Domain Search, Name Selection and Buying: The

The first serious decision you make when launching a website is finding the right domain name and acquiring it safely. Domain search looks trivial from the outside — type a name into a box, get a 'yes/no' — but underneath sits a deep stack: ICANN, registrars, registries, the WHOIS and RDAP protocols, the EPP transfer flow, and TLD-specific policies. This guide walks the entire path from the concept of a domain name through registrar selection, transfers, and dispute resolution in a single sitting.

What Is Domain Search and What Happens Behind the Scenes?

Domain search (also called domain name search, website lookup, web address lookup) is the act of finding out whether a name is already registered by someone in the world. In practice, two distinct questions tend to get confused: (1) Is this name available? and (2) Who owns this name, when was it registered, when does it expire? The first is answered by the registrar's call to the upstream registry; the second is answered by the WHOIS or RDAP protocol.

When you type a name into a search box, what happens behind the scenes is essentially an EPP check command. The registrar's back-end sends an availability check to the central registry of the relevant TLD (e.g. Verisign for .com, TRABIS / Information and Communication Technologies Authority for .tr). The registry replies 'available' or 'in use'. This answer is real-time and authoritative — you cannot derive availability from a Google search or a browser visit; only the registry knows for certain.

A Glossary: Registrar, Registry, Registrant, Reseller

Registry: the central authority for a TLD. Verisign for .com and .net, PIR for .org, Identity Digital for .info, TRABIS for .tr. Each TLD has exactly one registry.
Registrar: an ICANN-accredited company licensed to sell domains to end users. International examples include Namecheap, Cloudflare Registrar, Tucows, Porkbun, GoDaddy, Hostinger, with regional players in every market.
Registrant: the person or organization the domain is registered to. This is the party shown as 'owner' in WHOIS/RDAP.
Reseller: a non-accredited intermediary that sells domains on top of a registrar's account. When something breaks, you get two layers of support to deal with.
ICANN: Internet Corporation for Assigned Names and Numbers. The non-profit that sets gTLD policy, the transfer rules and the dispute mechanisms.

When you 'buy' a domain you pay the registrar; the registrar passes a yearly fee to the registry; the registry writes the data into its central database. The misunderstood part: you don't actually buy the domain, you lease the right to use it on a yearly basis. If you don't renew, it expires; once the protective grace and redemption windows close, anyone else can register it.

WHOIS, RDAP and Ownership Lookup

WHOIS began with RFC 812 in 1982 and was updated in RFC 3912 (2004). It runs over TCP port 43 in plain text. It served the internet for decades, but it had three real problems: it returned unstructured text (a parsing nightmare), it had no internationalization (ASCII only, not UTF-8), and it had no authentication or access control. ICANN decided to migrate to RDAP because of these limitations.

RDAP (Registration Data Access Protocol) is defined by RFCs 7480-7484. It runs over HTTPS, returns JSON, supports OAuth/Bearer tokens, and renders IDNs (internationalized names with non-ASCII characters via Punycode) properly. ICANN has required gTLD registrars and registries to provide RDAP since 2019; classic WHOIS on port 43 is being retired (some registries have shut it off entirely).

Learning to use both protocols from the command line is invaluable when you eventually have to debug DNS issues or research a domain. Our internal WHOIS lookup tool performs the same queries from the browser.

A WHOIS lookup tells you when a domain was first registered, who owns it (where allowed), what nameservers it points to and when it expires. The age of a domain (10+ years) is a critical signal for buyers of expired domains. To see the registration date in an RDAP response, look for the events array entry of type registration.

WHOIS redaction after GDPR: in May 2018, when the EU General Data Protection Regulation came into force, ICANN issued a 'Temporary Specification' for gTLD registries. The spec mandates that personal data of natural-person registrants — name, email, phone, postal address — must not appear in public WHOIS. The result: most domains registered after 2018 show Registrant Name: REDACTED FOR PRIVACY. Access requires going through RDDS/RDRS or proving 'legitimate interest' via legal channels. WHOIS may still be open in non-ICANN-accredited or non-EU TLDs (e.g. US-based .us, many older ccTLDs); .tr's TRABIS continues to publish corporate registrant details.

TLD Categories: gTLD, ccTLD, sTLD and the New Extensions

There are over 1500 top-level domains in service today, but they are not all the same animal. Picking the right extension means understanding the categories.

gTLD (generic top-level domain): .com, .net, .org, .info, .biz, .pro. Managed directly under ICANN policy. .com is still the universal gold standard — global recognition, the strongest SEO trust signal and the keyboard reflex of every user.
ccTLD (country-code TLD): two-letter codes — .tr, .de, .uk, .fr, .it, .jp, .nl. Defined by ISO 3166-1 alpha-2 codes. Critical for local SEO; Google uses ccTLDs as a geographic targeting signal.
sTLD (sponsored TLD): extensions reserved for specific sectors or communities — .gov, .edu, .mil, .museum, .aero, .coop. Strict eligibility rules apply.
nTLD (new gTLD): extensions opened after ICANN's 2014 new-gTLD program — .shop, .blog, .app, .dev, .tech, .online, .site, .store, .xyz. Promotional pricing is attractive but renewal can be 4-6× higher.
IDN ccTLD: extensions in non-Latin scripts — .中国, .рф, .ไทย. Internationalized names use Punycode (xn--) under the hood.
Brand TLD: extensions held by a single brand — .google, .apple, .bmw. Not for public sale.

If you are launching for the Turkish market, prioritize .com.tr or .tr; if your reach is global, .com remains the best choice. A common pragmatic move is to register both and use a 301 redirect. Newer extensions (.shop, .app, .blog, .dev, .ai) can suit niche projects and brand plays, but user perception is still less established than .com.

.tr Domains and the TRABIS System

Turkey's ccTLD .tr was managed by Middle East Technical University (METU) under the name nic.tr from 1991 until September 2018. In September 2018, authority was transferred to TRABIS (.tr Network Information System), operated under the Information and Communication Technologies Authority (BTK). Several important changes came with the transition:

Document requirements removed: previously, .com.tr required trade registry, tax certificates, trademark certificates, etc. With TRABIS (except for top-level categories) the model became first-come-first-served.
Direct sale enabled: TRABIS-accredited operators (registrars) can sell directly. The accredited operator list is published on nic.tr.
Second-level .tr: previously only available as a sub-domain (com.tr, net.tr, org.tr), .tr can be registered as a single-level domain (e.g. company.tr) since 14 September 2022.
Sunrise period: trademark holders had a 3-month priority window, followed by landrush, then general availability.
Dispute resolution: TRABIS operates its own UDRP-equivalent procedure for .tr.

Sub-level extensions like .gov.tr, .edu.tr, .pol.tr, .mil.tr, .bel.tr, .k12.tr remain document-restricted; only relevant public bodies or qualifying entities can register them. .tr WHOIS lookup still goes through the legacy WHOIS server (whois.nic.tr).

Picking a Good Domain: Naming Engineering

Remember that a good domain will live with your brand for the next decade — getting it wrong creates expensive rework later. The rules are old, but they bite as soon as you forget them.

Keep it short: 6-14 characters is the sweet spot. Anything beyond 20 characters is forgettable, mistyped over the phone and tedious on mobile keyboards.
Pronounceable on the phone: when you read your address aloud the listener should not have to ask 'how do you spell that?'. If 'café' / 'cafe' is ambiguous, register both.
Avoid hyphens: 'web-site.com' types are penalized in user perception (spam association) and harder to recall.
Avoid digits: 'site24.com' invites the 'two-four' vs 'twenty-four' confusion when read aloud.
Non-ASCII names: IDNs containing accents, ç, ş, ñ, ö, ü, ı can be registered, but they appear in the browser bar as Punycode (xn--) and tend to confuse users.
Trademark conflict: search the Turkish Patent Institute, USPTO TESS, EU TMview and WIPO Global Brand Database before purchase.
SEO note: 'exact match domains' have lost their old advantage; brandable names now win.

Tools like Lean Domain Search, Domainr, Instant Domain Search are great for surfacing combinations in bulk — much faster than typing variants by hand. Our internal WHOIS lookup is useful for checking ownership of a specific candidate.

Hunting for available names: try creative tactics — prepend 'get', 'try', 'use', 'my', 'go' to the root; combine a category word with the root (cafe + brand); scan alternative extensions (.co, .io, .app, .dev, .shop); test compound forms (mevcut → 'mevcutapp', 'getmevcut'); enumerate synonyms and abbreviations.

Domain Pricing: A Realistic Budget Table

Domain pricing is multi-tier per TLD and varies sharply between registrars. The promotional prices you see when searching for cheap domains are usually first-year only; renewal prices can be 2-5× higher. Approximate ranges as of 2026 (varies per registrar):

.com: 8-13 USD first year, 12-18 USD renewal. Verisign raises wholesale price annually.
.net: 12-16 USD. Renewal slightly more expensive than .com.
.org: 11-16 USD; managed by PIR, price changes are controlled.
.com.tr: 5-15 USD; promotional pricing at Turkish registrars.
.tr (single-level): 15-30 USD range.
.io: 35-60 USD. Premium-priced thanks to its tech-community appeal.
.ai: 70-120 USD; surged on AI hype.
.dev / .app: 12-20 USD. Owned by Google, HTTPS-only enforced.
.shop / .store: 1-5 USD first year promo, 30-50 USD renewal. Watch out!
.xyz / .online / .site: 1-3 USD first year, 15-30 USD renewal.
Premium domains: special-listed short or popular names — 200 USD up to 100,000+ USD.

Pricing trap: when you see a 1 USD 'first year' promo, look for the renewal price before adding to cart. Buying a .shop for 1.49 USD and renewing it at 47 USD next year is the textbook scenario. Honest registrars surface the renewal price; avoid the ones that hide it.

Total cost of ownership: beyond the domain itself, the yearly cost of operating a website includes domain registration/renewal, an SSL certificate (free with Let's Encrypt; paid wildcard 30-200 USD), hosting (shared 30-150 TL/mo, VPS 5-50 USD/mo), email hosting (3-10 USD per user/mo) and optional WHOIS privacy (0-15 USD/yr). Our hosting types guide gives a reference for the surrounding decisions.

Picking a Registrar

There are dozens of ICANN-accredited registrars in Turkey and globally; on paper they all sell the same 'domain' product, but in practice quality, security and pricing diverge sharply. The right answer to 'who should I buy from' depends on your needs.

ICANN accreditation: every registrar must be on the IANA list. Non-accredited firms are resellers — meaning two layers of support when something breaks. Full list: iana.org/assignments/registrar-ids.
WHOIS privacy cost: some include it free (Cloudflare, Tucows-affiliated brands, Namecheap); others tack on 10-15 USD/yr. EU-based registrars apply privacy automatically due to GDPR.
Transfer ergonomics: how fast do they hand you the auth code? Is the transfer lock removable in one click, or is there a 7-day waiting period?
Renewal price transparency: the renewal price should be visible before adding to cart. Avoid registrars whose price jumps 4-5× after the first year.
DNS panel: A, AAAA, CNAME, MX, TXT, SRV, CAA records must all be supported; ANAME/ALIAS is optional but useful.
Two-factor authentication: if your account is compromised, your domain is gone. 2FA is non-negotiable; hardware keys (FIDO2/WebAuthn) are far stronger.
Registry lock: an extra security layer for high-value domains. Not all registrars offer it.
Support quality: 24/7 or business hours? Local-language support? Read user reviews for response times.

Among the operators commonly used: regional Turkish providers IsimTescil, Natro, IHS, Turhost; international names such as Cloudflare Registrar (sells at cost-plus, only the registry fee), Namecheap (low price plus free privacy), Tucows OpenSRS (B2B reseller backbone), Porkbun (developer-friendly UI), Hover (premium support), GoDaddy (the largest customer base, but heavy upsell). The common consensus across price/quality/security: Cloudflare Registrar or a Tucows-backed reseller for high-value names, Namecheap or Porkbun for cheap bulk registrations.

Buying a Domain Step by Step

Registering a name takes minutes, but understanding each step prevents pain later. The typical flow:

1. Verify the name: check availability via EPP check; consider alternative extensions.
2. Trademark search: Turkish Patent and Trademark Office, WIPO Global Brand Database, USPTO TESS. A conflicting trademark exposes you to a cease-and-desist or UDRP.
3. Pick a registrar: based on the criteria above.
4. Open an account and enable 2FA: TOTP (Authy, Google Authenticator) or a FIDO2 hardware key.
5. Add the domain to cart: choose registration period (1-10 years). Long registration is a small SEO trust signal and shields you from renewal increases.
6. Enable WHOIS privacy: especially important for individual registrants — keeps your personal address and phone out of spam-scraping bots' hands.
7. Turn on auto-renew: keep the credit card expiration date current. 'Auto-renew on' is always preferable.
8. Configure DNS: A/AAAA records to your server IP, MX to your email provider, TXT for SPF/DKIM/DMARC. Detail in our DNS guide.
9. Add a CAA record: restricts which CAs can issue certificates for the domain — blocks rogue SSL issuance after a hijack.
10. Consider registry lock: a second protective layer for important domains.

Two important notes: enter your name correctly — incorrect registrant data causes pain in transfers and disputes. For a corporate domain, register it under a corporate email address; do not lose access when an employee leaves.

DNS Configuration: Bringing the Domain Online

A domain does not 'work' the moment you register it — you need to configure DNS records and set the nameservers. Nameserver (NS) records tell the world which DNS provider is authoritative for the domain; A/AAAA records map to IP addresses; CNAME points to another name.

DNS Propagation and TTL

When you make a DNS change, resolvers around the world don't see it instantly — the old answer stays in cache for the duration of its TTL (Time-to-Live). Typical TTL is 3600 seconds (1 hour) or 86400 seconds (24 hours). Drop TTL to 300 seconds 24-48 hours before a planned migration, then raise it back to 3600/86400 after the cutover; that minimizes propagation lag. To verify, use whatsmydns.net, dnschecker.org, or query specific resolvers from a terminal with dig @1.1.1.1 / dig @8.8.8.8. Theoretically propagation can take up to 48 hours, but with modern Anycast DNS (Cloudflare, Route 53, Google Cloud DNS) it usually settles in 5-15 minutes.

Domain Transfers: EPP, Auth Codes and the 60-Day Rule

To move a domain from one registrar to another, the steps are tightly defined by ICANN's Inter-Registrar Transfer Policy:

1. Unlock the domain (clientTransferProhibited): from the current registrar's panel.
2. Verify WHOIS data: especially the email address — that is where the approval mail goes.
3. Temporarily disable WHOIS privacy: some registrars will not allow a transfer while privacy is on.
4. Get the auth code (EPP code): a 16-character string with mixed case, digits and special characters. Some registrars email it.
5. Initiate the transfer at the new registrar: enter the domain name and auth code, pay (the fee usually includes a 1-year extension).
6. Approval emails: the WHOIS admin email receives a 'transfer-out approval' link; in some cases a 'transfer-in confirmation' is also required.
7. 5-7 day waiting period: per ICANN policy. Sometimes accelerated to 1-2 days if the losing registrar approves explicitly.

Two key restrictions: the 60-day new registration rule — a freshly registered or freshly transferred domain cannot be transferred again for 60 days. This is ICANN's spam and hijack guard. The 60-day registrant change lock — if you change registrant data and don't opt-out, an additional 60-day transfer lock kicks in.

The Domain Lifecycle: From Expiry to Drop

An unrenewed domain doesn't disappear immediately; ICANN policy moves it through several protective phases. Knowing them matters whether you want to keep your own domain or shop for expired ones.

0. Active: a domain in normal use.
1. Past expiration date: most registrars apply an 'auto-renew grace period' of 0-45 days. If the card charged successfully, the domain stays live; otherwise it is parked.
2. Redemption Grace Period (RGP): typically 30 days. Recoverable, but at a high redemption fee (typically 80-200 USD).
3. Pending Delete: 5 days. After this the domain drops back into the available pool.
4. Drop / Available: anyone can re-register. For high-demand names, drop-catching services snap them within seconds — manual registration won't catch them.

Expired and aged domains — buying a clean, long-lived domain to launch a new brand is an SEO advantage. But beware: many expired domains carry SPAM history. Before buying, check Wayback Machine for past content, run the name against Spamhaus blacklists, and audit the backlink profile with Ahrefs/Majestic. A domain loaded with toxic backlinks can pass on a Google penalty.

Backorder and Drop-Catching

If a target domain is taken but appears unrenewed, backorder services help. SnapNames, NameJet, DropCatch.com, GoDaddy Auctions, Pool.com try to grab the name into your account the moment it drops. If multiple parties want it, the service runs an auction internally.

Backorder success rates depend on the registry: high for .com (drop-catching is heavily contested), low for smaller TLDs. Fees range from 25-100 USD; auction wins push the price higher.

WHOIS Privacy and Proxy Registration

For an individual registrant, leaving real address details in public WHOIS exposes you to spam, doxxing and social engineering. Three layers exist:

WHOIS Privacy: the registrar masks your details and shows its own proxy data. Often free, sometimes 5-15 USD/yr. Many TLDs apply it automatically due to GDPR.
Privacy Plus / Pro: at certain registrars an extra tier — also forwards incoming mail and blocks direct contact.
Proxy Registration: a third party owns the domain on your behalf. Used in high-profile holdings but carries legal risk.

Caveat: at some local registrars WHOIS privacy must be requested manually; it is not on by default. After purchase, verify with whois from a terminal.

Trademarks and UDRP

If your domain is similar to someone else's registered trademark, it can be taken from you under UDRP (Uniform Domain-Name Dispute Resolution Policy). UDRP is mandatory for every gTLD; .tr has its TRABIS-equivalent procedure.

Three cumulative UDRP conditions: (a) the domain is identical or confusingly similar to a trademark; (b) the registrant has no legitimate right or interest; (c) the domain was registered or used in bad faith.
URS (Uniform Rapid Suspension): an accelerated procedure for new gTLDs that finishes in around 3 weeks. No transfer of the name — only suspension.
WIPO Arbitration and Mediation Center: the most-used UDRP forum. Decisions typically inside 60 days; fees 1500-4000 USD.
Court action: instead of UDRP, you can go to court directly. Slower and costlier but allows damages.

Before buying, run a trademark search: Turkish Patent and Trademark Office for Turkey, TMview for the EU, WIPO Global Brand Database for global. Grabbing a name that exactly matches another company's trademark is unethical and a fight you will lose long-term.

Subdomains and Domain Strategy

Once you own a domain you can create unlimited subdomains: blog.example.com, shop.example.com, api.example.com. Subdomains are free; only a DNS record is required. The SEO debate around subdomains vs subdirectories continues; Google typically treats subdomains as separate sites, while subdirectories share the parent's authority.

When to subdomain: very different content / tech stacks (blog vs main site), language variants (en.example.com), API isolation, staging environments.
When to subdirectory: SEO-driven content (example.com/blog), structures that should benefit from the main site's authority.
Wildcard records: *.example.com CNAME forwarding all subdomains to a single endpoint. Common in SaaS (user.app.com).
Wildcard SSL: certificates for *.example.com via Let's Encrypt + DNS-01 challenge. Detail in Let's Encrypt guide.

Domain Security: Preventing Hijacking

Domain hijacking — someone seizing a domain registered in your name and transferring it under their control — sounds like a small attack vector but when it happens, your business, your email, your customer data and your brand trust go away simultaneously. The 2020s have seen many high-profile hijackings of mid-sized companies.

1. Enable 2FA: TOTP is the floor; FIDO2 hardware keys (YubiKey, Titan Key) are far stronger — phishing-resistant.
2. Keep registrar lock on (clientTransferProhibited): default-on, but verify each time.
3. Enable registry lock: for high-value domains. Manual approval required, cannot be lifted from the panel alone.
4. Add a CAA record: limits certificate issuance to specific CAs. 0 issue "letsencrypt.org"
5. Enable DNSSEC: cryptographically signs DNS answers, blocking cache poisoning. One-click in registrar panels or Cloudflare.
6. Authoritative email: the admin email must be a corporate address, not a personal Gmail. If the personal account is compromised, the domain is at risk.
7. WHOIS monitoring: services like DomainTools, WhoisXML watch WHOIS for changes and notify you.

Bulk Domains, Portfolio Management and Aftermarket

If you operate a domain portfolio for brand defense, you need to manage tens or hundreds of names from a single dashboard. Professional tooling includes bulk WHOIS/RDAP lookup (pull expiration dates for 1000 domains in one shot), renewal calendars (with Google Calendar integration), bulk transfer (move 50+ names with batch auth-code generation), API access (Cloudflare, GoDaddy, Namecheap, Tucows OpenSRS, Porkbun all expose APIs), and brand-defense strategy (registering the brand on .com, .net, .org, .co, .io and the main ccTLDs — about 500-1000 USD over 10 years).

Beyond newly available names sit premium or aftermarket domains in the secondary market. Marketplaces include Sedo (the largest, 19M+ listings), Afternic (GoDaddy-affiliated, broad inventory), Dan.com (acquired by GoDaddy, modern UI), NameSilo Marketplace (low commission), Atom (formerly Squadhelp, AI-curated brandables). Prices range from 100 USD for a usable word domain to 1M+ USD for premium one-words. cars.com sold for 872M USD; voice.com for 30M USD. Quality brandables for SMBs and startups land in the 1,000-15,000 USD range. Escrow.com is the standard for safe payments on high-value transactions.

Email on Your Domain: MX, SPF, DKIM, DMARC

A domain's value is not only the website — professional email is just as critical. A message from you@yourcompany.com earns 10× the trust of one from gmail.com. After registration, configure at minimum four DNS records for email:

MX (Mail eXchanger): where mail to the domain is delivered. Lower priority is tried first. e.g. 10 mail.yourcompany.com.
SPF (Sender Policy Framework): a TXT record that lists which IPs/servers may send mail on the domain's behalf. e.g. v=spf1 include:_spf.google.com ~all
DKIM (DomainKeys Identified Mail): cryptographic signing of outgoing mail. selector._domainkey.yourcompany.com TXT record.
DMARC (Domain-based Message Authentication, Reporting & Conformance): ties SPF + DKIM verification to a policy. e.g. v=DMARC1; p=quarantine; rua=mailto:dmarc@yourcompany.com
BIMI (Brand Indicators for Message Identification): shows your logo in inbox. SVG logo published as a DNS TXT record.

Without these records, Gmail and Outlook will spam-foldering your outbound mail. Providers like Google Workspace, Microsoft 365, Zoho Mail, Fastmail offer setup wizards; if you configure manually, verify the score with mail-tester.com (target 10/10).

SEO and the Domain

Picking the right domain matters for SEO but is not a magic bullet. Google's algorithm has steadily reduced the weight of 'exact match domains' (names that are exactly the keyword) in favor of content quality, brand authority and EEAT (Experience, Expertise, Authoritativeness, Trustworthiness). Some realities still hold:

Domain age: older domains carry trust, but content and link profile matter more.
ccTLD = geographic targeting: .tr signals 'for Turkey'. Choose .com for global reach, .tr for the local market.
HTTPS: a direct ranking factor since 2014. Always pair the domain with SSL. See HTTPS and TLS 1.3 guide.
Branded domain: a short, memorable brand name produces an indirect ranking signal. Brand-search uplift tells Google 'this site matters'.
301 redirects: when you change domains, redirect old to new with 301 — ~85-95% of link equity transfers.

For broader SEO context, see How Search Engines Work and How to Optimize a Website.

Notes for the Turkish Market and Common Pitfalls

If you're launching a site or brand for the Turkish market, several local details are worth knowing:

The .com.tr / .tr split: .com.tr is well-established; single-level .tr has been available since 2022. The ideal pattern: register both and 301-redirect one to the other.
VAT: prices include VAT at Turkish registrars; international registrars charge without VAT and let you reverse-charge.
Payment: Turkish registrars accept TL via card / wire / EFT. International registrars charge in USD/EUR plus Visa/MC fees.
Content restrictions: .tr domains fall under Turkish jurisdiction — banned content can result in access blocks. For sensitive topics, foreign registrar + offshore hosting is a safer combo.
Contact information: TRABIS requires a valid phone and address in some categories. Incorrect info can trigger cancellation.
Logging obligations: if you serve from inside Turkey under the communications-provider definition, you may have logging duties under Law 5651. Talk to a lawyer.

Common buying pitfalls: forgetting renewal alarms — even with auto-renew on, your card expires. Buying under a colleague's personal account — they can hold the domain hostage when leaving. Falling for promotional TLD traps — 1 USD .shop, 47 USD next year. Leaving a personal address in public WHOIS — spam and doxxing. Skipping 2FA — account theft equals domain theft. Putting all your eggs in one registrar — split high-value portfolios across two. Ignoring trademark conflicts. Buying through a reseller — two layers of support when you need help most. Treating subdomains as separate registrations — blog.example.com is a DNS extension, not a standalone record.

Glossary and Decision Flow

Common domain terms: FQDN (Fully Qualified Domain Name) is the full form including all parts (www.example.com.). Apex / naked domain is the root without www (example.com). Punycode is the ASCII representation of an IDN — türkçe.com → xn--trke-6oa.com. Glue records are mandatory A/AAAA records for in-zone nameservers. Auth code / EPP code is the transfer password. RDDS stands for Registration Data Directory Services (the formal name for WHOIS+RDAP). Cybersquatting is registering a trademark in bad faith (a UDRP matter); typosquatting is registering common misspellings; domain tasting was abolished by ICANN.

1. Brainstorm: list 5-10 candidates, run them through the phone test.
2. Availability check: query each via our WHOIS tool.
3. Trademark search: TPMK, TMview, WIPO Brand Database.
4. TLD decision: .com (global), .com.tr/.tr (Turkey), niche TLD (sector).
5. Pick a registrar: ICANN-accredited, supports 2FA, free WHOIS privacy, transparent renewal.
6. Open the account, enable 2FA: TOTP or FIDO2.
7. Register: 1+ years, auto-renew on, privacy on.
8. Set up DNS: A/AAAA, MX, TXT (SPF/DKIM/DMARC), CAA.
9. Install SSL: Let's Encrypt or paid wildcard.
10. Consider registry lock: enable for high-value domains.
11. Monitoring: expiration reminders, WHOIS-change alerts.
12. Backup registrar: plan for high-value portfolios.

Bulk Operations and Automation

Developer / SRE teams routinely automate domain operations. A simple 'check + register + DNS configure' flow with Cloudflare's API:

You can express the same operations declaratively in Terraform; our Terraform IaC guide covers AWS, Cloudflare and Hetzner examples.

Which Domain Lookup Tool Should You Use?

There are hundreds of free domain lookup tools, but accuracy and freshness vary. Professional choices: ICANN Lookup (lookup.icann.org) the official WHOIS+RDAP, no ads; RDAP.org open-source, redirects directly to the registry's RDAP; WhoisXML API for programmatic bulk queries (50 free per month); DomainTools with 15+ years of historical WHOIS (paid premium); SecurityTrails WHOIS + DNS + IP history in one panel; our internal tool at /tools/whois-sorgulama for fast, ad-free checks; and dig + whois from a terminal for the most reliable single-command queries. When verifying with a small tool, test it on 3-5 different domains and compare; cache lag and stale data are common.

Frequently Asked Questions

What's the maximum registration period?

ICANN policy caps it at 10 years. Some registrars let you choose any term between 1 and 10 years. There is no such thing as 'forever' or 'lifetime' registration — you must renew.

Can I sell my domain, can I refund a purchase?

Yes — through marketplaces like Sedo, Afternic, Dan, Atom. For direct sales, use Escrow.com to keep money safe. After a sale, a registrant change is processed; ICANN's 60-day transfer lock may apply. Refunds are generally not possible — ICANN largely killed the 5-day refund window to stop 'domain tasting'. Some registrars offer a 1-2 day goodwill refund for a wrong-cart purchase, but policies vary.

How do I hide my WHOIS info and keep my domain safe?

Enable 'WHOIS Privacy', 'Domain Privacy' or 'ID Protection' from your registrar panel. Most modern registrars offer it free; some local providers add 5-15 USD/year. EU-based registrars apply privacy automatically due to GDPR. To keep the domain safe: (1) keep auto-renew on with current card details, (2) test your contact email yearly — an unused address won't receive renewal warnings, (3) combine registrar lock + 2FA + (for high-value names) registry lock.

Can I register an internationalized name, and should domain and hosting be at the same provider?

Yes — IDNs like türkçe.com or café.tr can be registered. They appear as Punycode (xn--trke-6oa.com) in browsers and may confuse users; the pragmatic move is to register both the IDN and an ASCII version with a 301 redirect. On the hosting question: keep them separate. If your hosting provider misbehaves, you'll need to point DNS to a new server; if your domain lives at a different registrar, you can do that comfortably. The common pattern is: domain at registrar A, hosting at provider B, email at provider C.

Sources

icann.org — ICANN policy and transfer rules
iana.org — TLD and registrar registry
lookup.icann.org — official WHOIS+RDAP
nic.tr — TRABIS / .tr management
RFC 3912 — WHOIS protocol
RFC 7480 — RDAP HTTP usage
ICANN Transfer Policy
UDRP - Uniform Domain-Name Dispute Resolution
WIPO Domain Name Disputes
Turkish Patent and Trademark Office
Wayback Machine — domain history
whatsmydns.net — DNS propagation check
DNSSEC Analyzer

Try our domain lookup tool for availability, WHOIS/RDAP and DNS checks

Check name availability, WHOIS/RDAP records, nameservers and DNS in a single ad-free panel via our internal WHOIS lookup tool

Readers of this article also read these

domain 27 min

Domain Transfer Guide 2026: Steps, Duration, Auth Code and Cost

Complete 2026 domain transfer guide: EPP/auth code, registrar lock, 60-day rule, ICANN policy, ccTLD specifics including .com.tr/.tr (TRABIS), transfer duration, pricing ranges and how to fix common transfer errors.

domain 28 min

How to Register a Trademark in Turkey: 2026 Application, Fees and Process Guide

How to register a trademark in Turkey: 2026 fees, application steps, Nice classification, opposition, renewal and brand name protection. A comprehensive vendor-neutral guide based on TÜRKPATENT and SMK 6769.