My website is on And so is my email. I want good security for my domain registration, because hacking domains allows you to intercept email, and intercepting email allows resetting passwords on other services.

A minimum bar for "good security" in 2020 is two-factor-authentication support, or 2FA. However, it seems relatively few .nz domain registrars offer this. This post summarizes my research into which registrars do.

Finding Registrars

Domain registration in NZ is handled by the Domain Name Comission (DNC). DNC lists all the authorised NZ registrars. Other websites can sell .nz domains, but are resellers.

DNC's wholesale price is 15NZD/year, so you won't see prices lower than that.

Whois Privacy

I'd like whois privacy. It's been available for NZ domains since 2018.

  • The Individual Registrant Privacy Option (IRPO) is for individual registrants that are not using the domain name for significant trade.

All NZ registrars are required to provide this, but most international registrars go through resellers and don't support whois privacy. So I want an official NZ registrar that the DNC deals with directly.


I went through the registrars listed, and a few big international ones. I'm looking for ones that fill me with confidence - 2FA and preferably big enough to invest in a security team. I've (a bit harshly) ruled out a lot of sites that don't inspire confidence, through being small, having bad web design. These businesses are probably fine, but I'm explicitly prioritising security and confidence.

NameAuthorised nz Registrar?.nz Domains?2FA? Price/YearPricing URL2FA URLComment
1stDomainsYesYesNo25.50 NZD've filed a feature request, they don't have itI used to use 1stdomains for their low prices.Just ridiculous that they don't have 2FA in 2020. UI hasn't updated in ~10 years, which doesn't inspire confidence that they have an empowered dev/security team.
GandiYesYesYes34.73 AUD (~22 USD) international player. More confident in their security. More expensive
MetanameYesYesYes25 NZD + GST(?) is quite bad. Registering with their UI is a pain. I ran into bugs in uploading zones, had to email them, they manually fixed my data but AFAICT didn't fix the underlying issue. Not confidence inspiring
GoDaddyNoYesYes34.95 AUD OK security, but they're a reseller, so probably don't support whois privacy.
Google DomainsNoYesYes28 AUD great security, but they're a reseller, so don't support whois privacy. Google Domains now actually allows you to buy with a billing address in Australia (you used to have to fake it to the USA): But not New Zealand billing addresses. Wild.
namecheap.comNoNoYesDoesn't support .nz't support .nz
AWSNoYesYes24 USD = 36 AUD great security, but they're a reseller, so probably won't support whois privacy.
Hover.comNoYesYes24.99 USD of podcasts talking about Hover! But they go through resellers for .nz domains
iwantmyname.comYesYesYes24.90 AUD support page is broken. Everything redirects to Reddit says they're NZ based and have 2FA: 2FA is by authy.
name.comYesYesYes35.99 USD expensive
register.comYesYesNo75.00 USD!Had to put it in cart, couldn't find a pricing pageCan't find any 2FA info.Wildly expensive
instra.comYesYesNoUnknownNeed to sign up to see pricingCan't find any 2FA info.No pricing transparency, no thanks
publicdomainregistry.comYesYesNo$10 (must be USD)Wholesale onlyCan't find any 2FA info. Moot anywayThey're a wholesaler only, don't offer retail domains.
Free Parking NZYesYesYes47.95 NZD pricey. But good to see them supporting Google Authenticator NZD't find any 2FA info just redirect to 1stdomains:'t find any 2FA infoThey just redirect to 1stdomains NZD't find any 2FA info. NZD't find any 2FA info. NZD't find any 2FA info.Their header logo 404s. Doesn't inspire confidence. I emailed them on their contact email and got "Your message wasn't delivered to because the domain couldn't be found. Check for typos or unnecessary spaces and try again."'t find any 2FA infoTheir site doesn't load't find a pricing pageCan't find any 2FA info't find any 2FA infoFocussed on schools
websitebuilder.nzYesYesNoCan't find any 2FA info NZD search is broken, had to hack the URL on the Australian site to get it to show me the 2FA stuff. Doesn't inspire confidence. NZD't find any 2FA info NZD + GST't find any 2FA info
webconnect.nzYesYesNo32 NZD't find any 2FA infoRegional provider for Hawke's Bay
iserve.nzYesYesNo20 NZD + GST't find any 2FA infoOwned by VOCUS. Site looks lo-fi.
netvalue.nzYesYesNo50 NZD't find any 2FA infoHamilton. Open source consultants. Doing domains on the side NZD't find any 2FA infowow this is a really old website design only't find any 2FA infowholesale only only't find any 2FA infowholesale only

Edit, June 2020: I missed, who have two-factor-auth, and sell worldwide (so might have the economy of scale to have a good security team) and are based out of Hawkes Bay!


I think I'll go with Gandi. They're a huge international operator with a long history and a big enough dev team to support an API, they probably also

Runner-up prize would go to Metaname. They were the first in NZ to do 2FA (as early as 2013!), and I tried their site, but it was very lo-fi, hard to use, and I found a few bugs, particularly with importing zones, and when I emailed them about this, I got good support (in that they reached into my domain and fixed the problem) but they didn't fix the underlying bug that caused me to get into a bad state in the first place. I don't want to have to contact them every time I get into a bad state. Sorry Metaname!

A lot of people recommend as a NZ-based operator that's clued up, but their support pages are currently all broken, all redirecting to the same blog post from 2014, and that doesn't inspire confidence. has reasonable prices, but their site search is broken, which doesn't inspire confidence. And they're part of an international outfit ( looks exactly the same) which increases the chance that they'll be big enough to support a security team. is probably fine but is quite expensive.

It's a real shame, but I think operators that only serve the NZ market are unlikely to have enough economy of scale to support a security team. There would be ways around this — contracting with some of the excellent security companies in NZ might be an alternative?

Prior Art


Discuss this post on: