>I would far rather deal with Google than GoDaddy

Would you rather deal with Google as opposed to Namecheap? A great company with superb support that specializes in nothing but domain names and dedicated hosting?

I wouldn't.

NameCheap still doesn't even have DNSSEC.

People have been asking for, what, five years now?

If you register a domain with Google Sites you have have a choice: Enom or Godaddy.

Perhaps that has changed.

Try Hover. Customer support is great and there's zero up-selling when buying a domain. It's a couple dollars more than GoDaddy but more than worth it.

Domain name registrar like Hover, NameCheap, NameBright and NameSilo still do not yet support DNSSEC (nor have an ETA for it!). Here is a list of DNSSEC supporting registrars: https://www.icann.org/en/news/in-focus/dnssec/deployment

Based on pricing ($9.99/.com) and a growing irritation with GoDaddy, I finally moved my domains to Dynadot:

https://www.dynadot.com/

They have a (custom) 2FA app and 2FA SMS. BTW this friend referral https://www.dynadot.com/?s9N6j7d9G8B07i73 gives you & me $5 after purchase.

That registrar list is way out of date. Sadly, none of the entities involved nor historical list maintainers have made it easy to find an updated one, but if they did, Joker would be on it.

https://joker.com/faq/content/6/461/en/dnssec-support.html

It was one of the few lists I found. Although the url redirects to an url containing 'deployment-2012-02-25-en' the page actually states 'Last updated: 27 May 2014', so it's not so out of date.

    If your registrar currently accepts DS records, please 
    send an email with subject "DNSSEC REGISTRAR UPDATE" 
    and body containing company name, country location, URL,
    what TLDs you accept DS records for, whether your Web
    interface supports DS records, whether you provide 
    DNSSEC signing services to dnssec@icann.org and the 
    Security team will add your registrar to this DNSSEC
    page.

Are you doing anything interesting with DNSSEC?

Take a look at the RFCs coming out recently. DANE, in particular.

DNSSEC is an important trust root that can be used to pin certificates in addition to PKIX (CAs), or, in some practical cases (such as mailservers), instead of them.

Are you still running Telnet?

So you have deployed DNSSEC and are actively using DANE?

FWIW, I left Namecheap for GKG.net for the sole reason that Namecheap didn't support DNSSEC. And yes, I have deployed DNSSEC and DANE. On https for emailprivacytester.com, and on https, smtp, imap and xmpp for grepular.com.

Neat. It's probably difficult to tell but do you have any idea what usage is like?

I'm guessing for DNSSEC, the usage is probably low and for DANE it's probably almost non-existant.

FWIW, I use the Firefox addon "DNSSEC Validator" (also does DANE) - https://www.dnssec-validator.cz/ - So if somebody managed to MITM my connection and insert a different, but still trusted, cert in the way, I'd notice.

DNSSEC/DANE would probably see a lot more adoption if one or more of the main browsers did this sort of validation by default.

gkg.net supports a restful api to update DNSSEC DS records https://www.gkg.net/ws/ds.html FYI

Was this reply destined to https://news.ycombinator.com/item?id=7934758

(Slightly confused by this board.)

Dynadot doesn't support .io, looks like?

Correct, no .io support.

Hover is without a doubt the best domain registrar I've dealt with.

e: nevermind they fixed it

I would rather deal with DNSimple than Google.

You have a strange definition of "support"

I had this experience when trying to verify my Google Wallet account and my Google Music membership due to their failures with Google Wallet. I had no way to pay for Google services for over a year. I also had problems upgrading my Google Drive disk space at some point, and it was again a matter of throwing an email into a hole and waiting for the problem to be fixed with very little feedback.

Others with the same issues:

https://www.google.com/?gws_rd=ssl#q=google+wallet+account+v...