your legal rights to a domain is a very complicated subject and what may or may not happen depends on the country where the registrar is located, rules of the country-code TLD you use, and many other factors.

However, ICANN rules ensure that registrars cannot do any of these things without either your consent or a government order:

So, as long as you pay your registration fees and you are not at odds with the government of the jurisdiction of the domain name registrar and the TLD you use, you are as close to owning it as it gets.

How do I choose a registrar? §

Generally, any registrar provides the same basic services, since the registration system is governed by the rules of ICANN.

The only hard and fast rule is to check that it’s not in a country where your website content is illegal (if the government of Ruritania tells the registrar to delete your domain because your website doesn’t praise its dictator, the registrar or ICANN can’t do anything about that).

Can I transfer my domain to a different registrar? §

Yes, ICANN requires registrars to allow registrants to transfer domains to any other registrar at any moment. Registrars cannot arbitrarily refuse such requests.

Most registrars have an automatic procedure for domain transfer that you can initiate from your account.

Registrars are not required to refund you any fees, though. You will also need to pay a registration fee to the new registrar. For this reason, the best time to transfer a domain is when it’s about to expire: you will only pay the new registrar for the next year this way.

What happens if my registrar goes out of business? §

Even in the worst case when a registrar ceases its operations suddenly and becomes unresponsive, you still remain the registrant of your domain and you will eventually get it back.

Domain information database §

How do I get information about a domain? §

Every registrar who handles a top-level domain maintains a database with information about all second-level domains under that domain and about their registrants.

The traditional way to access that information is the WHOIS protocol. On Linux and *BSD systems you can install them from the repositories/ports (e.g., sudo dnf install whois on RedHat/Fedora). On Windows, you can use the Sysinternals client.

At a minimum, whois servers will tell you if the domain is registered at all, who’s the registrar, when it was created, and when it’s due to expire (unless the registrar renews it before that date).

This is what the output may look like: 

$ whois infohof.net
   Domain Name: INFOHOF.NET
   Registry Domain ID: 2692742244_DOMAIN_NET-VRSN
   Registrar WHOIS Server: whois.gandi.net
   Registrar URL: http://www.gandi.net
   <abbr title="Last change in the WHOIS database">Updated Date: 2023-04-14T17:38:14Z</abbr>
   <abbr title="When the domain was registered">Creation Date: 2022-04-29T16:24:56Z</abbr>
   <abbr title="Will expire if not renewed by this date">Registry Expiry Date: 2024-04-29T16:24:56Z</title>
   Registrar: Gandi SAS
   Registrar IANA ID: 81
   Registrar Abuse Contact Email: abuse@support.gandi.net
   Registrar Abuse Contact Phone: +33.170377661
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Name Server: NS-118-B.GANDI.NET
   Name Server: NS-36-A.GANDI.NET
   Name Server: NS-76-C.GANDI.NET
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2024-04-01T16:13:36Z <<<

Some top-level domain registries do not run a WHOIS server and suggest to use a web-based tool instead. WHOIS clients will often tell you that: 

$ whois uam.es
This TLD has no whois server, but you can access the whois database at
https://www.nic.es/

How much information can people get about me from the WHOIS database? §

Historically, domain registrant privacy was a big concern. Most registrars would display registrant names, phone numbers, and postal addresses in WHOIS responses by default. That could easily expose registrants to spam at best and to persecution and attacks at worst.

Now the situation is better: many domains registries (especially in the European Union) now require registries to hide private information; for many other domains registrars offer an option to hide the data or even enable that option by default.

However, there are domains where the registry prohibits any registrant data privacy and requires all data to be public: for example, .us (United States ccTLD) and .in (India’s ccTLD).

If privacy is a critical issue for you, you should check the domain privacy policies of the TLD you plan to use and make sure that privacy options are enabled in the registrar’s control panel for your domain.

Domain sale §

Can I sell my domain? §

Technically, yes. There are no ICANN rules against that.

Some registrars offer domain auction or sale services to facilitate that.

However, the chances that your domain will find a buyer or that you will make any good money selling it are very slim. Most people and companies will rather look for a different TLD or a different name than pay more for a domain.

Are domain sale offers legitimate? §

You may see pages like “This domain is for sale”. If you are wondering if those offers are legitimate — some certainly are, but even then trying to negotiate with a domain hoarding company can be a difficult exercise.

It’s usually better to treat such a domain as a lost cause and look for something else.

Other questions §

Should I use www.example.com or example.com for the website domain? §

It’s a good idea to create a www subdomain because people may type www.example.com out of habit and it’s a bad idea to surprise them with a “server not found” response if they do.

However, whether to redirect example.com to www.example.com or the other way around is a purely aesthetic choice.

The reason why www subdomains became so common is that the domain name system was originally introduced in 1985, five years before the World Wide Web was even invented and over a decade before it became the most popular Internet service.

Originally, DNS was a way to give symbolic names to different computers in an organization, usually so that people inside the organization could connect to their department server with telnet srv.ai.cs.example.edu, for example. When an organization added a server for the then-new, experimental service, it was natural to name it www.example.edu — it likely already had ftp.example.edu for the File Transfer Protocol server and gopher.example.edu for the Gopher server. All three were likely different physical machines and it was common to have only one server for each protocol because there were much fewer users of the Internet at the time and it was still a somewhat experimental rather than primary communication tool.

The apex domain example.edu might not had pointed to anything at all in the 1980s because there was no assumption that people would type example.edu in their browser to get to the organization’s website — websites and browsers didn’t even exist in the first place.

Now many domains are registered solely to serve as website addresses and there is an assumption that typing the apex domain into the address bar will take you to the main website, so the apex domain should point to the website one way or another, and having a www subdomain point to the same website is also a good idea. The rest of the setup details are on you.

Is the DNS system controlled by ICANN? §

DNS as a protocol is not controlled by any single entity. However, all operating system settings and all network service providers on the public Internet use ICANN’s DNS root infrastructure by default.

Alternative DNS root projects do exist, but their use is negligible, and there are strong arguments against that idea.

Some private internets that are isolated from the global Internet for security reasons use their own self-contained DNS infrastructure, but that’s a different story.

1example.com is a domain name reserved for examples and documentation, and so are 203.0.113.0/24 and 2001:db8::/32 subnets. Visiting https://example.com will work (most of the time) just because ICANN runs a web server there to tell people what that domain is for, the IP and IPv6 links are completely fake because the standard demands that those addresses must never be assigned to any real machines on the Internet.

2In technical terms, ICANN manages the root zone — top-level domains are not special constructs in the DNS protocol but simply subdomains of a normally invisible root of the name hierarchy. Those details are not very important for beginners, you will learn them if you decide to go deep into setting up and managing DNS servers.

3There are also special-use top-level domains that is used for mapping numeric IP addresses back to their symbolic names and other auxilliary purposes.

4Of course, most registrars are for-profit companies and some of them will try to overcharge you or sell you services you do not need — watch out for that. And ICANN is not an entirely benevolent arbiter, depending on who you ask. But so far the system works well enough.