← Back to blog
webinfrastructuredomains

How Domain Names Actually Work: From Registration to Drop Sniping

·10 min read

It started with a personal mission: acquire hrouch.com.

I'd been using hrouch.me for years, but the .com version of my own name had always felt unfinished. When I discovered it was close to expiring, I went deep — WHOIS records, drop timing, backorder services, DNS internals. What I thought would take an afternoon turned into a weeks-long education.

This is everything I learned, condensed.

The registry / registrar distinction

Most people think of Namecheap or GoDaddy as "where domains live." They don't. They're registrars — retailers that sell access to domain registrations on your behalf. The actual authoritative database lives at the registry.

Each TLD has one registry:

The chain works like this:

You → Registrar (Namecheap, GoDaddy, Dynadot)
           ↓
      Registry (Verisign for .com)
           ↓
      Root DNS servers

When you register a domain, your registrar submits the registration to the registry via a protocol called EPP (Extensible Provisioning Protocol). The registry is the source of truth. If you transfer your domain to a different registrar, the registry record updates, but your domain stays the same.

ICANN sits above all of this — it accredits registrars, delegates TLDs to registries, and sets the rules everyone must follow.

What you're actually buying

A domain registration isn't ownership — it's a lease. You're paying for the exclusive right to use a name for a period of time (1–10 years). When that period ends and you don't renew, the right lapses and the name eventually returns to the public pool.

The registry stores this as a set of records, visible via WHOIS:

The domain lifecycle

Domains don't disappear the moment they expire. They pass through a defined sequence:

Active — you own it, everything works normally.

Expired / Grace Period (0–45 days after expiry) — the domain has technically expired but you can still renew at the standard price. Your registrar usually suspends DNS resolution, so the site goes down, but the domain is still yours to reclaim cheaply.

Redemption Grace Period / RGP (~30 days) — the registry takes the domain back from your registrar. You can still recover it, but the redemption fee is steep — often $80–200 on top of the renewal cost. This is the registry recouping administrative overhead.

Pending Delete (5 days) — the domain is queued for deletion. Nothing can be done at this stage. No renewal, no transfer, no redemption.

Drop — on the sixth day after Pending Delete begins, the registry deletes the record and the domain becomes available for anyone to register. The drop window for .com and .net is between 14:00 and 20:00 UTC — not midnight, not random. Verisign releases domains in this window, and the exact second varies per domain.

DNS propagation

Once a domain is registered or its nameservers change, those changes need to propagate through the global DNS infrastructure. This is where "up to 48 hours" comes from — but the reality is more nuanced.

When you update your nameservers at your registrar, that change is submitted to the registry's zone file. Root nameservers get updated quickly, often within minutes. The slowdown comes from TTL (Time to Live) — the cache duration set on DNS records by nameservers around the world.

If your old DNS record had a TTL of 86400 (24 hours), resolvers that already cached that record won't check for updates until the TTL expires. This is why you can lower your TTL to 300 (5 minutes) a day before making a change — you're draining the cache so the cutover is fast and reversible.

The propagation path for a lookup:

Browser → OS cache → Recursive resolver (ISP / 8.8.8.8)
       → Root nameservers (.com zone)
       → TLD nameservers (Verisign's ns1.verisign.com)
       → Authoritative nameservers (your registrar / Cloudflare / Route 53)
       → Your A / CNAME record

Each layer caches based on TTL. If you're debugging why a DNS change isn't taking effect, dig +trace yourdomain.com walks this entire chain and shows you exactly where the stale answer is coming from.

How drop catchers work

The drop is not an auction, and it's not first-come-first-served in any meaningful sense. When a high-value domain hits the Pending Delete phase, specialized services — DropCatch, SnapNames, Pool.com — race to submit registration requests at the exact moment the registry processes the deletion.

These services have direct relationships with registrars who have high-throughput EPP connections to the registry. They submit thousands of requests per second. If multiple services catch the same domain, the registry picks one at random and the services that lost get refunds.

For hrouch.com, which has low commercial value, the drop was quiet — no catchers involved. I just watched the WHOIS status move from redemptionPeriod to pendingDelete, calculated the approximate drop window, and checked Namecheap and Dynadot manually around 14:00–15:00 UTC. It was available. I registered it in under a minute.

The strategy for sniping a low-value domain manually:

  1. Track the expiry date on WHOIS or DomainTools
  2. Watch for the status to flip to pendingDelete
  3. Count 5 days from that date — that's your drop day
  4. Check between 14:00–20:00 UTC with autofill ready
  5. Don't bother with backordering services unless the domain is genuinely high-value — the fees rarely make sense otherwise

DNSSEC

One thing worth knowing once you control a domain: DNSSEC (DNS Security Extensions) adds cryptographic signatures to DNS responses, so resolvers can verify that records haven't been tampered with in transit. DNS spoofing — where an attacker poisons a resolver's cache to redirect traffic — is a real attack class, and DNSSEC is the defense.

Most modern registrars and DNS providers support it. Cloudflare enables it with one click. For a personal domain or portfolio, it's low-effort protection that signals you know what you're doing.

What hrouch.com looks like now

hrouch.me redirects to hrouch.com — the .me stays active until at least 2030 for backwards compatibility, but .com is home now.

Owning the .com of your own name is a small thing, but it's yours for life if you keep renewing it. Start there.