Choose a good registrar or DNS provider

How to choose a good registrar or DNS provider when registering domain names for a government organisation.

Domain names are critical government assets. When running them you must choose a reputable registrar or DNS supplier which will let you manage your domains securely.

There is currently no government procurement framework for finding a registrar or DNS supplier. 

The registry operator provides a list of registrars which can register domains. Use this guidance to check the supplier you choose is secure, reputable and provides good customer service.

What are registrars and DNS suppliers

A registrar will help you to register a government domain with an internet domain name registry. In most cases, the registrar will also be your domain name system (DNS) supplier, which hosts the authoritative name servers for your domains.

Some suppliers may combine other services like internet access, or web and email hosting. If you are choosing a DNS supplier to manage your internal domains then you may not need a registrar.

How to choose a registrar or DNS supplier 

Cost should not be the main factor you consider, as the cheapest registrar or suppliers may not provide the best security or support. A good starting point is to ask a large organisation like your parent organisation or central department what registrar they are using.

You must choose a reliable supplier who will:

  • keep your domain secure

  • make sure your domain stays live on the internet

  • fix problems quickly if your domain goes offline

Registering a domain name does not cost a lot of money but is a significant point of control over many of the services you provide to your staff and citizens.

The baseline cost for a new domain name from the current registry supplier is £80 plus VAT for the first 2 years. The renewal fee every 2 years after that is £40 plus VAT. You can expect your supplier to charge a markup depending on the level of service they provide.

1. Choose a secure supplier

You should look for a registrar or DNS supplier that:

  • uses strong password requirements and multi-factor authentication when accessing your management portal

  • verifies your identity if you make changes by email or phone

  • lets you control who in your organisation can make changes

  • sends email notifications when changes are made

  • uses multi-factor authentication in its interaction with the registry

  • supports Registry Lock services

To further enhance the security and resilience of your domains you should also look for:

  • client and server lock processes that require additional validation for changes to be made

  • secure way to back up your domain data with a secure third party (usually called domain escrow)

  • support for DNSSEC to protect against DNS hijacking and man-in-the-middle attacks

  • support for adding CAA records, to indicate to certificate authorities whether they are authorised to issue digital certificates for your domain name

  • name servers spread across multiple physical locations for resilience

  • restricted privileges for different administrators, for example limiting them to certain domains

  • restricted management portal access by device or location

  • audit and activity logging

  • version control for DNS changes

  • a public API to allow for configuration management or ‘infrastructure-as-code’

  • export functionality to allow for backups of your DNS zone to be taken

Consider using multiple suppliers for important domains. This means that if one supplier ever suffers an outage, your services will continue to work.

If an attacker were to gain control over your DNS they could change email routing or spoof your website without you being aware. The National Cyber Security Centre provides guidance on how you can make sure a supplier offers a secure service including the use of the Cloud Security Principles.

The Domain Management team recommends that you:

  • follow NCSC guidance on managing public domain names

  • keep up to date with NCSC reports and advisories and take appropriate action

  • follow the best practices outlined by ICANN to protect domain name registration accounts

2. Check the reputation of your supplier 

Performing your own due diligence will help you check if a registrar or DNS supplier is reputable. You can:

  • check if DNS management is a core competency of the supplier

  • check Companies House for its business history

  • find a supplier through the Digital Marketplace

  • look for evidence of good governance such as ISO27001 certification or ICANN accreditation

  • check the supplier has a modern management portal that supports DNSSEC, null MX entries, long DKIM records, and CAA

  • check that the supplier is not susceptible to common DNS misconfigurations such as public zone transfers or enabling the ‘ANY’ record

  • check they provide a dispute resolution policy - for example what is the process if one of your domains gets hijacked?

  • check whether the registrar outsources their DNS infrastructure - if they have you will need to make sure the outsourced supplier is also reputable

3. Look for good customer support 

It’s important to check that a potential registrar or supplier offers you:

  • knowledgeable technical support

  • the support hours you need

  • an emergency phone and email contact

  • the option to check and monitor your records

  • the ability to make changes quickly and easily

  • a process for transferring your records to another supplier if there is a problem

Not all suppliers give you direct access to your DNS records via a control panel. Check if this is something you need and try it out before buying to make sure it offers a good user experience.

Why you need a trusted registrar or DNS supplier

As a government domain administrator you must choose a registrar or DNS supplier so you can:

  • meet the appropriate security standards for your organisation, for example, central government departments must follow the Minimum Cyber Security Standard

  • view the domains your organisation owns or has control over

  • keep the contact details of the domain administrator up to date

  • receive notifications before your domain names expire

  • protect your domains between both you and your registrar, and between your registrar and the registry

  • monitor when changes are made to your domain

Your organisation needs a trusted registrar or DNS supplier to operate any government domain name. It’s important you trust your supplier because they can:

  • make changes to your DNS records, redirect your email, website, or digital services

  • get TLS/SSL certificates issued for your domains

  • validate domain name ownership for services like G Suite or Office 365

  • transfer your domains to another supplier or somewhere out of your control

For more information on choosing a registrar or DNS suppliers you can read:

Published 7 October 2019
Last updated 5 January 2022 + show all updates
  1. Changed subheadings under the 'How to choose a good supplier' section and restructured the page to make it clearer

  2. The Domain Management team has now moved to the Central Digital and Data Office. This update removes any references to the Government Digital Service (GDS).

  3. Help domain owners think about the the user experience by making sure the name is not too long or complex.

  4. Suggesting that applicants can check which registrar their parent organisation is using and also checking if potential providers support Registry Lock services

  5. First published.

  1. Step 1 Check if your organisation can apply

  2. Step 2 Appoint a domain name administrator and choose a registrar

    You must appoint someone to register the domain name. The Central Digital and Data Office (CDDO) must be able to contact them.

    1. Appoint a domain name administrator
    2. You are currently viewing: How to choose a good registrar or Domain Name Service (DNS) provider
  3. Step 3 Choose your domain name

  4. Step 4 Apply for your domain name

  5. Step 5 Appeal your rejected domain name application

  6. Step 6 Use your domain name

    You must follow the Cabinet Office guidelines when your domain is live, or CDDO will withdraw it. For example, you must keep your contact details up to date.

    1. Set up and use your domain name
    1. Keep your domain name secure
  7. Step 7 Manage your domain name

    You can make changes to your domain name.

    1. Renew your domain name
    1. Modify or transfer your domain name

    If your organisation no longer needs a domain name, you must take steps to protect it.

    1. Stop using your domain name
    1. What to do if your domain is compromised