Registrar Products and Tools

Registry Lock

Verisign Registry Lock Service can help ensure that .com, .net, .tv, .cc and .name domain names do not get hijacked.

"Domain name hijacking," in which perpetrators fraudulently transfer domain names, can have a significant impact on individuals and organisations. To help protect against hijacking of domain names, Verisign Registry Lock Service is available for domain names in .com, .net, .tv, .cc and .name through participating domain name registrars. See a list of registrars here.

What is Verisign Registry Lock Service?

Verisign Registry Lock Service can help ensure that .com, .net, .tv, .cc and .name domain names do not get hijacked. Domain name hijacking occurs when an attacker gains unauthorised access to registration data for a domain name, thereby gaining administrative control over the domain that enables them to modify several elements of the domain, including the website to which the domain resolves.

Since Verisign is the registry operator for .com, .net, .tv, .cc and .name, only Verisign Registry Lock Service can offer this type of Registry-level protection for these domains.

Why is it important to lock a domain at the Registry level?

Registry-level locking of domains provides additional levels of authentication between the Registry (Verisign in the case of .com, .net, .tv, .cc and .name) and the registrar of the domain name. If an end customer requests a change to a Registry Locked domain, an authorised individual at the registrar must submit a request to Verisign to unlock the domain name. This requester is then contacted by Verisign via phone and required to provide an individual security phrase in order for the name to be unlocked. This “out-of-band” step protects against automation errors and system compromises.

How can I make sure my domain is locked at the Registry Level?

Our Whois lookup tool will enable you to check if your domains are locked at the Registry. Type your domain name into the Whois lookup bar. In the results, there are up to 4 “Status” fields: Delete, Renew, Transfer and Update. Delete, Transfer and Update are the critical statuses for locking your domain name. Using Update as an example, if the status for Update says “serverUpdateProhibited” then your domain name is locked at the Registry level and cannot be unlocked (and therefore changed) without “out-of-band” authentication between Verisign and your registrar. This “Server” and “Prohibited” status must appear for all three statuses (Update, Delete, Transfer) for the name to be on Registry Lock.

If the Whois results for your domain name ONLY indicates “clientUpdateProhibited” this means that your domain name has been locked by your registrar, but not at the registry. This registrar locking may still leave your domain name vulnerable to the type of malicious activity seen this week. If your Whois results show both “client” and “server” status as “Prohibited,” your domain names are locked.

Here is an example of the Whois results for a Registry-level-locked domain, with the key statuses highlighted:

How Can I Get Verisign Registry Lock Service From My Domain?

Verisign Registry Lock Service is available only for .com, .net, .tv, .cc and .name domain names offered through participating domain name registrars. Verisign works with the participant registrar to lock and/or unlock your domain name at the registry level.