Skip to content

Big Tech nameservers

Noted by on his .
Last updated . Changelog.

Many people are worried about Amazon Web Services and especially Cloudflare centralizing the Web. I generally share their concerns, with one exception.

Hot take: it’s fine to use a “Big Tech” provider as a name server, provided you can handle the 24-hour delay involved in a migration. Of all things, using a name server doesn’t have nearly the same the drawbacks as other types of centralization. It’s super easy to migrate, and DNSSEC keep name servers honest. There are more important things to worry about.

I’ll switch to Cloudflare just for DNS, because it’s one of the only providers that supports DNSSEC and the new HTTPS records. The latter will be useful once a web server finally gains Encrypted Client Hello support; I’m watching Nginx, OpenLiteSpeed, H2O, redbean, and Caddy.

Update: I switched my name servers from Cloudflare to deSEC.


This site supports Webmentions, a backlink-based alternative to traditional comment forms.

Publish a response on your own website and share the link here to send me a webmention! Include a link to this page's canonical location for it to be accepted.

Webmentions received for this post appear in the following list after I approve them. I sometimes send Webmentions to myself on behalf of linking sites that don't support them. I replace broken links with Wayback Machine snapshots, if they exist.

Toggle Webmentions

Yeah I selfhost out of my house, but Cloudflare the crud out of it so it isn't actually hitting my connection. I can always switch to an alternate CDN though, way easier than switching cloud providers.


Have you considered ? They have DNSSEC and HTTPS records on top of being more ethical. Sure, they don't have as many servers as Cloudflare, but it's global enough.

Feel free to contact me directly with feedback; here’s my contact info