Security news that informs and inspires

Cloudflare Starts Security Focused Domain Registrar

By

Cloudflare is planning to offer a new domain registration service that won’t add any extra fees on top of what each TLD charges and also will include advanced security and privacy protections, such as two-factor authentication and domain locking by default.

The Cloudflare Registrar service is meant to remove a large portion of the cost of registering domains with privacy and security built in. Many registrars provide registration services that include enhanced security protections and privacy tools, but they’re typically far more expensive than a basic domain registration. Cloudflare itself has such a service called Custom Domain Protection, but the price is prohibitive for most businesses.

“Every client using Custom Domain Protection defines their own process for updating records. For instance, if a Custom Domain Protection client wants us to not change their DNS records unless 6 different individuals call us, in order, from a set of predefined phone numbers, each reading multiple unique pass codes, and telling us their favorite ice cream flavor, on a Tuesday that is also a full moon, we will enforce that. Literally,” Cloudflare CEO Matthew Prince said.

But that’s not exactly a process that’s going to work for every business. So Cloudflare is rolling out a new service that provides important security and privacy tools for free and doesn’t charge any premium over the cost of the domain itself. For most TLDs, registering a domain is somewhere around $10.

"We promise we'll allow you to enable two-factor authentication."

“From the security side, we promise we'll allow you to enable two-factor authentication, we’ll lock your domain registration by default, and automatically enable best-practice security services like DNSSEC,” Prince said.

The motivation for providing the new registrar service came from Cloudflare’s own experience with its domain registrar. The company had a number of internal domains that needed extra security and wasn’t satisfied with the way its registrar was handling them. So Cloudlfare built its own registrar.

For years, we worked with our original domain registrar to ensure these domains were as locked down as possible. Unfortunately, in 2013, a hacker was able to compromise several of the systems of the registrar we used and come perilously close to taking over some of our domains,” Prince said.

“That began a process of us looking for a better registrar. Unfortunately, even the registrars that charge hefty premiums and promise to be very secure turn out to have pretty lousy security.”

The Cloudflare Registrar service is only open to current Cloudflare companies right now, but the company will be making it available to new customers in the near future.