7 TLDs with >90% single-provider dependency
Analysis by Ishan Karunaratne · Data from 2026-04-11
TLDs >90% Concentration
7
TLDs >70% Concentration
13
TLDs >50% Concentration
37
| TLD | Dominant Provider | Domains |
|---|
DNS provider concentration occurs when a disproportionate number of domains under a single TLD rely on one DNS hosting provider. This creates a single point of failure: if that provider experiences an outage, DDoS attack, or compromise, the majority of domains under that TLD become unreachable simultaneously. The risk is systemic — affecting not just individual domain owners but the entire namespace of a TLD.
The most notable example of DNS provider concentration risk was the 2016 Dyn DDoS attack, which took down major websites including Twitter, GitHub, Netflix, Reddit, and the New York Times. These sites all depended on Dyn as their DNS provider, and when Dyn’s infrastructure was overwhelmed by a Mirai botnet attack, all of them became unreachable simultaneously despite having no issues with their own servers.
DNSChkr measures provider concentration using the Herfindahl-Hirschman Index (HHI), a standard measure of market concentration used in economics and antitrust analysis. An HHI above 2,500 indicates a highly concentrated market, while an HHI below 1,500 indicates a competitive market with healthy diversity. DNSChkr also tracks single-provider market share percentages per TLD.
For each gTLD in the dataset, DNSChkr extracts all NS records and maps nameserver hostnames to their parent DNS provider organizations. Provider identification uses a curated database of 800+ DNS providers with their known nameserver hostname patterns. The analysis then computes each provider’s market share (percentage of domains using that provider) and the HHI for the TLD.
TLDs are flagged at three concentration thresholds: >90% single-provider share (critical — near-total dependence), >70% single-provider share (high — significant concentration), and >50% single-provider share (moderate — notable concentration). The HHI provides a more nuanced view by accounting for the distribution of all providers, not just the dominant one.
| Share |
|---|
| .lundbeck | CSC Digital Brand Services | 273 | 99.3% |
| .lamborghini | AWS Route 53 | 248 | 98.0% |
| .neustar | UltraDNS/Neustar | 683 | 97.8% |
| .realtor | Google Cloud DNS | 26,276 | 96.9% |
| .discover | CSC Digital Brand Services | 103 | 96.1% |
| .jnj | NS1/IBM | 132 | 94.7% |
| .weir | CSC Digital Brand Services | 191 | 92.7% |
| TLD | Dominant Provider | Domains | Share |
|---|---|---|---|
| .skin | Alibaba Cloud DNS | 162,464 | 82.4% |
| .irish | Cloudflare | 23,477 | 80.9% |
| .aws | AWS Route 53 | 130 | 78.5% |
| .microsoft | Azure DNS | 101 | 77.2% |
| .广东 (.xn--xhq521b) | Alibaba Cloud (HiChina) | 381 | 75.3% |
| .lifestyle | GoDaddy | 11,392 | 72.0% |
The HHI is a standard measure of market concentration calculated by summing the squares of each provider’s market share percentage. An HHI of 10,000 means perfect monopoly (one provider controls 100%), while an HHI approaching 0 means perfect competition. In the context of DNS, a high HHI indicates that a TLD’s domains are concentrated among few providers, increasing systemic risk.
When most domains under a TLD use the same DNS provider, a single outage, DDoS attack, or security compromise at that provider can render the majority of the TLD’s domains unreachable. This was demonstrated during the 2016 Dyn attack, the 2019 Cloudflare outage, and the 2021 Akamai DNS failure — each caused widespread disruption because of provider concentration.
Secondary DNS means running your DNS zone on two or more independent providers simultaneously. If your primary provider goes down, resolvers can still get authoritative answers from your secondary provider. Zone data is synchronized via AXFR/IXFR (zone transfers) or API-based replication. This is the most effective mitigation for provider concentration risk.
Large TLDs like .com and .net generally have lower concentration risk because their massive domain counts support a diverse provider ecosystem. However, even these TLDs show significant concentration — Cloudflare alone serves DNS for tens of millions of .com domains. Smaller gTLDs with niche registries are often far more concentrated.