.self: A new top-level domain designed to support self-hosting
110 points
2 hours ago
| 27 comments
| hccf.onmy.cloud
| HN
vessenes
21 minutes ago
[-]
Hi there. I've done a bit of work on specifying human-centric identity goals for the internet over the last 10 years. May I suggest you look at Microsoft Vega? https://www.microsoft.com/en-us/research/blog/vega-zero-know... (I have no affiliation).

In brief, I think they aim to solve the most important needs for online identity-gated services in a maximally private way.

For instance, I'd like to see .self offer the following: a single domain to any person in the world with identity blinded. I can imagine two 'tranches': say xxx.v.self for 'verified' and xxx.u.self for 'unverified'.

Both would use a Zero Knowledge proof to confirm they had not already registered a domain; verified would register with you guys or a data broker some PII in case it was needed for verification / checks / etc, while unverified would maintain the promise of one domain = one person, but not allow the TLD or registrars to be able to unblind which person it is.

Use cases like this would be really fantastic. And, obviously could be tested out and tried on a normal domain name while you make your pitch, and put in for the auction / however ICANN is currently managing TLD launches.

reply
HumanCCF
15 minutes ago
[-]
Please submit this to us via our contact form, we will need lots of community input! https://hccf.onmy.cloud/get-involved/
reply
goldenarm
1 hour ago
[-]
Remember when the .tk TLD became free 20 years ago ? Every hobbyist took one, then scammers followed, then Facebook and antiviruses started blocking it.

I remember publishing a website for a class on my .tk domain, the teacher couldn't open it and I almost got a failing grade because of it.

reply
AFF87
17 minutes ago
[-]
What a memory you have unlocked. They were everywhere. I remember the urban legend that .tk domains were X% of their GDP
reply
paxcoder
28 minutes ago
[-]
>One Person, One Subdomain
reply
greyface-
53 minutes ago
[-]
https://hccf.onmy.cloud/wp-content/uploads/2026/06/dot-self....

> Everyone entitled to a subdomain at no cost

How are you going to pay for the (substantial) cost of running a TLD without registration fee revenue? Is this a loss leader for other services? Are you operating on a 100% donation model?

> No parking, squatting, or reselling

How do you plan to tell the difference between a parked/squatted domain and one in legitimate use but offering no public-facing services?

reply
HumanCCF
38 minutes ago
[-]
> How are you going to pay for the (substantial) cost of running a TLD without registration fee revenue? Is this a loss leader for other services? Are you operating on a 100% donation model?

We plan on operating the domain as a public good and are actively seeking sponsors to help fund us. Think of it as a similar model to ISRG and LetsEncrypt.

> No parking, squatting, or reselling

Our rule of one person per subdomain will hopefully prevent this at scale, though it will admittedly be more difficult to examine any particular domain so closely. We may have to implement some type of heartbeat where the owner of said domain has to respond within a certain amount of time.

reply
SahAssar
19 minutes ago
[-]
> Think of it as a similar model to ISRG and LetsEncrypt.

In that case it was started by an institution (mozilla) with a lot of heft in the area (mozilla's CA program is one of the most broadly used) and was backed by other orgs (google) that had a vested interest in it's success. I'd be interested to hear which potential sponsors you see in a similar situation here?

> rule of one person per subdomain

What is the plan to (without costly overhead or cost to the end user) validate who is an actual person? Even large corporations with loads of resources have problems with this without resorting to treating it as if a person equals a credit card number.

reply
al_borland
25 minutes ago
[-]
How is one person per subdomain enforceable? How is a person uniquely identified and tracked?
reply
dom96
22 minutes ago
[-]
My guess is by using ID verification similar to how I do it on https://onlyhumanhub.com/
reply
pavel_lishin
51 minutes ago
[-]
It's not clear whether they're actually talking about domains or subdomains there, which is a worrying sign from a potential registrar.
reply
favorited
20 minutes ago
[-]
Any domain that isn't one of the Top Level Domains is also a subdomain.
reply
bananamogul
1 hour ago
[-]
Hold up...why isn't .self listed here:

https://www.iana.org/domains/root/db

Is this just an idea at this point, or some kind of "you have to use our DNS to resolve .self domains" scheme - ?

reply
HumanCCF
1 hour ago
[-]
This is an idea at this point, the next round of gTLD applications is currently open and we are in the process of applying and we are trying to garner support!
reply
OsrsNeedsf2P
1 hour ago
[-]
TIL https://newgtldprogram.icann.org/en/application-rounds/round...
reply
NewJazz
15 minutes ago
[-]
Oh god not this shit again.

Inb4 they give away .docx

reply
plopz
1 hour ago
[-]
Could do something like .brave and just sidestep ICANN?
reply
jazzyjackson
1 hour ago
[-]
With your hosts file or running a DNS on localist you can do whatever you want
reply
skyyler
1 hour ago
[-]
there's a project for getting retro computers connected to an "internet" with 90s/00s services available, and they use .retro on that. it's pretty cute.
reply
paul7986
1 hour ago
[-]
So this is my iCloud on the web for AI agents to pay me for access to my content (Cloudflare allows the bots in upon paying) :-)

Cloudflare offers this now (their Pay to Crawl service) but its not geared towards every human getting paid for their content. As of today Facebook and other social media platforms profit from our content....not us!

reply
TZubiri
56 minutes ago
[-]
Domain names are not centralized, there is no central entity that controls an approved list of kosher domains.
reply
mkl
1 hour ago
[-]
Site errored out and gave me three different error messages as I reloaded. I guess it's self-hosted on something underpowered, and dynamic where static would do the job?
reply
HumanCCF
1 hour ago
[-]
Indeed, this response is way more than we expected. Trying to set up a web cache now.
reply
9dev
1 hour ago
[-]
Shotgun on your.self! That’s going to yield a ton of great second level sub domains :)
reply
HumanCCF
52 minutes ago
[-]
We are probably going to reserve some of the more obvious ones for specific purposes, e.g. my.self automatically pointing to a homepage on your local network. As we go through the gTLD evaluation process we will be keen to solicit feedback from the community on more specifics!
reply
Hugsbox
33 minutes ago
[-]
go.fuck.your.self would be a pretty good one
reply
tbossanova
1 hour ago
[-]
treat.your.self
reply
laszlokorte
41 minutes ago
[-]

  write.it.your.self
  think.4.your.self
  written.by.my.self
all CNAME -> claude.ai
reply
catfish-1234
1 hour ago
[-]
hug.your.self
reply
stanfordkid
53 minutes ago
[-]
I don't fully understand how this works... who regulates and defines what is "self-hosted" or "ethical technology"... I feel you can't really solve the distributed consensus and governance problem by just introducing a new domain suffix.
reply
hananova
22 minutes ago
[-]
It simply cannot be both free and free choice of domain.

If it haves both, it will be squatted to uselessness, and blocked everywhere because of phishing scams everywhere.

You can either make the domains cost money, which seems counter to the entire point, or disallow choosing the domain, instead handing out free what3words style names.

reply
HumanCCF
3 minutes ago
[-]
We have considered this, all of these things will be examined during the evaluation process of the application with ICANN before any approval to operate the TLD is granted. We could also police our domain and revoke users who use it for abuse but that may be too costly. But you are right that fundamentally we must protect the reputation of the TLD at all costs and that will require imposing certain limits on its use.
reply
applfanboysbgon
14 minutes ago
[-]
You should read their proposal. Specifically, the first "core feature": one person, one domain. If you want to squat on a domain, go for it -- it's yours, and that's the only domain you're getting.

I suppose this will be done by ID verification, which is a complete and total non-starter for me, but they do have a vision of some kind.

reply
functionmouse
1 hour ago
[-]
.me is cooler, but...

That all the cool 2-letter TLDs are designated as country codes was an extraordinary mistake that will have unpredictable and devastating consequences long into the future.

reply
HumanCCF
1 hour ago
[-]
Our goal is for .self to be more than just another TLD string, we want to specifically empower the self-hosting use case with local clients that integrate directly with the TLD and operate shared services like mail servers as a public good. We want to dramatically simplify the effort it takes to set up a domain for homelabs and offer free services that are directly tied to the domain like email.
reply
quotemstr
1 hour ago
[-]
And you needed a gTLD for this task why?
reply
HumanCCF
1 hour ago
[-]
We don't necessarily, however there are many benefits for doing so. We could simply purchase a domain and then build our initiative beneath it but then everything we do would be beneath that domain, meaning there would be two dots in what is our effective TLD. That would also mean we are a bit beholden to whichever TLD we are beneath and also whichever registrar we purchased our domain from. With the services we hope to offer around things like TLS certs and emails, it just makes more sense for use to own the whole thing from the root.
reply
quotemstr
39 minutes ago
[-]
<something>.duckdns.org. works fine, and being "beholden" to ICANN is no worse than being a client of one of the big traditional gTLDs. If you want "one person, one name", well, .name is there for that.

It's a commons-pollution problem. Are we going to have to start thinking of every word with a dot in the middle as a potential name? IMHO, a new gTLD is justifiable only when there's some concrete differentiator attached to it, e.g. .local indicating mDNS, or .it indicating "Italy"

What value is there in "horse.horse" being something you can resolve with DNS? What value does <something>.self give me, as a reader, that <something>.name or <something>.me or any of the other zillion variations on the same idea doesn't?

If anything, it creates confusion! "Oh, I met Bob McBobFace. Is he mcbobface.me? mcbobface.name? mcbobface.local?".

I have no objection to providing people with free subdomains under whatever assignment scheme you guys are using, but wouldn't <something>.net have worked too, and been a lot cheaper?

I guess I just don't get the value to the public of increasing the set of dotted word suffixes that indicate that a word is a a cognizable DNS object.

reply
HumanCCF
26 minutes ago
[-]
> It's a commons-pollution problem. Are we going to have to start thinking of every word with a dot in the middle as a potential name? IMHO, a new gTLD is justifiable only when there's some concrete differentiator attached to it, e.g. .local indicating mDNS, or .it indicating "Italy"

So the new gTLD round is open right now, we're getting more TLDs whether we like it or not. Our goal is to make one that has features built-in which cater to the self-hosting use case. So that is our key differentiator, that every endpoint leveraging our TLD should be someone's small-scale homelab setup.

> I have no objection to providing people with free subdomains under whatever assignment scheme you guys are using, but wouldn't <something>.net have worked too, and been a lot cheaper?

Technically yes it could work, but given the suite of features we'd like to build into our TLD, it would make things more difficult if we didn't own it. We would be dependent on external parties for our root domain, the root of trust for TLS certificates, all users' subdomains would have an extra dot etc.

reply
9dev
1 hour ago
[-]
The only mistake was not opening the root namespace altogether. It’s just a money grab.
reply
microgpt
1 hour ago
[-]
The only mistake was not putting all US domains under .us, now the US has an an exorbitant privilege to print and enforce rules on new TLDs.
reply
kmoser
49 minutes ago
[-]
What do you mean by "US domains?" Domains registered by US citizens? Hosted in the US (in which case does that include territories)? Regardless of the definition, I don't see an easy way to do this, nor a reason to, since domains can change hands (and hosts) across countries.
reply
NewJazz
13 minutes ago
[-]
.edu and .gov are us-specific, not sure if that is what they are referring to.
reply
dgellow
1 hour ago
[-]
I mean, that wasn’t done by mistake
reply
philipallstar
1 hour ago
[-]
Sometimes hindsight is 1/20.
reply
AlienRobot
20 minutes ago
[-]
I think letting anyone make any TLD is a bigger mistake.

.zip .pdf .mp3

I'd like to thank Caribbean island of Anguilla for having a ccTLD that helps identify which websites aren't worth your time in one quick look.

reply
croes
1 hour ago
[-]
How about .mine?
reply
LorenDB
1 hour ago
[-]
Looks like we've hugged it to death.
reply
HumanCCF
1 hour ago
[-]
Indeed that appears to be so O_O. Our site is of course self-hosted, this is quite the response. Will have to troubleshoot what the bottleneck is!
reply
red_hare
1 hour ago
[-]
Apt for self-hosting
reply
gorgmah
1 hour ago
[-]
yes and it's not even on the front page yet lol
reply
LorenDB
1 hour ago
[-]
It's #10 on front page for me.
reply
iamnothere
1 hour ago
[-]
Better charge an arm and a leg for it, or people will complain that it’s too cheap and argue for blocking it everywhere.
reply
PaulDavisThe1st
19 minutes ago
[-]
Seems that my.self is already taken. Moving right along, then ...
reply
foresto
1 hour ago
[-]
What is the expected price range for registration and renewal under this TLD?

Will there be any assurance that renewal prices will remain fairly stable, rather than being significantly raised after customers grow attached to their domains (a practice that seems to be common with new gTLDs)?

reply
pavel_lishin
52 minutes ago
[-]
> One Person, One Subdomain

> - Everyone entitled to a subdomain at no cost

One subdomain, or one subdomain? Would I be entitled to something like "pavel.hosts.self"?

reply
Hugsbox
19 minutes ago
[-]
Seems like an idea that would be abused badly, quickly
reply
robertlagrant
1 hour ago
[-]
Will Self[0] is going to love this.

[0] https://en.wikipedia.org/wiki/Will_Self

reply
cherryteastain
1 hour ago
[-]
In practice sadly many of these more obscure TLDs seem to be more expensive than more 'normal' ones like .org
reply
jdiff
1 hour ago
[-]
Some of them, the more corporate or tech-focused ones like .ai or .inc or .tech or .llc. Very many of them are comparable within a dollar of .org.
reply
gpt5
1 hour ago
[-]
Feels like putting a flag on yourself that you are an easier target (security vulnerabilities, ddos, etc.)
reply
greenavocado
13 minutes ago
[-]
I use netbird.io for my home lab and all my connected devices are reachable to each other without manual firewall hackery
reply
arjie
1 hour ago
[-]
Just use cloudflare with static hosting for things like this. Doesn’t load for me.
reply
HumanCCF
51 minutes ago
[-]
We did not expect this level of response, it should be reachable now.
reply
sikozu
1 hour ago
[-]
Wanted to find out more but it looks to be down. Unfortunate.
reply
mattrighetti
38 minutes ago
[-]
my.self is going to be sold for millions
reply
quotemstr
1 hour ago
[-]
ICANN and its consequences have been a disaster for the internet namespace.
reply
type0
29 minutes ago
[-]
I CANN, YOU CANN, Yes We CANN!
reply
jklinger410
1 hour ago
[-]
This is just a fact. It's a ponzi scheme.
reply
microgpt
1 hour ago
[-]
I am disappointed that icannt.org is taken and is not an alternative root.

Edit: I've been rate limited because of this comment, apparently. Account burned - will make a new one. Dang says below it's because of flagged comments but I don't see many flagged comments in my history.

reply
dang
52 minutes ago
[-]
Of course we wouldn't rate limit you, or anyone else, for an innocuous comment.

We rate limited you because of flamewar comments you posted in another thread, like this one: https://news.ycombinator.com/item?id=48723651. You posted over 50 times in that thread, and many of your comments there broke the site guidelines. That's abusive. If we didn't rate limit accounts for doing that, we might as well have no guidelines or restrictions at all.

reply
TZubiri
54 minutes ago
[-]
>One domain per person

How will you ensure this?

reply
comrade1234
1 hour ago
[-]
Good luck getting your outgoing emails accepted by Gmail and outlook.
reply
HumanCCF
47 minutes ago
[-]
We plan to operate a shared mail server than can be used by users of the domain and we will work to ensure it is trusted by imposing usage limits. We will assume that every endpoint in our domain is someone's personal homelab, meaning small-scale use. For large mailing campaigns and newsletters there are plenty of services to choose from that enable those but for just sending personal emails, it should work.
reply
dorianmariecom
1 hour ago
[-]
it.self
reply
hosel
1 hour ago
[-]
gofuckyour.self
reply
yamillove
1 hour ago
[-]
lovethy.self
reply
teach
28 minutes ago
[-]
tothineown.self/be/true
reply
axus
1 hour ago
[-]
I've started using .internal
reply
whartung
1 hour ago
[-]
As I understand it, if you want to use domains internally for your home ("home") network, there's some DNS support for "home.arpa"[0].

0 - https://www.rfc-editor.org/rfc/rfc8375.html

reply
mkl
1 hour ago
[-]
That's no use for self-hosting unless all your users are on your private network.
reply
warpech
1 hour ago
[-]
Tailnet and Magic DNS make it easy to bring other people or devices to your network, including simple authentication mechanisms to know who is who
reply
Diti
54 minutes ago
[-]
A VPN is literally a… (Very) Private Network.
reply