Glossary
Direct definitions of every term you'll meet running domains. No filler. 137 of 137 terms loaded.
#
A
A recordDNS record that points a domain name to an IPv4 address.AAAA recordDNS record that maps a domain to an IPv6 address; the IPv6 equivalent of an A record.abuse complaintA complaint alleging illegal or prohibited content on a domain; registrars and hosts respond (or don't) at their own discretion.abuse deskA registrar's complaint handling department—usually a compliance checkbox, sometimes a rubber stamp for takedowns.admin contactThe contact ICANN says manages your domain; often proxied or shielded for privacy.aftermarketResale market for already-registered domains; you buy from a previous owner, usually at a premium.AMLAnti-Money Laundering regulations that force registrars and payment processors to verify identity and report suspicious transactions.anonymous registrationRegistering a domain without revealing your real identity to the registrar or WHOIS.anycast DNSDistributed DNS routing: one IP address, multiple geographically dispersed servers, traffic routed to the nearest responder.authoritative nameserverThe master nameserver holding your actual DNS records; the authoritative source when someone looks up your domain.auto-renewAutomatic domain renewal charged to your payment method at expiration; bunkerdomains lets you opt in instead of forcing it.AXFRFull DNS zone transfer mechanism; leaves your entire DNS structure readable to anyone if misconfigured.
B
BCHBitcoin Cash: faster, cheaper Bitcoin fork. We take it.BGP hijackAttacker hijacks your IP prefix via BGP to intercept traffic before it reaches your legitimate server.billing contactThe contact record liable for domain payment and renewal fees; often conflated with registrant identity and exposed via WHOIS unless shielded.BNBNative token of Binance Smart Chain; liquid, tradeable, and accepted by privacy-conscious registrars.BTCBitcoin (BTC): peer-to-peer cryptocurrency and the standard payment method for anonymous domain registration.BTCPay ServerSelf-hosted, open-source Bitcoin payment processor. Direct to your wallet. No middlemen, no KYC, no freezes.bulletproof hostingHosting in permissive jurisdictions that ignores takedowns and abuse complaints, often used for illegal infrastructure but also censorship-resistant speech.
C
CAA recordDNS record controlling which Certificate Authorities can issue TLS certs for your domain.CCPACalifornia privacy law requiring personal data disclosure, deletion rights, and sale opt-outs; applies to companies collecting CA resident data.ccTLDTwo-letter domain suffix for a country or territory (.uk, .ru, .io); jurisdiction and privacy policy vary wildly by registry.CDNGeographically distributed server network that caches and serves your content faster; used for performance and abuse mitigation.CNAMEDNS record that aliases one domain name to another, commonly used for subdomains and CDN routing.counter-noticeYour legal rebuttal to a DMCA takedown; filed with the registrar to restore a suspended domain.court orderJudicial command to a registrar to disclose identity, take down a domain, or transfer it; enforcement depends on registrar jurisdiction.crypto invoiceA payment request in cryptocurrency sent to a wallet address; the native payment format for anonymous domain registrars.cryptocurrency mixerService that pools and shuffles cryptocurrency transactions to obscure the on-chain link between input and output addresses.cybersquattingRegistering a domain matching someone else's trademark in bad faith to profit, disrupt, or resell it.
D
DDoS mitigationDefensive measures to survive or absorb distributed denial-of-service traffic floods.DMCAUS copyright law that lets rights holders kill domains with a complaint—most registrars comply; we don't.DMCA takedownUS copyright takedown notice; registrars usually comply instantly without court involvement.DNAMEDNS record that aliases an entire domain subtree and all its subdomains to another domain.DNSMaps domain names to IP addresses; decentralized but observable unless encrypted.DNS cache poisoningAttack that injects false DNS records into a resolver's cache, redirecting traffic to attacker-controlled addresses.DNS firewallA network filter that blocks or redirects DNS queries based on policy rules, commonly used for censorship or content filtering.DNS hijackingUnauthorized redirection of your domain's DNS records to an attacker's server, typically via account compromise or DNS provider exploitation.DNS sinkholeA DNS server that intercepts queries and returns false responses, blocking access to a domain.DNSSECCryptographic signing of DNS records to prevent tampering and spoofing attacks in transit.DOGEPeer-to-peer cryptocurrency with low fees, fast confirmation, and a dog meme origin story.domain squattingRegistering a domain to resell or extort rather than develop it.drop catchingAutomated bot registration of a domain the moment it becomes available after expiration, exploiting millisecond-speed advantages.DS recordCryptographic fingerprint linking your domain's DNSSEC keys to the parent zone, establishing trust chain.
E
eepsiteAnonymous website on the I2P network, using .i2p addresses and requiring I2P router access.EPPThe protocol registrars use to provision, lock, transfer, and manage domains at the registry level.EPP authcodeCryptographic token that proves domain ownership and authorizes transfer to another registrar.ETHEthereum blockchain; we accept ETH and ETH stablecoins (USDT, USDC) for anonymous domain payment.expirationDomain stops working when you fail to renew before the registry deadline.expired domainA domain registration that lapsed and entered the public deletion queue.
F
FQDNComplete internet address of a host: hostname + domain + TLD + root, e.g., mail.example.com.free speech hostingHosting that doesn't comply with mainstream takedown demands, typically operated offshore or in speech-protective jurisdictions.fully qualified domain nameA complete domain name specifying its exact location in the DNS hierarchy, from host to root.
G
gag orderCourt order prohibiting disclosure of information, facts, or the order itself—legal censorship by injunction.GDPREU data protection law that made WHOIS privacy standard and registrars liable for mishandling personal information.glue recordAn IP address record embedded in the parent zone to prevent circular DNS lookups when your nameserver's name is part of your own domain.gTLDUnrestricted top-level domain open to anyone worldwide; includes .com, .org, and 800+ newer options.
H
I
I2PDecentralized encrypted network using garlic routing for anonymous communication; hosts .i2p eepsites.IANAThe nonprofit that maintains the master list of all TLDs and nameserver delegations.ICANNCalifornia nonprofit that coordinates DNS policy, TLD approvals, and dispute resolution—writes the rules registrars follow.IDNDomain name using non-ASCII characters (Cyrillic, Arabic, Chinese, etc.), encoded as Punycode for DNS routing.IP addressNumerical address assigned to a networked device; where DNS records actually point.
K
L
Let's EncryptFree, automated TLS certificate authority. Standard encryption for any domain without cost or gatekeeping.load balancerRoutes incoming traffic across multiple servers to prevent bottlenecks and improve resilience.LTCPeer-to-peer cryptocurrency; faster block time and lower fees than Bitcoin; accepted by anonymous registrars.
M
mail serverServer that routes and stores email using DNS MX records; your mail provider matters more than your registrar.master zoneThe authoritative DNS zone file where your domain's records live; changes propagate from here to the internet.meek transportPluggable transport that disguises Tor as HTTPS traffic to a CDN, defeating basic network-level censorship.multisig walletCryptocurrency wallet requiring signatures from multiple private keys to move funds.MX recordDNS record that routes email to your mail server by hostname and priority.
N
name collisionWhen the same domain exists in multiple DNS namespaces, causing resolution conflicts.national security letterU.S. law enforcement demand for customer data without a warrant, wrapped in a gag order and used far beyond national security.new gTLDGeneric TLD created after 2012 under ICANN's expansion; 1000+ alternatives to .com.NS recordDNS record specifying which nameservers are authoritative for a domain.
O
off-chainCryptocurrency transactions or data settled outside the blockchain, posted later or never.offshore hostingServer infrastructure located in a jurisdiction chosen to escape legal pressure or censorship.on-chainA domain or transaction permanently recorded on a blockchain, owned and verified by network consensus rather than a centralized authority.onion routingNested encryption technique that hides sender and destination by routing traffic through multiple nodes, each peeling off one encryption layer.OxaPayCrypto-to-fiat payment processor; registrars use it to accept anonymous cryptocurrency without holding coins.
P
parkingHolding a registered domain without active use, typically as a speculative investment or defensive reserve.pending deleteAn expired domain in the registry's grace period, not yet available for registration but still reclaimable by the original owner.pluggable transportA transport layer that disguises Tor traffic to evade censorship and deep packet inspection.premium domainRegistry or registrar markup on domains deemed valuable, often undisclosed until checkout.privacy coinCryptocurrency that hides sender, receiver, and transaction amount via cryptography; Monero is the standard.private registrationRegistrar proxy hides your real WHOIS contact details from public view.proxy registrationA third party holds the domain registration in their name while you control it contractually.pseudonymous registrationDomain registered under a fake but consistent name, with public WHOIS privacy included—privacy from the crowd, not law enforcement.PTR recordDNS record that maps an IP address back to a hostname; critical for mail server reputation.punycodeASCII encoding system that lets you register domain names in non-Latin scripts (Chinese, Cyrillic, Arabic, etc.) on the DNS.
R
RDAPMachine-readable API for domain registration data; ICANN's WHOIS replacement using structured JSON over HTTPS.recursive resolverA DNS server that queries other nameservers on your behalf to resolve domain names.redemption periodGrace period after domain expiration where the registrant can recover it for a premium fee before the domain is dropped.registrantThe legal owner of a domain name, liable for its use and typically responsible for renewal.registrarThe intermediary who reserves a domain name for you—choose one that doesn't log you or comply with every takedown notice.registrar lockRegistrar-side transfer block that requires lock removal before moving a domain elsewhere.registrar shieldingA registrar that refuses to comply with takedowns, court orders, or abuse complaints without forwarding them to the registrant.registration periodHow many years you own a domain before it expires and must be renewed or redeemed.registryThe organization that operates the technical backbone of a TLD and sets compliance policy for that domain.registry lockRegistry-enforced freeze on domain changes; prevents transfer or deletion even if registrar account is compromised.response policy zoneDNS-level policy filter that intercepts queries and redirects or blocks domains before resolution happens.reverse DNSDNS lookup that resolves an IP address to a hostname via PTR records; critical for mail server reputation.reverse proxyServer that shields your origin infrastructure by intercepting and forwarding client requests.root nameserverGlobal DNS infrastructure layer that directs queries to TLD registries; 13 logical server clusters operated independently.RPKICryptographic framework that validates IP address ownership and prevents BGP hijacks.
S
safe harborLegal shield protecting service providers from liability for user content, if they follow takedown procedures and don't knowingly facilitate infringement.second-level domainThe registrable label directly left of the TLD (e.g., 'example' in example.com).slave zoneA secondary DNS server that pulls and serves read-only copies of zone records from a master via automatic transfers.SnowflakePluggable Tor transport that disguises your connection as traffic to a cloud service, hiding Tor use from network observers.SOLSolana's native token; fast, liquid, accepted for anonymous domain payments.sponsored TLDA TLD restricted to members of a specific organization or community, operated under a sponsor's rules.SRV recordDNS record that specifies service location, port, and priority—used for routing SIP, XMPP, Kerberos, and other non-HTTP services.sTLDCommunity-controlled TLD operated by a designated sponsor for a specific industry or group; heavily regulated and compliance-first.subdomainA domain name under another domain (subdomain.example.com); created via DNS records, no separate registration.subpoenaCourt order forcing a registrar to disclose your identity and domain records.
T
takedown noticeLegal demand to remove content, usually claiming infringement; forces action by registrar or host, not a court order.tech contactThe DNS and technical administrator contact for a domain, filed with the registrar and used for abuse or technical notifications.TLDThe suffix (.com, .io, .ru) that determines which registry manages your domain and what abuse policies apply.TLS certificateDigital credential that encrypts HTTPS traffic and proves domain ownership to browsers.TorDecentralized anonymity network that routes traffic through multiple relays to hide your IP and encrypt communications.transfer lockRegistrar-level lock blocking domain transfers until you unlock it and retrieve the EPP authcode.transparency reportA registrar's public count of takedown notices, court orders, and data requests they received and how many they complied with.TRXNative token of TRON blockchain; accepted by bunkerdomains for fast, anonymous domain payments.TTLDNS record cache lifetime in seconds; balances propagation speed against resolver load and nameserver traffic.TXT recordDNS record storing arbitrary text data, commonly used for email authentication (SPF, DKIM, DMARC) and domain verification.typosquattingRegistering a domain misspelling of a popular site to intercept misdirected traffic.
U
UDRPPrivate arbitration system where trademark holders can seize your domain without court.URSFast-track ICANN suspension for trademark disputes on new gTLDs; 10-day takedown, no pre-suspension hearing.USDCUSD-backed stablecoin: crypto that holds a 1:1 peg to the US dollar.USDTStablecoin pegged to USD; fast, borderless crypto payment for domains without bank intermediaries.
W
WHOISPublic database mapping domain names to registrant and contact information; now often obscured by privacy proxies and regulations.WHOIS privacyHide your name and contact info from the public WHOIS database; usually included by default at anonymous registrars.wildcard certificateA single TLS certificate covering a domain and all its subdomains (*.).