Tell HN: I think there are major issues with Google –> Squarespace domains

Hacker News Discussion ↗

Registrar vs DNS Separation

  • Many recommend separating responsibilities: use one provider as registrar and a different one for DNS.
  • Reasons: better security (fewer people need registrar access), flexibility to switch DNS providers, and insulation from weak registrar DNS features.
  • Examples mentioned: Squarespace or NameSilo as registrar with Google Cloud DNS, Cloudflare, Linode DNS, Route53, etc. as DNS.

Recommended Registrars & DNS Providers

  • Frequently suggested registrars: Cloudflare Domains, Porkbun, Namecheap, Spaceship, AWS Route53, IWantMyName.
  • Frequently suggested DNS providers: Cloudflare, Google Cloud DNS, Route53, Linode, sometimes registrar-native DNS when adequate.

Cloudflare Debate

  • Positives: widely used, robust DNS and APIs, at‑cost domain pricing, integrated products, strong DDoS protection, good for consolidation.
  • Negatives/concerns:
    • Must use Cloudflare DNS if using Cloudflare as registrar; cannot delegate to third‑party nameservers without transferring out.
    • Criticism of centralization and their role as a major internet gatekeeper.
    • Frustration with “verifying you are human” interstitials and perceived slowness.
    • Concerns about partnerships and contracts with governments and defense agencies.
  • Some see them as pragmatic and effective; others want to avoid them on principle.

Porkbun and Other Alternatives

  • Porkbun: praised for low prices, good support, reliable DNS, and smooth transfers (including importing existing DNS records and glue).
  • Critiques: site sometimes unstable, over‑strict fraud/banning (e.g., certain virtual cards), lacks some TLDs, and a brand name some find unprofessional.
  • Spaceship: cheaper, modern UX, interesting tools like DNS propagation maps, but lacking API and advanced zone editor.

Namecheap Controversy

  • Mixed reviews: some like the DNS flexibility and UI; others call out poor support, dated UI, and “premium” upcharging on newly invented short domains.
  • Major debate over the decision to drop customers from one country (Russia) after the invasion of Ukraine:
    • One side: shows they can arbitrarily cut off entire populations; undermines trust.
    • Other side: staff are largely in Ukraine; cutting service seen as a moral or existential response, not mere “political ideology.”
    • Disagreement over collective responsibility vs. targeting governments only remains unresolved.

Google Domains → Squarespace Migration

  • Many proactively moved away (often to Cloudflare or Porkbun) after the sale announcement.
  • Reported issues:
    • Some domains migrated, others left in limbo with unclear status.
    • Delays in getting transfer codes and in completing transfers away from Squarespace.
    • DNS changes in Squarespace’s UI not showing up in global DNS; suspicion that Squarespace isn’t reliably updating the underlying Google Cloud DNS zones.
    • Very slow or absent Squarespace support responses reported by some.
  • Contrasting reports say the experience was seamless:
    • For these users, NS records remained on *.googledomains.com, and DNS edits propagated normally.
    • Suggestion that the real problem is the Squarespace–Google DNS integration layer, not Google Cloud DNS itself.

DNS Migration & TTL Concerns

  • Some note you cannot adjust TTL on Squarespace‑managed records, making smooth migrations harder.
  • Common strategy described:
    • Pre‑create the zone at the new DNS provider.
    • Change NS at the registrar.
    • Wait at least as long as registry glue TTL (often 1–2 days) or longer due to misbehaving caches.
    • Only then remove the old zone.
  • Warnings about pitfalls: forgetting to disable DNSSEC, starting transfer before updating nameservers, or mis‑ordering steps can cause outages.

Payment Data and Security Questions

  • Concern raised that credit card details appeared to be “copied” to Squarespace accounts during migration.
  • Others argue direct card sharing (especially CVV) would violate card‑processing rules; more likely scenarios:
    • A shared or unchanged payment processor with subscription IDs handed over.
    • Tokenization or gateway‑to‑gateway card token transfer.
  • Exact mechanism is unclear from the thread; no definitive technical explanation is provided.