> Interests of the existing PKI industry may be the source of some friction, but the bigger issue is that DANE depends on DNSSEC, which is not widely deployed, and sometimes actively avoided due to its complexity and ease of breaking you site.
I have a feeling it is "actively avoided" because vendors don't want to lose control of the cert ecosystem. Allowing user to just generate a domain for themselves means it will never get logged in central log and so can't be automatically found by crawlers by the big guys
This is public data so the big guys could absoltely crawl it. But we should not underestimate the size of the PKI industry, several large actors make good living from the existing web PKI and they will not change unless their very existence is threatened.
> Because DNS' multilayered caching makes it notoriously impossible to operate safely or debug.
That is not a problem for certs, you are not changing it every second. And the "impossible to operate or debug" is just plain failse or incompetence
> Most large outages already originate in DNS issues; putting the crypto in that layer would redouble it.
That is also just not true. Also, outage of DNS coz someone fucked up configuration management somewhere is not caused by anything related to DNS, it just so happens DNS is essential so any problem is visible.
If all apps abode to it it would be nice because you could just backup config and skip all the other stuff. <type>/app hierarchy is much better than <app>/type because that allows for example of easily excluding ~/.cache from backups.
... but of course some apps must be super special flowers that need their own dir
Yeah, I find it especially annoying when apps do use the XDG directories but use them incorrectly (dumping a bunch of state/data in .config is unfortunately too common). If apps want to do that I wish they would just grab $HOME/.appname rather than mess up my .config dir.
Generally I agree, though for lighter-weight stuff like personal config management, I’ve grown fond of chezmoi [0]. It has templating support, so I can do things like auto-detect if it’s a work machine or personal, and render the appropriate files where needed.
I think it can also do rudimentary app management via storing a lockfile, but I haven’t tried that out.
It's literally the largest registrar in the world, by a large margin.
When you're a business and want something reliable, picking the most popular provider is usually a strategy that works decently well. They're more likely to have established processes that work for all sorts of cases.
That's what makes this particular story so egregious.
Domains are a very funny business. I can't think of anything so crucial to businesses, that at the same time generates so little revenue per customer. Your entire technological infrastructure depends on it, yet it costs $15/yr. Making a single support request can turn you into an unprofitable customer.
>It's literally the largest registrar in the world, by a large margin.
When you're a business and want something reliable, picking the most popular provider is usually a strategy that works decently well. They're more likely to have established processes that work for all sorts of cases.
It's also literally one of the most criticized and awful registrars in the world, by a large margin. If decades of stories like this don't convince you to go with a more reliable registrar then I have very little sympathy.
This story is not egregious, it's in fact typical of GoDaddy. Every so often we get a HN post with a GoDaddy horror story. You'd think people would have learned by now.
They are the biggest because they undercut all the other registrars and spent millions on Superbowl commercials among other strategies. Size does not automatically equate to competency. Sometimes bigger can mean more mistakes are likely to occur and customer voices may be more likely to be unanswered in the ocean of support issues.
How many stereotypical male tech nerds flocked to GoDaddy after hiring Danika as "spokes" model. Did she ever speak? Glorified booth babe is more like it. After that, every non-tech dude would remember those commercials. Of course they are popular, of course for the wrong reasons. It goes to show exactly how well advertising campaigns work.
Sortof? [0]. All the commercials I saw [1] were just meant to get guys to visit their site so the speaking was just for fun. The later fake body-building commercials [2] were unusual.
> When you're a business and want something reliable, picking the most popular provider is usually a strategy that works decently well. They're more likely to have established processes that work for all sorts of cases.
But they proven over and over and over and over and over again that they are not a reliable business partner.
Porkbun. Their prices are very reasonable and their support team is consistently responsive and helpful. Honestly, even if their pricing was higher I would still choose to use them because it's clear their goal is to maintain a useful product, not infinite growth andendshittification
Interestingly, Cloudflare (don't shoot me for mentioning the name, HN!) identify Porkbun as "GoDaddy-Porkbun" but I don't know the relationship.
Edit: "Top Level Design [Porkbun owners] was the domain name registry for several top-level domains including .wiki, .ink and .design, until the company sold these domains to GoDaddy Registry in April 2023" --Wikipedia
Top tier is still MarkMonitor. Last I spoke with them, they had a five-figure minimum spend, but the per-domain costs are competitive. That cost buys you proper named support contacts, etc.
If you look up the whois for microsoft.com or yahoo.com, that's who you'll find.
Five-figure minimum spend sounds pretty expensive for the vast majority of businesses out there. Of course, just a drop in the bucket for major brands.
Definitely. I don't use them for my personal domains, of course.
But as others have pointed out, there's basically zero margin on simple domain sales. So if you want proper support, you need to go to someone who bundles it with other enterprise business (e.g. AWS), or who makes it their whole business (e.g. MM).
>
When you're a business and want something reliable, picking the most popular provider is usually a strategy that works decently well.
For offline goods, definitely. For digital services, 10+ years ago, definitely. For digital services, in 2026, it's a bad strategy even if you're a business and want something reliable.
IIRC, when I used it for my employer .com was $100/domain year, registry lock for eligible tlds was $1000/domain year (I forget if that included the domain), and there was a minimum annual spend that I don't remember, but might have been $10k-$30k. They have new ownership since then, so I dunno.
The only issue we had was when we wanted to change our nameservers and our authorized contact for registry lock didn't answer the phone for the verification call, so we had to postpone the change for the next day. But that's what is supposed to happen, so no big deal.
Better than networksolutions changing our nameservers when one of their support agents got phished.
> They're more likely to have established processes that work for all sorts of cases.
In my experience the sentence is only correct this way: "They're more likely to have established processes for all sorts of cases"
They have lots of clients. They have big opportunities to streamline support (which is a cost center). ... do you see where it leads? Read the OP, if not!
> When you're a business and want something reliable, picking the most popular provider is usually a strategy that works decently well.
That is also at least 10 years old stale matter. Have you ever read people wrongly being locked out from a BIIIIG provider unable to get through to get remedy? Apparently no. I did. I am sure several other people here did too.
Motto: "Eat shit! A trillion flies cannot be wrong!"
You’d be surprised how many enterprises use them. Also their managed hosting support is surprisingly competent. I’m not a fan of their service but some of our clients use them and anytime their servers have had issues support was quick to fix. Way nicer than having to jump in and do it myself. And so far it’s all been local support and not offshore.
Registering a domain usually happens very early in a business' history. It might literally be the first concrete thing the founder does. If the founder is non-technical, they're just going to Google "buy a domain" and see who comes up.
Do it, now. What comes up?
Yes, once IT gets professionalised, they should switch to a better provider. But the registration will likely be for multiple years, with auto-renewal, and when nothing has gone wrong, theoretical problems take a backseat to live ones.
Came here to post the exact same comment. They have a history of amateur-hour stuff like this, too, don't they? For me, the brand has always been associated with "bet it all on marketing" rather than technical competence.
The primary reason I used to prefer GoDaddy is you could call them 24/7 and talk to a human who could fix it. Historically I have preferred companies with phone support over submit-a-ticket-and-wait.
reply