A domain name is one of the most misunderstood objects on the internet. People talk about "buying a domain" the way they talk about buying a car. The metaphor is wrong, and getting the metaphor right makes every other decision easier: which registrar to use, when to renew, how to set up DNS, how to keep the domain safe.

This article is the foundation of everything else we publish about domains. It is intentionally short.

You don't own a domain. You lease it.

When you "register" a domain you are not buying anything. You are paying for a lease on a unique entry inside a global database called a registry. The lease lasts from one to ten years, depending on the TLD and the price you pay. When the lease ends, you renew or you lose it. There is no permanent ownership in the legal sense most people imagine.

The party you pay (Namecheap, Cloudflare Registrar, GoDaddy, Aruba, Register.it) is the registrar. The party that actually keeps the database is the registry (Verisign for .com, Google Registry for .dev, Registro.it for .it). The registrar is the front desk. The registry is the building.

This distinction matters because the registry sets the wholesale price, not your registrar. A .com costs every registrar the same wholesale fee from Verisign. The differences you see between Namecheap and GoDaddy are pure margin, marketing budget, and support quality.

A domain name is a pointer, not a destination

A domain name has no website. A domain name has no email. A domain name is a pointer that says "if you ask about mind.dev, here are the authoritative DNS servers that will answer further questions about it".

What people call "the website" lives on a server somewhere (a VPS, a shared host, a CDN edge node) and is reachable through an IP address. Your domain's DNS records translate mind.dev into that IP. If your domain expires, the records disappear, but the website on the server is still there. If your server dies, the domain is still yours.

These are three independent things:

  • The domain name (a lease on an entry in a registry)
  • DNS (the records that translate the name into addresses)
  • Hosting (the actual server holding files or running an application)

You can buy each from a different company. You can change each independently. People who lose their site for weeks during a "host migration" usually didn't understand this and changed three things simultaneously.

Anatomy of a name

Take mail.mind.dev. Read it right to left:

  • dev is the TLD (top-level domain). It belongs to a single registry.
  • mind is the SLD (second-level domain). It is the part you actually leased.
  • mail is a subdomain of mind.dev. You create as many as you want, for free, by adding DNS records.

The pair mind.dev is sometimes called the registrable name or apex. That is what you pay for. Subdomains cost you nothing. They are just additional pointers under the apex.

What you actually paid for

Concretely, paying for mind.dev gives you four things:

  1. The exclusive right to use that exact string under .dev for the duration of your lease.
  2. The ability to set the authoritative nameservers for the name. Whatever DNS provider those nameservers point to becomes the source of truth for the domain.
  3. The right to renew before expiry, before any other party can register the same name.
  4. The right to transfer the domain to another registrar (after a 60-day cooldown post-registration), using a code called the EPP code or auth code.

You did not buy hosting. You did not buy email. You did not buy SSL. Those are separate purchases, often confused with domain purchases because registrars sell them as upsells.

Why people lose domains

Almost every "I lost my domain" story is one of three things:

  • Expiry. The card on file declined, the renewal email landed in spam, the domain went into redemption, somebody else grabbed it.
  • Wrong account. The agency or freelance dev registered the domain under their own account. The client paid, but the lease is in someone else's name.
  • Hijacking via account compromise. The registrar account had no 2FA, the email it depended on got compromised, the domain got transferred out before anyone noticed.

All three are preventable, and we cover each in dedicated articles.

The mental model that helps

Think of a domain as a post office box in a public directory:

  • The directory is global and unique. Two people cannot have the same box number.
  • You pay a yearly rent.
  • If you stop paying, the box goes back to the directory and somebody else can take it.
  • The box has nothing inside until you put something in it. The box itself is just a label.
  • You can move the box's contents (your DNS records) anywhere. The box stays where it is, in the directory.

That model is enough to reason about almost every other question: why do .io domains cost more than .com, what does "transfer lock" actually lock, why does Cloudflare DNS cost zero, why is auto-renewal a security feature, when is a whois privacy upsell actually useful.

We will answer those questions in the next articles.