TLDR: Your DNS resolver may be lying, and that first-year .co price definitely is. Here's the two-check method I now run on every domain buy.

the honest admission

A few months back I was on a call with a client walking through his domain setup.

He asked if he could transfer his GoDaddy domain somewhere cheaper. "How does that work?"

My answer: "I don't know how it works. That's a great question."

(I've been buying domains for years. I just never built any real system around it.)

That changed in June when I needed a surname domain — one home for the whole family: me@, my wife@, the kids — clean enough to hand on a business card too.

ask what it's for before stacking options

I came in narrow: "Is team[oursurname].co available, and what other TLDs?"

Apollo paused and asked what the domain was for.

That pivot changed everything. A domain you're building a professional identity on is a different call than one that's just family email. And our family team name already runs our family Google calendar — so team[oursurname].* wasn't a cold-start brand. It already existed. That matters.

Ask the end goal first. Every time.

why I stopped trusting dig for availability checks

On my home LAN, plain dig queries aimed directly at authoritative nameservers get intercepted — a middlebox (a network device that answers DNS from its own recursive cache instead of passing through) answers them instead. The tell: a real authoritative server never sets the ra flag (recursion available). Mine did.

So whois and dig on this network can be stale. Not reliable for live availability.

The fix: RDAP (Registration Data Access Protocol — the JSON-over-HTTPS successor to WHOIS) queries the TLD registry directly, bypassing your resolver entirely.

curl -sL rdap.org/domain/<name>.<tld>

HTTP 404 = available. HTTP 200 = taken.

Space requests ~3–4s apart — the service rate-limits. One zsh gotcha: don't name your loop variable status. It's reserved and the check silently breaks.

the sticker price that was lying

team[oursurname].co came back available. Spaceship showed ~$6.83 for year one.

Looks great, right?

What I almost missed: .co renews at ~$25–35/yr EVERYWHERE — not a registrar markup, that's the .co registry's own wholesale rate. Every registrar pays it. The first-year discount is real. The cliff on year two is also real.

For any .co you plan to hold, buy multiple years upfront. And check the renewal column BEFORE you let yourself get attached to the name.

Compare that to .dev — Google-run, honest flat pricing (~$10.81 first year / $12.87 renewal at Porkbun, no jump). The catch: .dev is HTTPS-forced via HSTS preload, so you need a cert. Trivial on Vercel. Worth knowing before you commit.

the reusable registrar shortlist

This is what I pull up now for every domain buy, any TLD:

  • Spaceship (Namecheap's sister company) — lowest first-year AND multi-year on .co, free WHOIS privacy, clean UI
  • Porkbun — flat, predictable renewals; one-stop if you hate surprises
  • BigRock — avoid. Lowest sticker sometimes, notorious for upsell traps and painful transfers. The saving is small; the asymmetric pain is not.
  • Cloudflare Registrar — at-cost, zero markup, but transfer-in only. Can't register a fresh domain there.

For our family specifically: [oursurname].co got the pick — short, bare surname, premium email for everyone. team[oursurname].co is the warm co-pick since the brand already exists in our family calendar.

Both the DNS resolver and the first-year price were giving me bad numbers.

The fix for both is the same: go to the source. RDAP talks directly to the registry. The renewal rate is the one that actually matters.

I check both before I let myself get attached to a name now.