Registrar Products and Tools

Registry Lock

Verisign Registry Lock Service can help ensure that .com, .net, .tv, .cc and .name domain names do not get hijacked.

"Domain name hijacking," in which perpetrators fraudulently transfer domain names, can have a significant impact on individuals and organizations. To help protect against hijacking of domain names, Verisign Registry Lock Service is available for domain names in .com, .net, .tv, .cc and .name through participating domain name registrars. See a list of registrars here.

What is Verisign Registry Lock Service?

Verisign Registry Lock Service can help ensure that .com, .net, .tv, .cc and .name domain names do not get hijacked. Domain name hijacking occurs when an attacker gains unauthorized access to registration data for a domain name, thereby gaining administrative control over the domain that enables them to modify several elements of the domain, including the website to which the domain resolves.

Because Verisign is the registry operator for .com, .net, .tv, .cc and .name, only Verisign Registry Lock Service can offer this type of Registry-level protection for these domains.

Why is it important to lock a domain at the Registry level?

Registry-level locking of domains provides additional levels of authentication between the Registry (Verisign in the case of .com, .net, .tv, .cc and .name) and the registrar of the domain name. If an end customer requests a change to a Registry Locked domain, an authorized individual at the registrar must submit a request to Verisign to unlock the domain name. This requester is then contacted by Verisign via phone and required to provide an individual security phrase in order for the name to be unlocked. This “out-of-band” step protects against automation errors and system compromises.

How can I be sure my domain is locked at the Registry Level?

Our Whois lookup tool will enable you to check if your domains are locked at the Registry. Type your domain name into the Whois lookup bar. In the results, there are up to 4 “Status” fields: Delete, Renew, Transfer and Update. Delete, Transfer and Update are the critical statuses for locking your domain name. Using Update as an example, if the status for Update says “serverUpdateProhibited” then your domain name is locked at the Registry level and cannot be unlocked (and therefore changed) without “out-of-band” authentication between Verisign and your registrar. This “Server” and “Prohibited” status must appear for all three statuses (Update, Delete, Transfer) for the name to be on Registry Lock.

If the Whois results for your domain name ONLY indicates “clientUpdateProhibited” this means that your domain name has been locked by your registrar, but not at the registry. This registrar locking may still leave your domain name vulnerable to the type of malicious activity seen this week. If your Whois results show both “client” and “server” status as “Prohibited,” your domain names are locked.

Here is an example of the Whois results for a Registry-level-locked domain, with the key statuses highlighted: