
Cloudflare Registrar - josephwegner
https://www.cloudflare.com/products/registrar/
======
brobinson
My experience with Registrar has been 4/5 okay and 1/5 horrible so far.

I transferred five domains from Namecheap, and four of them went through
within an hour. The fifth was in a pending status. I was charged a one year
renewal for each domain as part of the transfer process.

The fifth domain hadn't transferred after a few days so I filed a support
ticket. They told me it could take up to 15 days.

After roughly 30 days, I was billed _again_ for a one year renewal of that
domain which is still on Namecheap (unlocked), and still pending transfer.
Registrar has now charged me $90 (.io domain is $45/year) for a domain _which
they do not control_, and this has obviously not been reflected in the domain
expiration date.

I contacted support again and they issued me a $45 refund, but the domain is
still not transferred... not sure what to do at this point. (ticket #1657921
if anyone from CF is reading this)

~~~
awill
This is precisely my fear. Cloudflare is using price as a selling point. For
people with just a few domains, price isn't important. I have 5 domains with
hover.com. I'm happy to pay a couple of bucks extra per year to know that
there's real support. I can call and get an answer in 10 seconds.

Granted, I've never needed to call support, but losing my domain would be a
huge disaster with no website, no email, and cost me hours of time. I see no
reason to risk anything to save $5 a year

~~~
SnowingXIV
Every time I've thought about moving away from Namecheap to something else
I've remembered those once in a blue moon times I've actually needed to reach
out to support for mission critical type of events. The support I've received
has been absolutely stellar. Above and beyond what I would have expected to be
their scope of service. I don't know any other providers I hold as highly in
support, especially anything coming from a tech company.

My main gripe is that I wish they would include free SSL and they give their
UI some love but that's minor as I only access it on certain occasions.

~~~
brobinson
I dislike Namecheap for a few reasons. They don't let you log in with a
_valid_ username and password if you are using a VPN. Their UI is pretty bad,
too. If you have an adblocker, you don't see "Submit" buttons on a lot of
forms (editing WHOIS information, etc.)... lots of small annoyances with their
service.

~~~
h1d
Submit button problem sounds solvable if people keep bugging the support.

It's 1 day job, probably button image or form URL includes 'ad' or something.

------
dguo
One drawback to using Cloudflare Registrar that wasn't obvious to me at first
is that you have to use Cloudflare's nameservers. Not that I blame them for
it, but it'd be nice if the marketing page made this detail more obvious.

I've chosen to pay an extra $0.50 or so per domain to Porkbun for the option
of using other nameservers.

~~~
jamestanderson
I've moved some domains to Cloudflare Registrar not knowing this limitation. I
asked them about it and the support person said they are targeting Q1 2019 for
this feature. Now that we're approaching that date I'm not sure they'll hit
that.

I've also had a billing issue with Cloudflare Registrar. I transferred two
domains and paid the renewal fee, and two months later was charged for the
same domains again. They've since issued a refund after I raised a support
ticket (still waiting on that to hit my card), but the fact that it happened
at all is worrying to me.

Granted I was in early access so I expected some things not to be polished
yet, but these are pretty critical areas to get right as a registrar. And
since my billing issue happened just last week I doubt that issue has been
fixed with the general release.

So I'm going to hold off on transferring more domains until it matures, or
just stick with Gandi.

~~~
samatcloudflare
I apologize for the billing issue. I understand how frustrating that would be
and it's well below our standards. We're working as a team to make that right
and earn back your trust now.

~~~
jamestanderson
Thanks Sam for the reply, I've been otherwise happy with Cloudflare services
for several years. The support with this issue was very helpful.

------
altano
I had a good experience moving a domain to Cloudflare, but one thing is still
bugging me:

To allow a third party to modify the DNS (eg pfSense dynamic DNS client) you
have to use an API key that has full access to modify everything in your
Cloudflare account. You can’t limit the type of operation and you can’t scope
it to a domain. That’s nuts.

------
bitmedley
Note that for some reason, Cloudflare charges substantially more for .io
domains than other registrars. Cloudflare charges $45 whereas Dynadot charges
$26.99 and Porkbun charges $28.97.

[https://community.cloudflare.com/t/io-domain-price-not-
whole...](https://community.cloudflare.com/t/io-domain-price-not-wholesale-
price/54709/13)

[https://tld-list.com/tld/io](https://tld-list.com/tld/io)

~~~
samatcloudflare
.io is heavily subsidized by most registrars for a couple reasons: the .io
registry offers substantial volume discounts and .io domains are associated
with a higher spend on add-on services. In most cases, they discount .io
domains because they hope users spend more on other upsell products.

------
partiallypro
I've been in the beta for months, but it's a bit annoying...5 months in and
you still can't register new domains. The domain management is also pretty
confusing, because it's all jumbled together with the DNS interface. They need
to have 2 interfaces, even if they are interconnected.

~~~
samatcloudflare
Thanks for the feedback. Working on new registrations now; focus at launch was
to help users of Cloudflare's DNS services find a better alternative to domain
registration.

------
Jerry2
Does Cloudflare Registrar support U2F authentication yet? I don't trust any
service with mission-critical stuff that doesn't have U2F. Domains are way too
valuable to keep them in registrars without U2F.

~~~
devy
Just curious, what are the domain registrars currently support U2F?

Also, just to be sure U2F is an additional methods of 2FA, not the only method
of 2-step, so to me having U2F is not necessarily making accessing your
account securer.

~~~
Jerry2
> _Just curious, what are the domain registrars currently support U2F?_

Google, Amazon, Gandi (and some others I can't remember off the top of my
head) support U2F.

> _having U2F is not necessarily making accessing your account securer._

I don't agree with that at all. There are numerous cases of various 2FA
methods being taken advantage of. No one has yet managed to crack U2F.

~~~
regecks
I think devy means that you usually cannot add a U2F as the only second factor
- you usually need to first add TOTP or phone number as backup.

So, an attacker can just target the weaker factor and ignore U2F.

I certainly had the same thought.

~~~
AdamGibbins
The prime thing U2F mitigates is phishing attacks. You literally cannot be
phished with U2F, you try to auth against the wrong domain and you get a
different secret - so they can't then pass that on the backend (i.e. the real
site) and login as you.

Sure your TOTP might remain, but you're not using it, so it's not liable to be
taken.

~~~
regecks
Construct a phishing site that gives some vague error message about being
unable to connect to your device, and offer the TOTP fallback. How many people
will fall for it?

"Literally cannot get phished" is woefully far away, because the phishing-
resistant property of U2F has a giant hole in the side of it (fallback
factors) and therefore still relies on human vigilance.

I do use U2F though, because it is pretty convenient.

------
throw0101a
Meta: "support for hundreds of TLDs"

* [https://www.cloudflare.com/tld-policies/](https://www.cloudflare.com/tld-policies/)

Crikey there's a lot of stuff out there. Seems that ICANN has approved just
about any random word in the English language.

~~~
snek
But they still haven't got .dev :(

~~~
andyjohnson0
.uk domains still not supported either

~~~
dazc
I can't see Nominet letting it happen.

~~~
tialaramex
Why in particular? Plenty of other registrars offer .uk or the public suffixes
under it like .co.uk and .org.uk

The Nominet requirements do cause these to break mysteriously much more often
than some generic TLD spun up yesterday by people convinced this is a gold
rush (e.g. my registrar offered me a great renewal deal for a .co.uk I
control, I pressed "Yes please" and then their system believed I had taken the
deal but didn't renew the domain, after a few days they confirmed that the
deal makes no sense for .co.uk and refunded the money, they had forgotten to
blacklist Nominet when adding their deal feature), but it works well enough
most of the time.

~~~
djmobley
“Some registries do not allow domains to be registered with WHOIS Redaction or
WHOIS Privacy. Many of these are country TLDs (ccTLDs) like .uk. Cloudflare
does not yet support TLDs that prohibit WHOIS redaction, but we will in the
near future.”

\- [https://developers.cloudflare.com/registrar/domain-
registrat...](https://developers.cloudflare.com/registrar/domain-
registration/whois-redaction/)

~~~
dazc
Thanks for the link, although whois has become something of a non-issue with
the advent of GDPR.

------
dessant
New GTLDs may cost considerably more at Cloudflare Registrar.

For example, the annual cost of a .space domain during transfer is $15.18 (it
was $17 two months ago), while renewal for the same domain at Namecheap costs
$9.06.

To be fair Namecheap lists it as a discounted offer, but that appears to be
always the case for the .space TLD renewals.

~~~
samatcloudflare
If you can find it for $15.18 without having to buy other services, that's a
deal and you should take it. Most discounts like that are offered as loss
leaders in the hopes that you'll buy other add-ons.

~~~
dessant
For a customer it's irrelevant that the discount is a loss leader. The end
result is that I can renew a .space domain for half the price at Namecheap,
without having to buy other services.

~~~
Sujan
... which is why sam told you to take that deal as it makes sense to take it.

~~~
dessant
> If you can find it for $15.18 without having to buy other services, that's a
> deal and you should take it.

I was told to take the $15.18 Cloudflare deal, not the $9.06 Namecheap deal.

------
nimbius
ive been using njalla for some time now with good results. Not too keen on
being told what nameservers i need to use, and they do an excellent job with
privacy (PGP encrypted messages and bitcoin payment for example)

[https://njal.la](https://njal.la)

~~~
ryanlol
But njalla isn't a registrar, they're a reseller.

------
Thaxll
The page is really confusing, can we register our domain with them or only
transfer an existing domain?

~~~
spzb
At the moment you can only transfer existing domains which are already using
Cloudflare's DNS

~~~
jgrahamc
But you will be able to buy domains directly from us.

------
tych0
Off topic, but something I've wondered for a while. Maybe someone here knows
:)

Years ago (13, to be exact) when I was young and didn't know anything and
couldn't afford to buy a parked .com that made more sense, I registered a .ws
domain at Godaddy of all places. It has subsequently become the e-mail address
I use for everything.

Unfortunately, .ws doesn't really allow transfers. Now that there are all
these non-evil registrars popping up, I'd like to switch to one of them, but I
can't. Does anyone have any ideas about what if anything I could do? I suppose
I could by another domain and forward the e-mail, but the whole point of
having my own domain was that I wouldn't have to switch again :(

~~~
speps
[http://samoanic.ws/faq/index.dhtml](http://samoanic.ws/faq/index.dhtml)

> Can I transfer my domain to another registrar?

> Yes, .WS domain transfers may take place in accordance with ICANN's "Policy
> on Transfer of Registrations between Registrars". Please contact the
> registrar you would like to transfer to for instructions on how to proceed.

~~~
tych0
Unfortunately nobody actually supports it. Dreamhost doesn't, Namecheap
doesn't, etc.

If you try, they all give you the same "The WS registry doesn't allow transfer
of domains." error, because historically they have not.

~~~
maxwellpower
Uniregistry does ...
[https://uniregistry.com/pricing](https://uniregistry.com/pricing)

I personally would never trust anyone else.

------
aboutruby
Quite a large list of TLDs, would be more helpful if somehow sorted by
popularity too and showing which ones are not available.

[https://www.cloudflare.com/tld-policies/](https://www.cloudflare.com/tld-
policies/)

------
Ayesh
This has made news a few times but I will not use them for my domains.

It's been a few months since launch, but I still can't use my own nameservers
for the domains.

While the registry-pricing can often workout cheaper, some registrars
negotiate nicer deals with the registry. I have a .me domain for 8 years that
I never paid the registry standard price, it has always been sent discounted
rate.

------
tracker1
While I'd love to switch, I switched to google's a couple years ago, and the
killer feature for me, is free mail forwarding with the domain (no mail server
setup). I've got a bunch of domains I don't really use anymore, but want to be
able to receive the mail for a couple addresses.

May consider moving most of my domains over all the same though.

------
ksec
Any timeline they actually allow Registration of New Domain. Or do they expect
us to register somewhere else and do the transfer?

------
billbrown
Can anyone tell if they offer privacy? I'll move all of my parked domains here
in a heartbeat if that's included.

(I'd move my other domains here if I could use non-Cloudflare nameservers,
even temporarily. I don't want downtime or other interruption.)

~~~
samatcloudflare
We do - all whois information is redacted by default for every domain on
Cloudflare Registrar.

~~~
billbrown
Out of curiosity, where is that listed on your site? I promise I looked and
I'd like to know what I overlooked. Thanks!

------
nikolay
They don't support even .us, which is a pity. When I start a new project, I
register with another registrar and wait 60 days to move it to Cloudflare -
what a nonsense! NameBright has similar pricing - for .com at least.

------
ebg13
Given that they're selling this at cost, what does cloudflare get out of this?

~~~
jgrahamc
We hope you'll buy other services from us.

------
azinman2
If they don’t charge for themselves, what’s the motivation to do this?

~~~
SteveGregory
They get you to sign up, give your credit card, use their nameservers, and
then if you get any serious traffic, they will conveniently be there to offer
extra features with a paid plan. In my opinion, this is exceptional marketing.

------
foobarbazetc
The major issue with this is that the transferred domain must use CloudFlare
NS and be on the platform. Really not worth the lock-in for like $1/year you
save off other places.

------
detaro
previously (announcement):
[https://news.ycombinator.com/item?id=18083641](https://news.ycombinator.com/item?id=18083641)

------
legohead
Been looking to transfer my domains away from Godaddy but can't find a
registrar I like that accepts .ws, which is my main domain. Cloudflare doesn't
either :\

~~~
salasrod
Here are all the registrars that support ws:
[https://www.website.ws/registrars.dhtml](https://www.website.ws/registrars.dhtml)

~~~
legohead
ah, thank you! didn't occur to me to go to .ws itself.

------
mr_puzzled
I have domains on namecheap and would like to transfer to CF. Does the
transfer process involve disabling whois, temporarily exposing my personal
details to the internet?

~~~
samatcloudflare
Some registrars will block transfers if certain types of privacy protections
are enabled (or they'll require you expose your data to the public in order to
give you your auth code).

Namecheap can block transfers with WHOIS Guard enabled in some cases; as soon
as it is transferred to Cloudflare, though, the info will be redacted.

------
tareqak
I transferred one domain to Cloudflare, and I didn't have any issues. I admit
that it's just one data point, but I am happy.

------
no1youknowz
How long until you guys allow for Master/Sub accounts?

Would be great to allow users to purchase domains for use on a platform...

------
useful
Can you hide your contact details? The service is super cheap but that
spotlight has a hidden cost.

~~~
adventured
Contact information is redacted by default. I've moved a bunch of domains
over, they're all redacted in the whois without me taking any action. It lists
the registrar as Cloudflare. It shows the domain updated date, the creation
date and registry expiration date. There are no contact details listed at all.
And it shows the DNS servers (in this case the Cloudflare LOU and MAY name
servers).

In fact the sole problem I've had, is with another registrar. I've had my
domains with GoDaddy for 15 or 17 years. I've never had a problem with them,
so it was fine, but they've begun seriously pushing their prices up (now about
double what Cloudflare is charging). All the transfers from GoDaddy to
Cloudflare went super smooth, took minutes, except for one high-value domain
I've owned since the 1990s. GoDaddy is quasi attempting to hold that hostage,
they put it through some kind of manual transfer intervention that will take a
week to complete (hopefully).

~~~
useful
Awesome, thank you. I have the same situation with godaddy, recently purchased
10 years to avoid yearly gouging.

------
thedangler
Be cool if I can use their API to register domains for myself or on behalf of
my clients.

------
sahin-boydas
dup:
[https://news.ycombinator.com/item?id=18093215](https://news.ycombinator.com/item?id=18093215)
[https://news.ycombinator.com/item?id=19319935](https://news.ycombinator.com/item?id=19319935)

~~~
sahin-boydas
many more about Cloudflare Registrar

[https://hn.algolia.com/?query=cloudflare%20registar&sort=byP...](https://hn.algolia.com/?query=cloudflare%20registar&sort=byPopularity&prefix&page=0&dateRange=all&type=story)

------
OrgNet
who charges the wholesale registry fee?

~~~
AdamGibbins
The owners/operators of the TLD, e.g. for .com thats Verisign, for .uk thats
Nominet, for .dev that's Google etc

------
nrook
Before you register your domain with Cloudflare, please consider who their
other customers are. Cloudflare today provides services for many white
supremacist websites; they kicked off the Daily Stormer in 2017 after
widespread criticism, but still receive money from many others.

From what I can see, their senior leadership genuinely believes that, morally,
they have an obligation to provide services for horrible people in exchange
for money[1]. If you agree, use them! But if you think it's bad to defend
these sites in an era of white nationalist terrorism, look elsewhere.

[1] [https://www.wired.com/story/free-speech-issue-
cloudflare/](https://www.wired.com/story/free-speech-issue-cloudflare/)

~~~
tracker1
You don't change peoples opinions by shutting them out, all that does is drive
them deeper into their own echo chambers. It's usually a bad idea in practice.

Freedom of speech means freedom of speech you don't agree with. There is no
need to protect speech most people disagree with. FYI, the ACLU has also
protected the same people you refer to. The problem with taking away civil
liberties, is that eventually it will come down to losing your own.

For example, if you want the government to shut down speech it doesn't like,
what happens when opposing views are in power, and Donald Trump decides he
doesn't like what _YOU_ are saying. Do you really want to go there?

~~~
nrook
I support the First Amendment wholeheartedly, and believe it's important that
the government refrain from shutting down speech it doesn't like.

You may note that Cloudflare is not a government.

~~~
tracker1
Considering how much traffic flows through it, you really think they don't
have the more power than most governments?

And while, the First Amendment doesn't provide protection from private
parties, it is still possible to agree with Free Speech rights as a private
company, even if you disagree with the message. The problem is when you start
shutting down conversations, you become part of the problem.

The likes of Twitter and Facebook, as an example are _FAR_ more powerful than
any government or localized platform traditionally protected, and may be
considered Private Spaces for Public Use, which have been defined before (ref:
Occupy Movement).

Just because you are a private entity does not mean you are free to do
anything you want. The government has _LOTS_ of limitations on what businesses
can or can't do. Unless you are suggesting that businesses should never have
to comply with disability laws, or laws regarding other protected classes too?

