1. Buying a Domain Without Overpaying
Most domains cost between $8-15 per year for common top-level domains (TLDs). If the total at checkout is significantly higher than that, additional products were likely added automatically.
For most people starting out, the only thing required is the domain name itself.
This guide covers what you’re buying, what you can safely skip, and how to complete the purchase without adding any additional services.
1.1. What is a domain?
Registering a domain is a time-bound lease under a specific top-level domain (TLD), such as .com, .net, or .org1. It does not include hosting, email, SSL, or website infrastructure. Those are separate services.
Domain registration lasts for a fixed term, typically one year, and must be renewed to remain active. Domain registrars often allow multi-year registrations or renewals. Pricing and discounts vary by provider.
See Domains and TLDs for more detail.
1.2. Declining additional services
Most registrars will offer additional services during checkout. For a basic domain purchase, you can safely decline:
- Paid SSL certificates
- Premium DNS services
- Website builders
- Hosting bundles
SSL certificates can be obtained for free (for example, via Cloudflare or Let’s Encrypt). Paid SSL at the registrar level is rarely necessary for personal or small self-hosted projects.
DNS hosting can also be free. Hosting itself is separate from domain registration.
1.3. Choosing a TLD
For most projects, a common TLD such as .com, .net, .me is sufficient. Some TLDs (such as .io, .ai, or other trend-driven domains) are often priced higher and may renew at significantly higher rates. Highly desirable names, short names, or clever TLD pairings may be priced as premium domains.
Before purchasing, always check both the first-year price and the renewal price. Use a domain search tool to explore affordable variations if your first choice is unavailable.
1.4. Choosing a domain name registrar
Not all registrars are equal. For self-hosting, prioritize:
- Transparent renewal pricing
- Free WHOIS privacy
- Clean DNS management interface
- Support for DNSSEC
- Easy nameserver changes
- Clear domain transfer process
Free WHOIS privacy is especially important. Without it, your name, address, and contact information may be publicly accessible in domain registration records.
Jurisdiction may matter depending on your goals. The registrar’s legal location determines which privacy and data laws apply.
For most personal projects, this will not materially affect operation. For users prioritizing sovereignty or privacy principles, choosing a registrar outside the United States may be preferable. Even if your registrar is outside the United States, many TLD registries (such as .com) are operated by U.S.-based entities. Moving registrars reduces exposure but does not eliminate it.
Here is a starter list of domain name registrars, grouped by jurisdiction.
| Registrar | Based In | Free WHOIS | DNSSEC | Notes | Good For |
|---|---|---|---|---|---|
| Porkbun | United States | Yes | Yes | Transparent pricing, simple DNS | Most self-hosters |
| Namecheap | United States | Yes | Yes | Beginner-friendly, upsells at checkout | First domain |
| Hover | Canada | Yes | Yes | Clean UI, minimal upsell | Simplicity-focused users |
| Gandi | France (EU) | Yes (GDPR) | Yes | EU jurisdiction, stable platform | Long-term infra |
| Cloudflare | United States | Yes | Yes | At-cost pricing, requires Cloudflare DNS | Users planning to use CF anyway |
Cloudflare requires you to use its DNS platform. For some users this simplifies setup. For others who prefer separating registrar and DNS provider, a traditional registrar may be a better fit.
1.5. Renewal and Auto-Renew
Domain registration is an ongoing cost. If a domain expires, services tied to it will stop working. Enable auto-renew if you plan to keep the domain long term. Ensure the payment method on file is current.
Losing a domain due to expiration can be difficult and expensive to reverse. Each domain registrar will have their own policy on domain expiration and recovery periods but they are in part governed by ICANN policy2.
1.6. DNSSEC Support
If you plan to enable DNSSEC, confirm that both your chosen TLD and your registrar support it.
DNSSEC allows DNS responses to be cryptographically validated3, reducing certain types of spoofing and cache poisoning attacks.
Support varies by TLD and by registrar. Some registrars allow you to manage DNSSEC records directly, while others do not.
See DNS Mechanics for a deeper explanation of how DNSSEC works.
Next Steps
Once your domain is registered, the next step is configuring DNS and pointing it to a service.
Continue to From Localhost to Public Service to publish your first service safely.
Mockapetris, P. “Domain Names - Concepts and Facilities.” RFC 1034, November 1987. https://www.rfc-editor.org/rfc/rfc1034 ↩︎
ICANN Expired Registration Recovery Policy (ERRP), https://www.icann.org/resources/pages/errp-2013-02-28-en ↩︎
Arends, R., et al. “DNS Security Introduction and Requirements.” RFC 4033, March 2005. https://www.rfc-editor.org/rfc/rfc4033 ↩︎