Sav Blog

A Guide to Domain Name Locks

Written by Luca Harsh | March 23, 2022

What are Domain Locks?

Domain Locks prevent unauthorized changes to domain names by preventing deletions, transfers, and updates. They were first introduced in the .COM top level domain in response to domain name hijacking and other similar problems. Today, they can apply to any TLD and are a major part of ICANN policy. 

 

If you’ve ever performed a WHOIS lookup, you’ve probably seen phrases like “ClientTransferProhibited” and “ServerUpdateProhibited,” but what do they mean? Let’s break it down!

Important Definitions

If the phrase “ICANN mandates locks at the registrar level” means nothing to you, let’s pause for some definitions you’ll need later. 

Registry: a company that manages a TLD. Registries create TLDs, set guidelines for using them, and control the rights of registrars to sell domains with these TLDs. Some examples of registries include:

Verisign .com, .net, .name, .cc, and .tv

Afilias .org, .ngo, and several country codes

Neustar .biz, , .us, .co, .nyc, and .in

Donuts .info and 200 other descriptive TLDs

Registrar: a site where users register, purchase, and manage domains that they own. Registrars are a middleman between registries and customers. Some examples of registrars include:

  • Sav (that's us!)
  • Google Domains
  • GoDaddy
  • Namecheap
  • Dynadot
  • Porkbun

Registrant: a person who registers a domain. It is the industry term for the owner. 

Top Level Domain (TLD): the part at the end that comes after a dot. They are sometimes colloquially referred to as domain extensions.

Examples of TLDs include:

  • .com
  • .net
  • .us
  • .co
  • .fish
  • .ninja
  • .biz

WHOIS: A record of domain registration details including: 

  • The registrar and registry
  • The expiration date
  • The registrant’s contact information
  • Any locks placed on the domain
  • Domain transfer status

This information for any domain can be viewed with a WHOIS lookup. 

Nameservers: Computers understand instructions through long strings of numbers called IP addresses. Nameservers translate the information humans type into browsers into IP addresses and direct information through the internet. 

DNS: The Domain Name System (DNS) routes web traffic and emails for a domain to the server that hosts the content. This allows your visitors  to load content or send emails without having to memorize IP addresses or any technical details. 

ICANN: the governing body of the internet and the domain industry. Short for Internet Corporation for Assigned Names and Numbers. 

What Are the Kinds of Domain Locks?

There are two categories of domain name locks that you can see on a WHOIS record:

Registrar Locks (client)

Registry Locks (server)

Both client and server locks add security to domain name operations. There are three different modifications they can prevent: 

Delete Prohibited – Prevents a domain name from being deleted or lapsing. 

Transfer Prohibited – Prevents  unauthorized transfers away from the current domain name registrar or registry. 

Update Prohibited - Prevents WHOIS modifications, including name server changes

Registrar Transfer Lock

ClientTransferProhibited

This lock prevents domain name transfers. ICANN requires this lock to be placed on all domains with generic TLDs by default and the domain owner must remove it if they want to transfer their domain to another registrar.

The registrar transfer lock will not prevent DNS hijacking or malicious lapses. 

Full Registrar Lock

A full registrar lock includes the following locks at the same time: 

  • ClientDeleteProhibited
  • ClientTransferProhibited
  • ClientUpdateProhibited

This series of registrar locks offers additional safeguards for your domain. However, since they’re still managed by the registrar, these locks don’t prevent malicious actions at a registry level. 

Full Registry Lock

A full registry lock includes the following locks at the same time: 

  • ServerDeleteProhibited
  • ServerTransferProhibited
  • ServerUpdateProhibited

Enabling all of the registry lock options offers a much higher level of protection than registrar level locks. Even if the registrar has been compromised, registry locks can protect you by dismissing their requests.

Other Domain Security Measures

Domain locks aren’t the only way to keep your domain names safe from hackers. Consider these additional features that Sav offers free of charge: 

DNSSEC

DNSSEC records are used to ensure that the DNS records being served to a user for a domain are from the intended DNS server using a public/private key cryptography.

SSL Certificates

A Secure Sockets Layer (SSL) is a security protocol that encrypts and privatizes all traffic between a web browser and a web server. Having SSL enabled is highly recommended when transmitting any private information and has a Search Engine Optimization (SEO) benefit when enabled on all pages.  

Two-Factor Authentication

At domain registrars, two-factor authentication applies to much more than logging in to your account. It also requires you to submit a code before

  • Transferring your domain
  • Deleting your domain
  • Updating your nameservers
  • Approving and Rejecting outgoing transfers

Unlocking Your Domain

If you would like to transfer a locked domain to another registrar, you can remove a registrar transfer lock from your registrar account. If you have Two-Factor Authentication enabled on your account you may need to enter a code to verify your identity when unlocking domains. To remove registry locks, contact the registry in question’s customer support team. 

How Sav Can Help?

With features like 

  • Wide domain name selection
  • Low prices
  • 4% commission rate
  • Free SSL and WHOIS privacy
  • An affordable website builder
  • DNS powered by CloudFlare 

…we’ve got what it takes to be your preferred place for buying and selling domains. Start selling today!