Note: this was originally published on my personal blog.
You’ve just thought of the next big thing. It’s gonna have AI, and you’re going to put it on the blockchain.
You go onto GoDaddy, enter the name in, and boom —
Eventually you find one that isn’t taken, and $10 later, it’s yours. Of course, you never ended up starting that project.
But ever wonder where that $10 goes?
You’re probably aware that when computers talk over the Internet, they use numerical labels (IP addresses) to identify each other. These are hard for us to remember, so we prefer friendly names like “google.com”. For you to access Google, some magic has to happen behind the scenes to turn “google.com” into Google’s IP address, “220.127.116.11".
First of all, someone at Google had to have registered the name google.com. This is done via a domain name “registrar” such as GoDaddy. Registrars are like high street shops – they actually get the domains from wholeseller-equivalents, but provide a convenient way for customers to buy and manage domains.
Next, someone has to tell the rest of the Internet that google.com points to 18.104.22.168. This is done by a “registry”, which is also the wholeseller that provides domains to registrars. Each top-level domain (TLD) — .com, .net., .org etc — has a registry that manages it. The .com TLD has been managed by the same registry since the beginning of time — an extremely profitable monopoly called Verisign. More on that later.
Finally, since there are lots of different TLDs, someone needs to keep track of which registry manages each. There are only ~1,000 TLDs to keep track of, so this is done in a small file — the “root zone file” — which is hosted on lots of different servers around the world so that anyone can easily access it.
When you type google.com into your browser, the domain is split into parts by the “dot”, from right to left. The first part is “com”, so your computer checks the root zone file to see which registry manages the .com TLD. It then checks with this registry to see where the next part, “google”, points to. The registry returns the IP address 22.214.171.124, and your computer can then ask Google to send their homepage over.
If you’re still with me then you might be wondering who came up with all of this. The answer is ICANN — the Internet Corporation for Assigned Names and Numbers. ICANN is a non-profit whose role is to coordinate all the names and numbers that keep the Internet online. They outsource a lot of the heavy domain name lifting to registries like Verisign, who pay ICANN for the privilege.
So where does your $10 actually go?
You pay money to the registrar (the shop), but they buy the domain from Verisign, the .com registry (the wholeseller), who have to pay ICANN (the regulator? the tax man?) a fee. Who gets what?
In the case of .com, Verisign get the lion’s share of the pie. A registrar can charge however much they want to customers, with the obvious caveat — if they charge less than Verisign’s fee they’ll be operating at a loss, and if they charge much more than Verisign’s fee, other registrars will undercut them.
This free-market kung-fu is a win for consumers, and promoting such competition is one of ICANN’s primary principles. So surely the same forces apply to Verisign’s fee, right?
This is the yearly .com registry fee over the past 30 years:
What’s going on here? Has the marginal cost to Verisign of operating a .com domain really stayed the same over the past 8 years despite technological advances and greater economies of scale? What happened in 2007 that made domains more expensive to manage than in 2000?
The way that competition is supposed to work between registries, is that lots of companies go to ICANN and say “We think we can reliably manage .com, and we think it would cost us [$5] per domain.” ICANN reviews these bids and awards the .com contract, which lasts for a fixed period of time, to whomever they deem best-suited to the job. In this time, other companies can think of ways to manage .com better/cheaper, and try and win the next contract. This, in theory, would provide an incentive for registries to innovate, a big part of which would be in lowering costs.
In practice, this has never happened with .com. The 2001 contract between ICANN and Verisign allows for a competitive bidding process for renewal, but just 3 years into the contract, trouble was on the horizon — in an unprecedented move, Verisign and ICANN went to war.
The dispute was over the innocently-named Site Finder Service, launched by Verisign in 2003. With traffic to every .com domain going through Verisign, the Site Finder Service redirected anyone accessing an unregistered domain (via a typo, for example) to a Verisign website with sponsored links. The company argued that this was more useful to Internet users than seeing a generic error page. Whatever their reasoning, this made Verisign the de-facto owner of every unregistered domain (what else does it mean to own a domain?), and skyrocketed them from 2,500th into the top 10 most visited websites. The best part? Verisign launched this without running it past anyone.
I’ve tried to be charitable to Verisign in my reading of Site-Finder-gate. Even then it seems quite clear that they were deep within the grey areas of their contract with ICANN, and that they knowingly acted against the spirit of the Internet that they’d been entrusted to build. That said, I respect the hustle — Verisign were, and continue to be, a publicly traded company with a responsibility to deliver value to their shareholders, and this quasi-bait-and-switch was a pretty inspired way to do it.
Just days after Verisign launched the Site Finder Service, ICANN wrote a strongly worded letter ordering them to disable it. Verisign complied, but not without writing a strongly worded letter of their own, in the form of a lawsuit. Verisign argued that ICANN overstepped their bounds in trying to control their activities, and ICANN argued… that Verisign overstepped their bounds in performing those activities.
At the end of 2006 after 3 long, litigious years, the lawsuit was settled out-of-court. Nobody knows exactly what happened behind those closed doors, but it’s clear that Verisign took the cake.
ICANN renewed Verisign’s .com contract, this time with an interesting new clause — the $6 cap previously placed on Verisign’s fee was removed, granting permission for Verisign to raise their fee by 7% each year from 2007 to 2010, bringing it to $7.85. The justification given by ICANN was “to allow market forces to determine prices”, which I don’t quite follow, but I’m no Keynes. They also point out, in subtler language, that it’s the US government’s job to worry about Verisign’s monopoly, which is, I guess, fair.
More controversially, the new agreement guaranteed the renewal of Verisign’s contract in 2012 unless they were in “fundamental breach” of their obligations as a registry. A similar presumptive renewal clause in the 2012 agreement recently sealed Verisign’s control over .com until 2024. This kind of arrangement, ICANN say, incentivises registries to make long-term investments in infrastructure that benefit the Internet community.
Though this sounds sensible, a final comment from ICANN on the matter paints a different picture, one of a company on the back foot, trying to move forwards without waking the big bad wolf in their bed:
The benefits of eliminating existing and future disputes with VeriSign… is of significant value to the community that is only achievable through negotiations with VeriSign.
Verisign have a good claim to being the pioneers of the subscription model on the Internet. 130 million .com domains bring in $7.85 per year in fees, totalling over $1 billion in annual recurring revenue, a number that’s only going to grow as more people get online.
They have, however, made their fair share of enemies along the way, consisting of pretty much anyone who isn’t employed by them. They face mounting pressure to lower the registry fee, with other players promising to do the same job for as little as $1 per domain, and companies like Google already pitching their tents in the DNS space.
What’s easy to forget, though, is that Verisign have managed .com for the past 20 years without so much as a hiccup of disruption or downtime, and that there’s no guarantee that a more democratic or competitive process would have resulted in the 2 decades of .com stability that we’ve enjoyed. Internet governance is obviously important, but we should remember that the overwhelming majority of users don’t know or care what’s going on behind the scenes.
With that in mind, the date for our diaries is 30th November 2018, when Verisign’s current contract expires and a new one begins. It’s sure to spark public discussion of these issues, and cast a rare spotlight on the fabric of the Internet that we often take for granted — the humble DNS.
If you enjoyed this, please check out and subscribe to my writing over at www.taimur.me — comments and feedback always welcome!