I operate my own domain. This domain is used exclusively for email. I do not operate a website. The requirements I seek are as follows:
- The standard DNS server supports IPv6. Name resolution is possible from an IPv6-only environment without the need to set up an external DNS server separately.
- It must be possible to activate DNSSEC without preparing a separate external DNS server.
- Compliance with RFC 8624.
- Complete WHOIS privacy. The registrant’s country of residence and province/state of residence are not displayed in WHOIS. Very few registrars meet this condition.
- FIDO U2F or passkey authentication can be configured when accessing the control panel.
Very few registrars meet these conditions because most domain registrars don’t adopt modern technologies. The domain industry is terrible.
Njalla meets these conditions, but they’ve raised their prices quite a bit recently. For example, XYZ domains increased from 15 EUR to 30 EUR per year. I think that’s a bit too expensive.
Porkbun doesn’t support DNSSEC. Gandi has incomplete WHOIS protection. Namecheap still uses SHA-1 for DNSSEC, which violates RFC 8624.
123 Reg is absolutely awful. When I tried to get customer support, the support agent told me to temporarily disable FIDO U2F. Their security practices are sloppy.
