What is a Domain Registry?
A domain registry (or registry operator) is an organization responsible for maintaining the authoritative database of all domain names registered under a particular TLD. The registry operates the infrastructure that makes domains work, including zone files and RDAP/WHOIS servers.
Registry vs Registrar
This distinction confuses many people:
| Aspect | Registry | Registrar |
|---|---|---|
| What they do | Operate TLD infrastructure | Sell domains to public |
| Who they serve | Registrars | End users |
| Number per TLD | One | Many |
| Example | Verisign (.com) | GoDaddy, Namecheap |
| Analogy | DMV (maintains records) | Car dealer (sells to you) |
You don't interact directly with registries—you register domains through registrars, who communicate with the registry on your behalf.
Major Registry Operators
Verisign
- TLDs: .com, .net, .cc, .tv, .name
- Scale: ~175 million .com domains
- Notable: Operates two of the 13 root servers
Public Interest Registry (PIR)
- TLDs: .org, .ngo, .ong
- Structure: Non-profit organization
- Mission: Serve the non-profit community
Donuts / Identity Digital
- TLDs: 200+ new gTLDs (.app, .live, .email, .news, etc.)
- Notable: Largest new gTLD portfolio
Google Registry
- TLDs: .dev, .app, .page, .new, .google
- Features: Required HTTPS for .dev and .app
Radix
- TLDs: .online, .store, .tech, .website, .site
- Focus: New gTLDs for businesses
Country-Code Registries
Each ccTLD has its own registry:
- .uk: Nominet
- .de: DENIC
- .io: Internet Computer Bureau
- .ca: CIRA
Registry Functions
Zone File Management
The registry maintains the zone file containing NS records for all registered domains:
; Simplified .com zone file concept
example.com. NS ns1.example.com.
example.com. NS ns2.example.com.
another.com. NS ns1.cloudflare.com.
RDAP/WHOIS Services
Registries operate authoritative RDAP and WHOIS servers:
# Verisign's .com RDAP
curl "https://rdap.verisign.com/com/v1/domain/example.com"
EPP Gateway
Registries run EPP (Extensible Provisioning Protocol) servers that registrars connect to for domain operations.
DNS Resolution
Registry name servers answer queries from recursive resolvers, directing them to individual domains' authoritative servers.
Registry Agreement with ICANN
gTLD registries must sign a Registry Agreement with ICANN that specifies:
- Technical requirements
- Pricing constraints (for some TLDs)
- Security obligations
- RDAP/WHOIS requirements
- Dispute resolution procedures
Registry Business Models
Wholesale Pricing
Registries charge registrars a wholesale fee per domain:
- .com: ~$9.59/year (2024, regulated price increases allowed)
- .org: ~$10.26/year
- New gTLDs: Varies widely ($2-$100+)
Premium Domains
Registries designate certain names as premium, charging significantly more:
- Short domains (ab.com)
- Dictionary words (car.io)
- High-value keywords (insurance.com)
Reserved Names
Some names are reserved and unavailable:
- Registry operations (nic.tld, registry.tld)
- ICANN requirements (example.tld)
- Trademark protection
Registry-Registrar-Registrant Model
ICANN
↓ Policy & oversight
Registry (Verisign)
↓ Wholesale domain operations
Registrars (Namecheap, GoDaddy, Cloudflare)
↓ Retail domain sales
Registrants (You)
This three-tier model promotes competition at the registrar level while maintaining centralized TLD management.
For Developers
When building domain tools, you often interact with registry data:
RDAP Queries: Each registry operates RDAP servers Bootstrap Files: IANA publishes registry RDAP URLs at https://data.iana.org/rdap/dns.json Rate Limits: Each registry has different limits—respect themDomScan handles registry interactions automatically, providing a unified API across all supported TLDs.