The fact that private entities can monopolize gTLDs, including words that aren't even made-up or reasonably copy-written (e.g. the MAN group in Europe owns .man) was an embarrassing and dishonorable decision by ICANN. I'm all for having tons of weird, awesome gTLDs, and I'm even for brand-specific gTLDs like .google, but the cost these entities should incur by asking for one to be created is: Anyone can use it.
1. A set number of slots should be opened every 10 years (e.g. 250 new gTLDs every ten years).
2. Entities submit bids for the gTLD slots, in terms of dollars. The 250 highest bids win.
3. If your entity wins a slot, you submit the gTLD you want, and there's a public comment period where claims against the gTLD being created are heard (e.g. if you own the copyright in some jurisdiction and someone else is trying to register it, submit a claim).
4. If it passes, your entity is allowed to register a set number of TLDs on the gTLD (e.g. 100) before anyone else gets access. This is what you bought: The fact that the gTLD exists, and the first 100 domain names on it without competition).
5. It then becomes a real gTLD.
Some variant of this is how it always should have worked, and entities like Google should be forced into a sophie's choice: They could fight .google indefinitely, win, and it'll never become a gTLD, or they could sponsor it, claim the first N domain names, but otherwise make it available to everyone. Of course, they might actually have valid jurisdictional claims against anyone else who tries to register a .google domain on copyright grounds, so maybe they fight and win in the courts against anyone who tries to use it; but the point is that it shouldn't be ICANN's decision.
Daviey · 2h ago
What should happen with the proceeds of the sales?
Is the highest bidder really the best custodian of a tld?
Why have a quota of, as you say, 250 every 10 years? What does this do to help, what issues does it address?
righthand · 1h ago
Quotas are sometimes applied to create value of a simple asset aka scarcity (or a bureaucrat tax). Think limited number of taxi medallions or street vendor or liquor licenses. That makes the medallion/license/gtld hold value.
JoshTriplett · 1h ago
> Think limited number of taxi medallions or street vendor or liquor licenses.
Those are not particularly compelling examples in favor of such a thing.
righthand · 1h ago
I’m not making an argument for quotas, just explaining why they usually are included. It’s a cheap way to add “market” value to something aka scarcity.
The issue would occur in the suggested system when ICANN decides to one day stop creating 250 domain names down to 25 domain names or some such change that increases the value of the gtlds to ridiculous numbers only the wealthy/well-connected can afford.
Daviey · 43m ago
Why is the goal to artificially increase the value of tld's?
burnt-resistor · 40m ago
The cost for a gTLD used to be $1-2 million USD. I wonder if it is still the same pay-to-play racket for rich people and corporations.
sidewndr46 · 2h ago
how can someone copyright a TLD?
hkt · 1h ago
He probably means trademark, eg, .google
carl_dr · 3h ago
Genuine question: why “blame”? Does it really matter?
postquantumfax · 3h ago
DNS allows search so we really should have started rejecting everything that isn't qualified with an end dot as punishment to ICANN.. Instead random common names might be treated differently on every network to make sure these people can't issue certs that will be trusted for them in your own network, etc.
Now prioratizing unambiguos naming would be somewhat acceptable if ICANN was tacobell and just a steward of naming on the side.
dc396 · 2h ago
I'm not sure what you mean by "DNS allows search" -- by the usual definition of "search", the DNS doesn't: it is a lookup mechanism. I'm also not sure who "we" are in your idea or what you mean by "qualified with an end dot": all domains that get looked up implicitly have a "." (a zero length label that signifies the end of the query name) if it isn't explicit.
postquantumfax · 2h ago
resolv.conf-> search
If you are not a consumer on an ISP emulating dialup it is quite likely that a popular name in a naming convention I.e. 'mercury' resolves to something for you and something for someone at a different firm (mercury.intranet.[firm].not-so-stupid-tld). A cert is possibly not a fully qualified one so when ICANN gives away mercury you need to append .asshat to everything ICANN names.
(Two firms have an unambiguous situation because they don't trust each others private roots but they both trust a cert issued for the public trust as a fqdn which is why TLDs expanding is a form of theft/breakage against every intranet..)
dc396 · 1h ago
Ah, resolver (not DNS) search paths. They were a really bad idea that can and do lead to leaked queries that can result in all sorts of unpleasantness and risks.
As for certs, AFAIK, you can't get a certificate for a non-fqdn from a public CA since 2015.
arcfour · 1h ago
Run your own DNS then, if you're using your own DNS? Why are your queries for internal systems leaking out to the internet?
postquantumfax · 1h ago
If icann sells www as a tld domain then your use of www as a machine name you may refer to unqualified is a risk because virtually every piece of software in the world respects public issuance until you delete it all if you can.
The DNS naming confusion was largely dealt with by having a small number of TLDs and rarely referring to complex things like partially specified subdomains, but every once in a while a fool named their machine com, org, or net. (Though these as subdomains were far more toxic.)
dc396 · 1h ago
You might want to look at the "domain" directive of resolv.conf and the concept of "split horizon DNS".
postquantumfax · 29m ago
I've done plenty of interesting things but a distributed correction attempt for ICANN's incompetence is never going to be adequate. You can read their own work on gTLDs in the past to know they understand this.
dc396 · 7m ago
Accusing ICANN of incompetence when you can't be bothered to configure your DNS to avoid leaking queries to the root is an interesting approach.
sidewndr46 · 2h ago
all the ISPs I've used just resolve any possible DNS query to an IP anyways, so I'm not really sure what it matters
ahoka · 3h ago
Hot take: TLDs should not exist but parking domains should not be allowed.
hsbauauvhabzb · 1h ago
And cost if domains should increase near exponentially with the more you own. One domain? $10/year, two domains: $50, three: $250, etc.
ionwake · 3h ago
yes blame. ofcourse it matters. tld use to be good insight into the purpose of the website. IE, google.com, or wikipedia.org
justusthane · 3h ago
With some exceptions (.gov, .edu, for example), it has never actually meant anything. Anyone can register a .com, .net, or .org for any purpose.
jrflowers · 3h ago
Those tlds still exist. The existence of butts.adult doesn’t create confusion about oxfam.org
Spamming up namespaces for "commercial" purposes is never a good thing.
lysace · 3h ago
Time for another DNS root system. Maybe. /s
JdeBP · 3h ago
The Open Root Server Confederation has long since been wound up. But some of the other alternative root servers are still around even now. One example:
Presumably, they submitted a gTLD application to ICANN and paid the — at the time — USD$180k evaluation fee. They likely also made arrangements with some existing registrar to host the actual name servers, rather than doing so themselves.
They have as good a claim to a TLD as Berlin, if not more.
maxbond · 3h ago
There's also .va for the Vatican and .lds for the Mormon faith (and .mormon), and more generic Christian ones like .church. I didn't find any for other religions on a casual search, perhaps because many of them don't have the same degree of centralization.
dc396 · 2h ago
.VA is a country code TLD, assigned because it is listed in ISO-3166. The others are "generic top-level domains" which had to go through ICANN's new gTLD program, which has a lot of rules (338 pages of them for the 2012 round) and costs a lot of money (US$185K to start with recurrent fees dependent upon the number of registrations). I suspect it isn't about centralization, but rather about perceived cost/benefit ratios.
True but I don't think the distinction matters to the overall point that it's perfectly ordinary for religious institutions to operate a TLD, regardless of the mechanism that allows for it.
kevin_thibedeau · 2h ago
Vatican City is a theocracy, not a religion. You'd technically have to add .uk and many more to the list if you're broadening to all nations with a state religion.
maxbond · 1h ago
It's the central bureaucratic/theocratic function of a major world religion which, it just so happens, is organized as a micronation instead of as a foundation or something like that. The primary function of the UK is not to run the Anglican church, nor is their king generally thought of as their primary leader.
So, a quite expensive domain hack? Are they trending again? There's even a list on domainhacks.club
maz1b · 25m ago
FWIW, Google owns .gle, and I emailed both Sundar Pichai and Charleston Registry, but no response of any kind.
My startup is called MedAngle, and we'd love to get medan.gle, but it just left a sour taste in my mouth. Some of these processes are giant black boxes.
uz3snolc3t6fnrq · 3h ago
.george is a pretty funny one. apparently Walmart owns it, so you probably won't be able to register a .george domain any time soon.
do companies even use these in the wild or are they buying these TLDs for nothing? ".brother", ".canon", ".nokia", ".panasonic", ".playstation", ".xbox", ".xerox"... there's even ".sandvikcoromant", which is some sort of Swedish metalwork company.
Amazon/AWS use them (.aws), so does Google (.google) but I agree, it is pretty funny how many companies seemed to get on board (out of fear of being left out?) and then...didn't use them for some reason?
0x3f · 1h ago
Google does use theirs for public-facing landing pages even [1], just not uniformly, but that's very on-brand for Google as an org.
George is the clothing brand of the ASDA supermarket chain in the UK, which Walmart used to own. I'm not sure if it's a brand they use worldwide though; I don't really go to Walmart when in the US. Either way, that's why they own it, presumably.
I find the the Dutch Bauhaus website ridiculously unnecessary: https://nl.bauhaus
steviedotboston · 30m ago
The Ismaili leaders are super influential and have connections everywhere. They are megawealthy socialites. Basically they wanted the TLDs so they knew who to talk to to make it happen.
andunie · 3h ago
Wasn't it better when only .com mattered? There are thousands of TLDs now and that forces companies to buy multiple, these domain names are not even memorable anymore specifically because of the TLD part.
dc396 · 2h ago
Well, it depends. If all you were interested in was getting a "good" (e.g., short) name in .COM, no.
In the late 90s, when NSF allowed Network Solutions to charge for domain names, people complained that they (now Verisign) had a monopoly, so after a number of fine lunches and dinners in far off exotic places (see https://en.wikipedia.org/wiki/IAHC), there was a proposal to create more top-level domains, created the registry/registrar split, proposed the Uniform Dispute Resolution Policy (primarily for Intellectual Property owners), etc. Then, the US government stepped in and started a process that led to the creation of ICANN.
The whole point of this exercise was to introduce competition into the domain name system. It did with the registry/registrar split and tried with the registries by having multiple rounds of a limited number of new top-level domains. However, the latter was kind of stupid (IMHO): the switching costs for changing TLDs is way too high for the existence of new TLDs to significantly impact Verisign's monopoly -- instead, it created a bunch of monopolies.
However, people weren't happy with the "limited number" part of ICANN's efforts to introduce competition in the TLD space, so in 2012, the ICANN community (which anyone can be a part of) opened the flood gates, removed the arbitrary restrictions on how new top-level domains could be created, and we now have over 1500 TLDs.
subarctic · 3h ago
.calvinklein, .homedepot - how do these things get created, can you just go to namecheap.com and make your own tld?
input_sh · 3h ago
If you pay ICANN hundreds of thousands of dollars, you can get basically any .word domain.
I believe the only actual requirement is that it has to be 3 characters or longer, as two characters are reserved for countries.
derefr · 3h ago
Actually, no — it's an evaluation fee, simply to review your application; and they will reject applications that don't meet their criteria.
One of those criteria is that you actually do something with the gTLD — per their FAQ:
> ICANN expects all new gTLDs to be operational. One of the reasons ICANN is opening the top-level space is to allow for competition and innovation in the marketplace. The application process requires applicants to provide a detailed plan for the launch and operation of the proposed gTLD. gTLDs are expected to be delegated within one year of signing a registry agreement with ICANN.
- They will reject applications made by known cybersquatters
- They will reject your TLD string if it has rendering problems on major OSes (e.g. if its codepoints aren't covered by at least fallback fonts)
- They will reject your registration policies if they're incoherent or unenforceable
- They will reject your application on behalf of a community if you can't provide sufficient references establishing that you actually represent the interests of that community
- They will reject your application if you haven't outlined to their satisfaction a plan for continuity/migration of control of the gTLD from your organization to some other organization in case of the bankruptcy/dissolution/etc of your organization (note: this is a separate thing from the technical considerations of registry fail-over et al, which are more something that most applicants would have a technical registry partner fill out on their behalf)
---
In all, the process actually seems quite thorough — but as with regular domain-name registration, it's a default-accept, not a default-deny, policy. The more arbitrary gTLDs that have been established so far all just-so-happen to be "innocent" of all of the disqualifiers.
Specifically, I think, given the criteria, that any multinational company could probably expect to be able to acquire its own name and trademarks as gTLDs without much fuss; and recognized leaders/stewards of any major religion (or other non-country-endemic sociocultural group) could likely get any jargon term specific to that religion/subculture as a gTLD. Those two cases together cover most of the "weirdness" in approved applications.
One assertion I might make after reviewing the evaluation criteria, is that very few of the criteria look at the gTLD string itself. Almost any gTLD string is a potentially valid registration. Almost all of the evaluation process is set up to establish whether you, the applicant, have a valid claim for stewardship over the given gTLD string.
eastbound · 3h ago
Application fee with ICANN: $185k, non-refundable,
Yearly fee: $25k
Technical backend with Verisign: $200k per year
Add maybe $100k of lawyer fees.
culi · 32m ago
What happens when a company goes under and the yearly fee can no longer be paid? Has a gTLD ever been resigned?
h4ck_th3_pl4n3t · 3h ago
Imagine having the domain cyber[.]threat
Would be kind of cool, most attacked domain on the web, probably
input_sh · 3h ago
I think my top three worst ideas someone actually paid hundreds of thousands of dollars for are .sucks, .ooo, and .hiv.
TLDs were a mistake. We should just get rid of them and have the person's domain at the top level. E.g. instead of news.ycombinator.com have just news.ycombinator
whatsupdog · 3h ago
How did .catholic and .church get their own gTLDs?
hn_go_brrrrr · 3h ago
Someone paid to register them.
GauntletWizard · 3h ago
All it takes for a TLD these days is a vaugely-legitimate use and about a million dollars[1]. This isn't hard for a large company or state actor to fund; Why would a
mid-large religion not be able to?
And a time machine. Applications were due in 2012. A new round is starting soon, but it's not clear if it's going to be continuous, or if it will be a single application period again.
andunie · 3h ago
Such a stupid system.
ChrisArchitect · 2h ago
Ask HN:
jlarocco · 2h ago
Is there even a good reason to have TLDs at this point?
dc396 · 2h ago
The DNS is hierarchical. How would you replace TLDs?
withinboredom · 31m ago
namebase.io if you want a crypto backed one.
aerodog · 3h ago
Seriously - how did that go down?
dundarious · 44s ago
It would be helpful if you would explain why you think it is surprising or confusing or objectionable or whatever else inspired you to ask. Also helpful would be examples that you think are similar in some way, but that are not surprising, etc.
As is, your question is practically impossible to answer without just pointing you to the ICANN process.
Blame ICANN for allowing any public or private organization who can meet the requirements to buy and operate a gTLD back in 2012: https://newgtlds.icann.org/en/applicants/global-support/faqs...
And as per another comment in this thread, they’re doing another round of this in 2026: https://news.ycombinator.com/item?id=45068328
1. A set number of slots should be opened every 10 years (e.g. 250 new gTLDs every ten years).
2. Entities submit bids for the gTLD slots, in terms of dollars. The 250 highest bids win.
3. If your entity wins a slot, you submit the gTLD you want, and there's a public comment period where claims against the gTLD being created are heard (e.g. if you own the copyright in some jurisdiction and someone else is trying to register it, submit a claim).
4. If it passes, your entity is allowed to register a set number of TLDs on the gTLD (e.g. 100) before anyone else gets access. This is what you bought: The fact that the gTLD exists, and the first 100 domain names on it without competition).
5. It then becomes a real gTLD.
Some variant of this is how it always should have worked, and entities like Google should be forced into a sophie's choice: They could fight .google indefinitely, win, and it'll never become a gTLD, or they could sponsor it, claim the first N domain names, but otherwise make it available to everyone. Of course, they might actually have valid jurisdictional claims against anyone else who tries to register a .google domain on copyright grounds, so maybe they fight and win in the courts against anyone who tries to use it; but the point is that it shouldn't be ICANN's decision.
Is the highest bidder really the best custodian of a tld?
Why have a quota of, as you say, 250 every 10 years? What does this do to help, what issues does it address?
Those are not particularly compelling examples in favor of such a thing.
The issue would occur in the suggested system when ICANN decides to one day stop creating 250 domain names down to 25 domain names or some such change that increases the value of the gtlds to ridiculous numbers only the wealthy/well-connected can afford.
Now prioratizing unambiguos naming would be somewhat acceptable if ICANN was tacobell and just a steward of naming on the side.
If you are not a consumer on an ISP emulating dialup it is quite likely that a popular name in a naming convention I.e. 'mercury' resolves to something for you and something for someone at a different firm (mercury.intranet.[firm].not-so-stupid-tld). A cert is possibly not a fully qualified one so when ICANN gives away mercury you need to append .asshat to everything ICANN names.
(Two firms have an unambiguous situation because they don't trust each others private roots but they both trust a cert issued for the public trust as a fqdn which is why TLDs expanding is a form of theft/breakage against every intranet..)
As for certs, AFAIK, you can't get a certificate for a non-fqdn from a public CA since 2015.
The DNS naming confusion was largely dealt with by having a small number of TLDs and rarely referring to complex things like partially specified subdomains, but every once in a while a fool named their machine com, org, or net. (Though these as subdomains were far more toxic.)
https://wiki.opennic.org/opennic/dot
They may or may not have then had the evaluation fee refunded to them, under the Applicant Support Program (https://newgtldprogram.icann.org/en/application-rounds/round...).
(https://ismaili.imamat/#introduction)
The Aga Khan is the leader of the Ismaili Imamat.
They have as good a claim to a TLD as Berlin, if not more.
https://en.m.wikipedia.org/wiki/.uk
(Or did I miss an "/s"?)
So, a quite expensive domain hack? Are they trending again? There's even a list on domainhacks.club
My startup is called MedAngle, and we'd love to get medan.gle, but it just left a sour taste in my mouth. Some of these processes are giant black boxes.
https://icannwiki.org/.george
do companies even use these in the wild or are they buying these TLDs for nothing? ".brother", ".canon", ".nokia", ".panasonic", ".playstation", ".xbox", ".xerox"... there's even ".sandvikcoromant", which is some sort of Swedish metalwork company.
Canon does use .canon for a few things, at least.
Where have you seen .aws in use though?
[1] e.g. https://quantumai.google/
https://icannwiki.org/.agakhan
https://icannwiki.org/.ismaili
https://icannwiki.org/.imamat
In the late 90s, when NSF allowed Network Solutions to charge for domain names, people complained that they (now Verisign) had a monopoly, so after a number of fine lunches and dinners in far off exotic places (see https://en.wikipedia.org/wiki/IAHC), there was a proposal to create more top-level domains, created the registry/registrar split, proposed the Uniform Dispute Resolution Policy (primarily for Intellectual Property owners), etc. Then, the US government stepped in and started a process that led to the creation of ICANN.
The whole point of this exercise was to introduce competition into the domain name system. It did with the registry/registrar split and tried with the registries by having multiple rounds of a limited number of new top-level domains. However, the latter was kind of stupid (IMHO): the switching costs for changing TLDs is way too high for the existence of new TLDs to significantly impact Verisign's monopoly -- instead, it created a bunch of monopolies.
However, people weren't happy with the "limited number" part of ICANN's efforts to introduce competition in the TLD space, so in 2012, the ICANN community (which anyone can be a part of) opened the flood gates, removed the arbitrary restrictions on how new top-level domains could be created, and we now have over 1500 TLDs.
I believe the only actual requirement is that it has to be 3 characters or longer, as two characters are reserved for countries.
One of those criteria is that you actually do something with the gTLD — per their FAQ:
> ICANN expects all new gTLDs to be operational. One of the reasons ICANN is opening the top-level space is to allow for competition and innovation in the marketplace. The application process requires applicants to provide a detailed plan for the launch and operation of the proposed gTLD. gTLDs are expected to be delegated within one year of signing a registry agreement with ICANN.
A few highlights from the full evaluation criteria (https://newgtlds.icann.org/sites/default/files/evaluation-qu...):
- They will reject applications made by known cybersquatters
- They will reject your TLD string if it has rendering problems on major OSes (e.g. if its codepoints aren't covered by at least fallback fonts)
- They will reject your registration policies if they're incoherent or unenforceable
- They will reject your application on behalf of a community if you can't provide sufficient references establishing that you actually represent the interests of that community
- They will reject your application if you haven't outlined to their satisfaction a plan for continuity/migration of control of the gTLD from your organization to some other organization in case of the bankruptcy/dissolution/etc of your organization (note: this is a separate thing from the technical considerations of registry fail-over et al, which are more something that most applicants would have a technical registry partner fill out on their behalf)
---
In all, the process actually seems quite thorough — but as with regular domain-name registration, it's a default-accept, not a default-deny, policy. The more arbitrary gTLDs that have been established so far all just-so-happen to be "innocent" of all of the disqualifiers.
Specifically, I think, given the criteria, that any multinational company could probably expect to be able to acquire its own name and trademarks as gTLDs without much fuss; and recognized leaders/stewards of any major religion (or other non-country-endemic sociocultural group) could likely get any jargon term specific to that religion/subculture as a gTLD. Those two cases together cover most of the "weirdness" in approved applications.
One assertion I might make after reviewing the evaluation criteria, is that very few of the criteria look at the gTLD string itself. Almost any gTLD string is a potentially valid registration. Almost all of the evaluation process is set up to establish whether you, the applicant, have a valid claim for stewardship over the given gTLD string.
Yearly fee: $25k
Technical backend with Verisign: $200k per year
Add maybe $100k of lawyer fees.
Would be kind of cool, most attacked domain on the web, probably
https://icannwiki.org/New_gTLD_Program:_Next_Round
[1] https://newgtldprogram.icann.org/en/resources/faqs#6
As is, your question is practically impossible to answer without just pointing you to the ICANN process.