« Back to homepage

The Future of Domain Names

Jake Robertson - May 5, 2019

In March, Google publicly opened registration for the .dev top-level domain (TLD). The race to acquire premium names - and the exorbitant prices that came with it - was a reminder of one of the web's most prevalent concerns: domain names are broken.

Background, and the rise of decentralization

When you rent a domain name from a registrar (such as Namecheap or Hover), the record of your ownership is added to the registry associated with the TLD. For example, VeriSign manages the database for .com and .net domains, among others.

After you purchase the domain, your registrar allows you to point it to an IP. This setting is propogated to servers across the Domain Name System (DNS). There are lots of these servers. You may know of Google's public name servers (8.8.8.8 and 8.8.4.4) or Cloudflare's new 1.1.1.1, but almost every ISP has one as well. It is usually pretty easy to change the DNS server for your browser or device if you want to.

Similar to the .com rush in the 90s, companies in the last decade have begun snagging TLDs for their brands or industries. Gap Inc., for example, bought the .oldnavy and .bananarepublic TLDs in 2015. The Major League Baseball company bought .baseball in the same year. Microsoft owns .office, and Amazon owns .aws. Looking at the ICANN registry listing is an interesting look at the companies' attempts to establish footholds for their brands.

But wait a minute, those companies are not just buying names at realcheapdomains.legit, they are creating registrars. Disney has one, Apple has one, even your bank might have one. And if you want to buy a .azure domain name, you're going to have to call up Microsoft.

From one perspective, this is a good thing. Let's first consider the case of companies which are actually interested in selling domains (like VeriSign et al.). Internet users are increasingly comfortable with going to websites with alternative TLDs, and they are better able to recognize that they can be just as trustworthy as regular ones (or perhaps they just don't care). If the internet does not have to be all .com, registrars are free to trade TLDs, and website-owners are free to consider between different registrars for the cheapest domain. The rise of registrars as a business model adds a second layer of competition to the bottlenecking domain market.

Will businesses switch to TLDs?

Although there are now many owners of very brand-specific TLDs, few have made significant public use of them. Some examples of the more prominent uses are home.cern and blog.google (I'm still waiting for the com.google April Fool's joke).

So what's the point? Why are companies spending so much money to buy TLDs that they have no plans to use or even rent space for? The reality is that there really is no point -- it's just hoarding. Large companies have simply found a relatively inexpensive 6-figure commodity they can put their trademarks on and maybe make some money off of in the future.

Even some owners of the 'vanity' TLDs, like .baseball, have yet to start accepting customers -- if they ever will. It is clear that one of the domain name systems' biggest problems, name squatting, is back in a new form: but this time, it is a lot more expensive.

"Hard to remember" is good

Maybe the future of domain names is that we won't use them.

The IPv4 problem was solved with IPv6. Yet, many developers are still unaccustomed to it and continue to build networks based on IPv4, even when their systems support v6. The main reason is likely that IPv6 representation is simply too intimidating. Ostensibly it seems strict: 8 groups of 4 hex digits, separated by colons. However, these could often be too long, so in valid representation 0-groups can be truncated with a double colon, and leading 0's can be ommitted. All of the following are the same address:

2001:0db8:85a3:0000:0000:8a2e:0370:7334
2001:0db8:85a3:0:0:8a2e:0370:7334
2001:0db8:85a3::8a2e:0370:7334
2001:db8:85a3::8a2e:370:7334

It's not too complicated, but it's intimidating, and that's what separates "things humans are good at" and "things we would rather have a computer deal with." In reality, IPv6 is great, even beyond the fact that it fixes the exhaustion problem: it stops developers from thinking about IPs. Knowing the IP of devices on your network, and being able to easily type them out when necessary, is a crutch; applications should be the solely responsible for parsing these addresses, just like it would be unreasonable for someone to memorize a UUID for their login info in a database.

Using "hard to remember" identifiers eliminates this crutch by removing the ability for humans to use them. The result is systems which properly allocate devices with unique addresses, rather than a developer i.e. hardcoding 192.168.0.42 as the database server. If you were otherwise forced to type 2001:db8:85a3::8a2e:370:7334 every time you wanted to connect to a server, you would probably try to find a way to automate it instead.

Evolution of DNS

The future of domain names is Google.

Typing in a domain name to go to a website has several problems. First, I need to know what it is. This issue seems particularly ironic because of the problem that name servers sought to solve in the first place: alleviating the need for users to memorize a bunch of addresses. And it will only become more prevalent as alternative TLDs become common; is Spotify at spotify.com, spotify.music, or something else?

The second problem is security. A classic example is the mixup between whitehouse.gov and whitehouse.com. But not all such mistakes are so innocent. Many scammers prey on users' lack of understanding of DNS to make realistic-looking domain names, e.g. spotify.[evil_site].com.

In some cases, a phisher can even register alternative TLDs for an existing brand name. A naive user can guess the TLD for a website, arrive at an official-looking version, and innocently hand over their login information when prompted. Larger companies are able to keep up with this whack-a-mole, but smaller ones don't always have the opportunity.

The safest way for me to go to the Spotify website would in fact be to search "spotify" on Google and click the first link. I don't even need to go to google.com first: my browser goes to it automatically when I enter a bare keyword in the address bar.

Domain names will become obsolete. The future DNS will be much like a search engine -- not for websites, but for brands. There should be no need for me to remember whether a company's website is at company.com, company.biz, companyapp.io, or any other combination. Search engines are already completely capable of finding the website when I type in the brand name, so why couldn't this functionality be directly integrated into an evolved "Domain Name" System?

Domain names, and the pricing and hoarding that comes with them (and their TLDs) would become irrelevant. It will still be possible to access devices without this system, of course, just like it is already possible to directly reference an IPv4 or IPv6 address. But for end-users, it is clear that the domain name system is ultimately unsafe, expensive, and in dire need of centralization.