[dns-operations] Registrars with a "registry lock" service

[Anand Buddhdev]

Hello people! Our current registrar, Gandi, has increased the renewal
prices of all our domains (.com, .net, .org and .community) to insane
amounts, and we want to switch away from them. We're looking at some other
registrars, viz. Joker (Germany), Oxxa (Netherlands) and PorkBun (USA).
They all offer the usual features we would want from a good registrar, but
none of them have any information on their website about a specific
advanced feature we're looking for, which is called "registry lock". This
is an advanced feature, where the registry applies a lock on the domain,
and changes of any kind have to be verified with a phone call between
registry and registrar. This lock is a stronger defence against attacks.
When a domain has a registry lock on it, it's visible in the whois output
as:

Domain Status: serverDeleteProhibited
https://icann.org/epp#serverDeleteProhibited
Domain Status: serverRenewProhibited
https://icann.org/epp#serverRenewProhibited
Domain Status: clientTransferProhibited
https://icann.org/epp#clientTransferProhibited
Domain Status: serverTransferProhibited
https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited
https://icann.org/epp#serverUpdateProhibited

In the above, the "clientTransferProhibited" is because of a "registrar
lock". This is a standard feature provided by almost all registrars, and
it's not what I'm after. I'm after the "serverDeleteProhibited",
"serverRenewProhibited", "serverTransferProhibited" and
"serverUpdateProhibited" lines. These ensure that the domain cannot be
deleted, transferred, or modified without a manual check by the registry.
Is anyone aware of registrars that provide this service?

Regards,
Anand Buddhdev
RIPE NCC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20250108/93c1539d/attachment-0001.html>