Sunday, July 2, 2017

Why transfer domains from NameCheap to Route 53

TL;DR: it’s cheaper if you want WhoisGuard and use Route 53 as registrar only. Longer answer with caveats and additional justifications below.

Price comparison

From the purely financial point of view, if you’re planning to hold on to a .com domain for more than a year and wish to protect your contact information with WhoisGuard, NameCheap will cost you:
$13.75 => $10.69 (renewal) + $0.18 (ICANN fee) + $2.88 (WhoisGuard)
Buying a .com from Amazon Route 53 Domains currently costs:
$12.00 => already including ICANN fee and Whois privacy

Caveats

If you want privacy and cost savings offered by Amazon Route 53 Domains, you must use free 3rd party DNS hosting (Cloudflare, NameCheap, etc.) and watch out for your local sales taxes.
  1. If your billing address is in jurisdiction requiring Amazon to charge you sales tax (VAT, GST, HST, PST, etc.), you will have to pay that on top. Check what taxes may apply to you first.
  2. If you’re not using your hosting provider’s name servers, you will need to setup a public hosted zone in Route 53, which will cost you around $0.50 per zone per month.
  3. Any DNS queries resolved by the hosted zone will cost you under $0.04 per 100,000 queries per month.

Justifications

Switching to Route 53 offers better security, better record management API, better portability, advanced DNS features, great price and similar no-nonsense renewal process — ideal for seasoned sysadmins.
I originally moved my domains from GoDaddy to NameCheap because of great prices and no-nonsense renewal process. So why go through effort of moving your domain from NameCheap to Route 53, and potentially having to setup separate DNS hosting account only to save $1.75 per year?
  1. Automation. NameCheap’s API is not very good for managing large number of records. Cloudflare and Route 53 APIs are, and they are also very well supported by Infrastructure as Code tools like Ansible and Terraform.
  2. Advanced DNS features. If you’re managing a more complex cloud infrastructure, you might want to pay a bit more for hosted zone and gain additional Route 53 features, like DNS routing policies, health checks and failover.
  3. Portability. Surprisingly, transferring domains from NameCheap took more effort than from GoDaddy! I had to open a support ticket to export my zone files, and NameCheap confirmation emails and docs implied that it takes 5 days for domain transfer to complete, while in reality it can be done on the same day.
  4. Price. $1.75 could add up to a sizeable amount when you have multiple domain names.
  5. Better security. NameCheap supports only SMS-based MFA, which is easy to intercept and therefore insecure. I don’t know why NameCheap still hasn’t added support for software tokens like Google Authenticator or Authy.