DNS Provider Concentration
7 TLDs with >90% single-provider dependency
Analysis by Ishan Karunaratne · Data from 2026-05-25
TLDs >90% Concentration
7
TLDs >70% Concentration
11
TLDs >50% Concentration
38
>90% Single Provider
70–90% Single Provider
| TLD | Dominant Provider | Domains | Share |
|---|---|---|---|
| .skin | Alibaba Cloud DNS | 165,307 | 81.0% |
| .广东 (.xn--xhq521b) | Alibaba Cloud (HiChina) | 389 | 76.9% |
| .microsoft | Azure DNS | 104 | 76.0% |
| .aws | AWS Route 53 | 130 | 75.4% |
What Is DNS Provider Concentration Risk?
DNS provider concentration occurs when a disproportionate number of domains under a single TLD rely on one DNS hosting provider. This creates a single point of failure: if that provider experiences an outage, DDoS attack, or compromise, the majority of domains under that TLD become unreachable simultaneously. The risk is systemic — affecting not just individual domain owners but the entire namespace of a TLD.
The most notable example of DNS provider concentration risk was the 2016 Dyn DDoS attack, which took down major websites including Twitter, GitHub, Netflix, Reddit, and the New York Times. These sites all depended on Dyn as their DNS provider, and when Dyn’s infrastructure was overwhelmed by a Mirai botnet attack, all of them became unreachable simultaneously despite having no issues with their own servers.
DNS Checker measures provider concentration using the Herfindahl-Hirschman Index (HHI), a standard measure of market concentration used in economics and antitrust analysis. An HHI above 2,500 indicates a highly concentrated market, while an HHI below 1,500 indicates a competitive market with healthy diversity. DNS Checker also tracks single-provider market share percentages per TLD.
How DNS Checker Measures Provider Concentration
For each gTLD in the dataset, DNS Checker extracts all NS records and maps nameserver hostnames to their parent DNS provider organizations. Provider identification uses a curated database of 800+ DNS providers with their known nameserver hostname patterns. The analysis then computes each provider’s market share (percentage of domains using that provider) and the HHI for the TLD.
TLDs are flagged at three concentration thresholds: >90% single-provider share (critical — near-total dependence), >70% single-provider share (high — significant concentration), and >50% single-provider share (moderate — notable concentration). The HHI provides a more nuanced view by accounting for the distribution of all providers, not just the dominant one.
How to Reduce DNS Provider Concentration Risk
- Use secondary DNS with a different provider. Most DNS providers support zone transfer (AXFR/IXFR) or API-based synchronization to keep a secondary provider in sync with your primary.
- Consider providers that operate on different infrastructure (different cloud providers, different geographic regions) to maximize resilience against regional outages or provider-specific attacks.
- For registry operators: encourage provider diversity in your TLD by publishing best-practice guides and potentially offering incentives for domains using multi-provider DNS configurations.
- Monitor your DNS provider’s status page and subscribe to incident notifications. Have a documented failover procedure to switch to your secondary DNS provider if the primary goes down.
- Evaluate providers based on their infrastructure diversity, DDoS mitigation capabilities, and historical uptime. Providers with anycast networks across multiple data centers offer better resilience.
Frequently Asked Questions
What is the Herfindahl-Hirschman Index (HHI)?
The HHI is a standard measure of market concentration calculated by summing the squares of each provider’s market share percentage. An HHI of 10,000 means perfect monopoly (one provider controls 100%), while an HHI approaching 0 means perfect competition. In the context of DNS, a high HHI indicates that a TLD’s domains are concentrated among few providers, increasing systemic risk.
Why is DNS provider concentration dangerous?
When most domains under a TLD use the same DNS provider, a single outage, DDoS attack, or security compromise at that provider can render the majority of the TLD’s domains unreachable. This was demonstrated during the 2016 Dyn attack, the 2019 Cloudflare outage, and the 2021 Akamai DNS failure — each caused widespread disruption because of provider concentration.
What is secondary DNS and how does it help?
Secondary DNS means running your DNS zone on two or more independent providers simultaneously. If your primary provider goes down, resolvers can still get authoritative answers from your secondary provider. Zone data is synchronized via AXFR/IXFR (zone transfers) or API-based replication. This is the most effective mitigation for provider concentration risk.
Is provider concentration an issue for .com and .net?
Large TLDs like .com and .net generally have lower concentration risk because their massive domain counts support a diverse provider ecosystem. However, even these TLDs show significant concentration — Cloudflare alone serves DNS for tens of millions of .com domains. Smaller gTLDs with niche registries are often far more concentrated.