Cloudflare TV

🚀 Cloudflare Registrar for Everyone

Presented by Apoorva Ravikrishnan, Eric Brown, Rob Tulloh
Originally aired on 

Registrar for Everyone - new domain registrations, support for additional TLDs, and what's coming next for Registrar.

Read the blog post:

Find all of our Birthday Week announcements and CFTV segments at the Birthday Week hub

Birthday Week

Transcript (Beta)

Hi everyone. Thanks so much for tuning in. This week is a very, very special week for us.

It's Cloudflare's 11th birthday and we'll be announcing a series of releases that are designed to help build a better Internet.

I'm Apoorva Ravikrishnan from the product marketing team and I'm here today with folks from product and engineering team to talk about one of the announcements that went out today, Registrar for Everyone.

Before I pass on to my colleagues here so that they can introduce themselves, I want to note that if you have any questions whilst you're watching this segment, please do send them in.

We'll be saving some time toward the end to respond to them or we'll get back to you at a later time if we were not able to cover it in that time.

Anyway, Eric, do you want to quickly introduce yourself? Sure.

Thanks Apoorva. Hi everybody. My name is Eric Brown. I'm the product manager for our Registrar service and we're here today to tell you a little bit about Registrar in general, what we've been working on and of course the announcement that we made this morning.

So a little bit about our Registrar to start off.

So Cloudflare has actually had a Registrar for a number of years. We first became an accredited Registrar three or four years ago and we started mainly to protect our own domain assets, particularly

And so we became an accredited Registrar so we could maintain control of our own domain, secure it properly, you know, we trust ourselves more than others.

And over time we started having some of our customers, some of our high-profile customers take notice and they said, hey, can you protect my domain as well?

So we started a new service. At the time we called it Secure Registrar but today it's called Custom Domain Protection and we basically provide a high level of security for some of these high-profile domains.

And in 2018, we decided we need to open up a Registrar for all of our customers.

So we announced in birthday week 2018 that we were starting a Registrar and we launched first with transfers.

And that was mainly because we have millions of customers today on our platform with domain names that they've all registered at other Registrars.

And it made sense for us to provide them with a Registrar where they could, you know, they could transfer the domains to us and they can manage their domain registration and their DNS all in one location.

So that's a little bit about where we are today and we're here to talk about where we're going.

Thank you for that, Eric. Rob, do you want to do a quick intro as well before I jump into the next question?

Certainly. So I'm Rob Tullo and I'm the Engineering Manager and Technical Lead for the Registrar team here.

And I'll be answering technical questions and giving some technical overview as we work through the question list.

So thank you. Great, thank you so much. I think we have heard an overview of what we've been doing with Registrar so far but can we talk about some of the biggest challenges in the world of domain registration?

I think it'd be great to kick off with that.

Sure, sure. That's a great question. So the domain world today comprise of a couple of key entities.

You can think about it as Registrars and Registries.

You know, we're obviously a Registrar and there's Registries.

And the Registries, you can think of them as the wholesaler. They're the ones that say own the TLD, the top level domain.

And the Registrars are the retailers that sell the domains to customers.

We interact directly with customers.

And so that's the ecosystem. Then within the domain world, there's two types of top level domains.

There's the generic TLDs, they call the GTLDs. Those are like .com, .net, .info.

And then there's the country code TLDs, the ccTLDs. In the GTLD world, there's an organization called ICANN, the Internet Corporation for Assigned Names and Numbering.

And they're sort of a regulator, so to speak. So all the accredited Registrars, all the Registries in the GTLD space have contracts with ICANN.

And ICANN is a policy creating organization. So they set the policy for all the GTLDs.

In the ccTLD world, each ccTLD can establish their own policies, their own rules, their own pricing, anything they want to do, pretty much.

Sometimes they may be accountable to a government or something or another organization, but in essence, they're not under the ICANN umbrella.

So I would characterize today that three main things that are challenges in our industry.

First is growth.

Over the last seven to 10 years, we've seen the number of new TLDs expand greatly.

That was with the latest round of new GTLDs that was launched. There were over 1,000 new GTLDs launched.

And what that means is for a Registrar, that is a lot more Registries that you have to integrate with, you have to communicate with, you have to interact with on a daily basis.

The technical integration side of it is much, much more complicated than it was, say, 10 years ago.

That also means there's a lot more policy rules that you have to follow. You have to keep up with what each Registry is doing.

In the last year or so, maybe two years, we've seen a pulling back of that in the sense that there's been a bunch of consolidation in the industry with one Registry being purchased by another Registry.

We're seeing a little bit of a shrinking, but that also brings with it its own challenges because every time that happens, there's new agreements that have to be worked out.

There's a new back-end Registry operator that you may have to integrate with.

You may have to deal with the migration of data from one Registry provider to another.

The second challenge is particularly important these days, and that's in the area of privacy, data privacy.

With the GDPR and other national privacy laws that have come out in the last few years, the concept of what, who is data, the registrant information of a domain name, which data should be public, under what circumstances, and who should have access to that data.

There's a lot of activity in the ICANN world in the policy area where they're trying to figure out how to implement a system that balances privacy for the individual with the potentially legitimate needs of, say, a law enforcement agency or a trademark holder or something like that.

So there's a lot of work going on there. And then the third is security.

Security is always an issue in the domain industry. There are lots of app players in the industry that are always trying to take control of a domain name.

We've seen issues recently with the data of an entire Registrar being breached and exposed because Registrars not only have to protect the individual domain name, we also hold the data for a large set of domain registrants.

And a lot of that data were required to maintain for a certain amount of time.

So it's important, you know, security is a very important issue in the industry today.

I think those are the three most, the three biggest issues that we see and we're working with.

Thank you for taking us through that, Eric. Cloudflare has always built products with privacy and security at its forefront, right?

And Registrar is no different to that.

Can you change gears a bit and talk about what we are launching today, particularly with respect to Registrar?

Sure. So today we are super happy to announce that new registrations are available for everybody today.

We had launched a beta version of new registrations about a year ago.

You know, everybody's had access to transfer a domain name, manage a domain name, renew it, but we have not given everybody access to the new registration feature.

So today, as of today, everybody now should have access.

We welcome you. We want you to come in, test it out, search for a domain name.

There's a search tool where you can plug in your keyword or a specific domain.

We'll let you know whether that domain is available or provide you with some alternatives that you might want to register.

So that's the first part of the announcement. The second part of the announcement is we're starting support for the .UK TLV.

That's one of the most requested top level domains that we receive requests for.

It's one of the largest CCTLVs in the world.

We have a large number of our customers who use .UK domains today.

So we're very happy to announce that we are starting support for .UK domains.

Later today, we will be turning on the ability to transfer in a .UK domain.

And then in the next week or two, we will start offering new registrations in .UK as well.

So those are the two big announcements. And following on .UK will be some additional TLVs coming very soon as well.

This is really exciting.

I'm sure a lot of people who are listening in or who might see this later in the recording would be super thrilled.

Good to know that we are able to register new domains as well now.

That's amazing. I just want to talk about one of the key differentiators with Telstra Registrar, which is that there is no markup pricing, both before when we were just supporting transfer and now with the new registration as well.

So can you elaborate on that a bit? Sure. Yeah. So we run what we call an at-cost registrar.

And what we mean by that is the fee we charge our customers is the same fee we pay to the registries.

We don't mark up our domain fees at all. So unlike most registrars out there today, they have some kind of markup or profit that they're looking to make.

We have a different philosophy. We believe that the domain registration should be as affordable as possible.

It should be a part of just the stack of technology that you need to have an online presence.

So our philosophy is at-cost registrar.

You won't see us having any kind of crazy upsells or marketing ploys or anything like that.

The pricing is predictable. It may change if the registry changes their fees, which they do occasionally.

But generally, you'll see the exact same fee that we're paying to the registries.

That's incredible.

So we spoke about privacy, how it's built on the foundation of privacy and security, and how like all Cloudflare products, registrar is easy to use and then straightforward pricing.

That's good to know. Thank you for sort of elaborating on that.

Rob, I wanted to sort of change gears again and talk about some of the technical challenges that we have whilst building this.

Do you want to talk about that a bit?

Yes. Thank you, Apoorva. That's a great question. I'm happy to spend a little time on that.

So as Eric mentioned, new registration has been in beta for a while, and we initially offered transfer.

And transfers are, in some ways, a lot simpler because the domains already exist.

The customer likely already has an account with Cloudflare, and their zone setup is already there.

And the only thing to do to transfer is you have to manage their name servers.

And that's how we provide the protection to make sure that when a customer transfers in a domain, that we know that they own that domain, and it's not a player who's trying to act nefariously.

New registration created some new challenges for us. So essentially, everything has to be done from scratch.

So from initial search for domain, as Eric mentioned, we had to build a tool for that to say, hey, is this domain available?

Or to give a reasonable set of alternatives based on the name of the domain that the customer is searching for, and to make it easy to use.

And then there's the orchestration piece of it.

With transfers, a lot of things are already done. But we had to handle contacts for who is management, the zone creation and activation, interacting with the registry to provision the domain, and also the billing system integration.

So those are just some of the top level business items we had to handle.

And to make it easy to use, of course, you have an API that encapsulates most of that.

In addition, we added an address book capability so that when customers want to do multiple domain registrations, they get tired of typing.

So with an address book, they can just pre -fill once.

And every time they go in to create and register a new domain, they can easily do that.

And we also added some ability recently to make editing of your contacts a lot simpler.

So it used to be like it was kind of obscure and hard to do.

And we've made it much simpler by adding a tab where on your managed domain page, you can go look at your contacts.

You can edit them directly there.

And we'll make those changes on the customer's behalf if they need to customize something.

So that's a high level summary of the challenges that we faced and how we solved them.

OK, thank you. I was wondering if there were any particular challenges with the .uk implementation as well, if you want to take us through that a bit.

Sure. So .uk is an interesting case.

As Eric mentioned, different registries are supporting the same protocols in terms of using EPP as the way to interact with them.

But with the generic TLDs, they use a pull approach where you basically use an auth code to unlock the domain.

And you basically ask the winning registrar to basically pull that domain from the losing side.

On .uk integration, it works a lot differently. It's more of a push model.

So instead of basically using an auth code to basically unlock the domain, the customer basically goes to the losing registrar and says, hey, I want to push this domain to another registrar.

And they do that using a tag. So in the case of Cloudflare, for example, our tag is the string Cloudflare in all uppercase.

So they would go into whoever their registrar is and type that in and say, I want to send the domain to that registrar.

And then at that point, there's a different set of APIs that get used.

So we basically then have to wait for that request to arrive.

The .uk registry will send us a message saying, hey, somebody wants to transfer a domain to you.

And then we have to do the work to check if we're ready to accept that transfer.

So the customer has a little work to do to set up for that.

Basically, they have to at least come to Cloudflare and set up their account so that we know who they are.

And they also have to indicate that they're expecting to transfer a domain so that we have a way for the customer through the UI to say, hey, this domain is on its way over.

And when the domain arrives, we do the same security checks to make sure that that transfer is legal from an ownership perspective.

Because again, we don't want to accept transfers for domains that are out of the control of the customer.

So we check some basic things. We make sure that the transfer is expected.

We make sure that the name servers are set the way we expect.

And then it works pretty much the same. And we've worked really hard to make sure that the user experience is consistent for both generic TLDs as well as .uk.

And so reconciling these two different ways and trying to make it consistent was a challenge for us.

But I think we've done a good job to make that as consistent as possible.

Definitely. Thank you so much for taking us through that, Rob.

I was wondering, could we talk a bit about some of the upcoming TLDs that would be available?

I know there's a list and I know it's quite long.

I don't want us to cover everything. But then just to sort of give a taste of the timelines for the viewers and people who watch this a bit later, could either of you talk a bit about the timelines?

Sure. I can take that.

So in the next four weeks or so, we'll be rolling out over 40 new TLDs. Some of them are kind of small niche gTLDs.

And we're also rolling out some larger ccTLDs and ccTLDs that are marketed as gTLDs, which I'll explain in a moment.

And we'll be rolling these out each week.

Each week we'll make an announcement. There'll be a banner on the dashboard and also on our list of supported TLDs.

So some of the TLDs we're preparing to roll out are, in addition to .UK, which is coming out today, .US, .TV, .ME, which is a ccTLD, but often marketed as a gTLD, meaning it's used kind of in a generic capacity versus necessarily indicating it's from the country of Montenegro.

.CO, which is also a very large ccTLD that's marketed in a gTLD way.

It's very popular amongst the startup and entrepreneur community.

.BLOG is another one we'll be rolling out soon. .CLUB is a fairly good sized gTLD as well.

And then the others are starting smaller niche TLDs. And you should expect to see those in the next four weeks through the end of October.

Got it.

Thank you so much. And if folks who are watching this, if you're interested to know the complete list of TLDs, it's linked to the blog.

So please do check it out if you have any questions on that.

I wanted to change gears again a bit and talk about one other component of Registra, which is quite, quite famous, which is the custom domain production.

So I was wondering if you could talk a bit, give us an overview of what it is and what it does, Eric.

Sure. So as I mentioned earlier, this is actually one of the very first Registra products we had.

It was actually initially our only Registra product and it was intended to, and still is intended to protect high value, mission critical type domains, domains that may be frequently attacked or subject to someone trying to hijack or take over or steal a domain.

So what we developed was a product with multiple layers of security. And what we do is we, we apply registry locks.

So at the registry level, there's a, there's a set of locks that only a registry can apply.

And us as a registrar, we can't override it.

Although there is a mechanism for us to communicate through a two factor system to request the domain to be locked or unlocked.

So we, we acquire that service from a registry to put registry locks on.

And then we apply registrar locks, which are very similar to the registry locks, except we have more control over it.

And then we have an internal locking system that's, that's outside the registry and registrar locks are part of the EPP protocol.

But then we have another set of locks that are internal, but are completely separate from the EPP protocol.

And it essentially prevents any API calls in our system from, from working on that particular domain name.

And then we have another part component is that we actually removed the domain name itself, the domain registration from the UI.

So there is no UI access to that domain registration. And then lastly, we have what, where the name comes from is that we, the user that our customer provides us with a custom verification procedure, which is essentially any procedure they'd like us to follow when they want, when we receive a request to update or do something to that domain name.

So if we get a request, whether it comes in through an account manager or through support, we pull up that verification procedure and we follow those steps.

Sometimes that may be, you must confirm with three of the five people on this list.

It could be a two factor system.

There's various ways that it's being done today. And each customer establishes that themselves.

So again, it's a very niche product. It's it's on the high end.

It's primarily for our enterprise customers who have very sensitive or high value domains.

Got it. Thank you for taking us through that. I'm curious now.

So with the technical buildup of custom domain registration, similar to registrar, or is there any other differences that you'd like to highlight for the folks who are listening in?

So so the way the way I would characterize it is it's it's using our registrar platform, but it's a an additional security feature on top of the registrar platform.

It is very high touch. It is not a self-serve this type of product.

Everything we do from the initial onboarding, whether that's through a transfer primarily, occasionally a new registration to the way we secure it is very high touch.

It requires multiple teams to be involved. There's there's no way internally for one person or one team even to to do all the unlock all the services or lock all the services.

It requires multiple multiple teams to get involved.

And that's by design. So it's a very high touch white glove type service.

Got it. Thank you for taking us through that. And we've spoken about an overview of registrar so far and how it is being built with privacy and security as its foundation and some of the challenges in the world of domain registration itself.

And one of the key differentiator of cloud registrar, which is that that cost pricing model or that no markup pricing.

And these are really exciting for our audience to listen to.

And also, if people are looking for some new registration or transfer services, they should definitely check it out.

And I just wanted to change gears a bit and talk about what are the next things that's coming up for registrar?

What can the viewers expect? And we are hitting the five minutes mark.

And I want to request any of the audience who are listening in to ask any questions you have, because we will be reserving a few minutes to at the end to answer these questions.

But Eric, getting back to you, can we talk about some of the things that's what can we expect for registrar next?

Sure. Great question.

So we have a very full roadmap in the next in the next quarter. You can expect to see, in addition to the four year or so TLDs that we're launching, we'll be working on even more TLDs.

And we're starting to shift our focus away from the GTLD space, where we have most of the GTLDs implemented today.

There are still some remaining ones that we need to work on, but we'll be shifting a little more towards the ccTLDs.

We often get requests for ccTLDs. The Cloudflare customer base is highly diverse.

We have lots of customers from all over the world, and they use all kinds of TLDs today, not just the .coms or the generic TLDs.

So we're starting to focus towards some of the ccTLDs.

And some of the ones that we're actively working on right now include .de, .in, .au, to name just a few.

And one of the things I'm often asked is, why can't you just turn it on?

And unfortunately, I wish it were that simple, but it's not.

So for every TLD that we implement, even if it's a GTLD or ccTLD, there's a whole process we have to go through to turn on a new TLD.

And it starts with signing an agreement with the registry.

And that process alone can take weeks, depending on the legal teams and what issues may come up in that agreement.

Many of the TLDs, especially the ccTLDs, have very unique requirements to be a registrar.

Some ccTLDs require a local presence.

You have to have a physical office in that country. There are some TLDs that require that all the communication between the registrar and the registry be done in their language.

So all of those are challenges that we have to deal with, whether it's establishing a local presence or making sure communications are done in the language that they request.

And then there's the technical integration.

A lot of these ccTLDs have their own policies and their own perspective on how a TLD should be managed.

And so they have unique features and unique ways of doing things, just like we saw with .uk.

So there's a process of analyzing those requirements, modifying our registrar platform to accommodate those rules.

One of the things we're working on is a policy engine so we can have policies for each TLD in a more efficient way.

And then there's the testing.

You have to connect, test, establish a payment method. A lot of registries in the world, you actually prepay.

We often have to prepay for all the domain registration, so we have to establish a debit account with the registry.

So it's a process, and it can take, in an easy case, it may take us a week or two.

In a hard case, it may take us a couple months to integrate with one ccTLD or any TLD for that matter.

So that's one thing we're working on. The other thing we should expect to see is support for premium domains.

And premium domains are domains that are not standard in price.

So if a registry, for example, a .xyz or something like that, that their normal price is say $8 per year, they also establish a list of premium domains that they set at $500 per year or $1,000 per year.

Today, we don't support those in the registrar business, but that is coming soon.

We do now have the ability to have variable pricing on a per domain basis. So you should see that happening soon.

We also do get requests for internationalized domains.

Internationalized domains are domains that are not in ASCII. They're in essentially puny code.

And in our DNS, we support that today. In our registrar, we don't yet support it because we have to implement all the language tables, each TLD has a different language table.

But you should be seeing that coming soon as well.

Okay. Thank you so much, Eric and Bob. I guess we learned so much about domain registration overall and what Cloudflare registrar is and that we are headed to in the future.

So it's really, really, really exciting. And thank you for joining me for this session.

We're nearing the end. So, and for those of us who are just joining now, it's Cloudflare's 11th birthday this week, and we'll be announcing a series of releases, all designed to help build a better Internet.

Just wanted to let you know that there will be many more exciting announcements happening this week as we announce, as we go through the birthday week.

So we have exciting launches coming up.

I can't tell you what it is, but do stay tuned. And like I mentioned before, if you have any questions and you've not been able to ask now, feel free to drop in a note and we'll get back to you.

Thank you so much for tuning in.