Global DNS State, part 2 - DNS Centralisation

DNS outages keep reminding everyone how fragile the modern internet is. A single AWS us-east-1 incident or a Cloudflare misconfiguration now breaks huge chunks of the web at once – including us. We wanted to quantify how bad this centralisation really is, using our own global DNS dataset and, specifically, NS records.

Quick refresher: NS records and what they expose

Every root domain has NS (nameserver) DNS records pointing to the authoritative DNS servers for that specific DNS zone.

• NS → Who is in charge of answering DNS for this domain?

If your NS record is for example phoenix.ns.cloudflare.com, that tells us Cloudflare actually hosts your zone. This is what we used to study centralisation because if your DNS provider has an outage, it has a direct effect on you.

Methodology (no magic, just a lot of DNS data)

We kept it simple and reproducible:

• Started from our global DNS dataset, we queried only root domains (no subdomains)
• For each domain, extracted its NS records and normalised them to a provider (for example *.domaincontrol.com → GoDaddy, *.ns.cloudflare.com → Cloudflare).
• Grouped by provider and counted unique domains per provider.
• Filter only providers hosting more than 1,000,000 unique domains.

Using this methodology, we tested in total 320,000,000 unique root domains with NS records; 214,205,036 (67%) of them sit with providers managing more than 1 million domains (37 providers total), which is what we chart below.

Note: Parking and marketplace platforms (Afternic, Dan.com, Sedo, etc.) are included – they still represent real DNS infrastructure and single points of failure.

Results: a third of active domains on just two providers

First, here are the raw counts for the top providers (Chart 1). The list includes only providers hosting more than 1 million domains.

• GoDaddy: 65,517,208 domains (~20.5%)
• Cloudflare: 40,976,839 domains (~12.8%)
• Google (Cloud / Domains): 9,707,346 domains (~3.0%)
• Namecheap (dns-parking.com): 9,049,140 domains (~2.8%)
• Wix: 8,140,139 domains (~2.5%)

A few simple roll-ups:

• GoDaddy + Cloudflare: 106,494,047 domains → 33.3% of all the domains
• Top 3 providers: 116,201,393 domains → 36.3%.
• Top 5 providers: 133,390,672 domains → 41.7%.
• Top 10 providers: 163,207,847 domains → 51.0%.

Or, put differently: two providers control over a third of a global DNS, and the top ten are responsible for just over half. The remainder lives with hundreds of smaller providers which are not charted here. Chart 2 shows this concentration more visually.

Why this matters when things break

Centralisation is not just an architectural taste issue. It directly impacts majority of internet users when when something goes wrong for the big players.

• An AWS us-east-1 incident can take down a scary number of critical services at once.
• A Cloudflare control-plane or configuration bug can instantly break a big fraction of global web traffic.

With this level of concentration, DNS providers effectively become systemic infrastructure. Their outages are no longer “some websites are down”; they are internet events.

What to do about it

You probably will not move half of the world’s domains away from the top players. But at the individual organisation level, you can at least:

• Know which DNS providers your assets actually use (including forgotten domains, parked zones, and weird marketplaces).
• Avoid stacking everything on a single vendor when it really matters (DNS + CDN + WAF + hosting all in one basket).
• Monitor your external attack surface so you notice when someone silently points new domains to a provider you do not expect or a provider outage hits assets you did not know existed.

That is exactly why we collect this kind of DNS telemetry and build Recon Wave on top of it. If you want to see where your domains really live (even the ones you already forgot you have) – and what happens when your favourite DNS provider has a bad day – explore Recon Wave Platform or reach out to us.

Be safe and ride the Recon Wave with us!