I’m posting this in selfhosted because Gandi increasing prices actually helped me a lot with being more serious about selfhosting, made me look into things like DNS and reverse proxies and VPN and docker and also ended up saving me money by re-evaluating my service needs.
For background, Gandi.net is a large and old (25 years) domain registrar and hosting provider in the EU, who after two successive rounds of being acquired by investment funds have hiked up prices across the board for all their services.
In July 2023 when they announced the changes for November I was using their services for pretty much everything because I manage domains for friends and family. That means a wide selection of domains registered with them (both TLDs and European ccTLDs), LAMP hosting, and was taking advantage of their free email hosting for multiple domains.
For the record I don’t hold the price hike against them, it was just unsustainable for us. Their email prices (~5€/mailbox/mo) are in line with market prices and so are hosting prices. Their domain prices are however exaggerated (€25-30/yr is their lower price now). I also think they could’ve been smarter about email, they could’ve offered lower prices if you keep domains registered with them. [These prices include the VAT for my country btw. They will appear lower in USD.]
What I did:
Domains: looked into alternative registrars with decent prices, support for all the ccTLDs I needed, DNSSEC, enforced whois privacy, and representative services (some ccTLDs require a local contact). Went with INWX.com (Germany) and Netim.com (France). Saved about €70/yr. Could have saved more for .org/.net/.com domains with an American registrar but didn’t want to spread too thin.
DNS: learned to use a dedicated DNS service, especially now that I was using multiple registrars since I didn’t want to manage DNS in multiple places. Wanted something with support for DNSSEC and API. Went with deSEC.io (Germany) as main service and Bunny.net (Slovenia) as backup. deSEC is free, more on Bunny pricing below. Learned a lot about DNS in the process.
Email: having multiple low-volume mailboxes forced me to look into volume-based providers who charge for storage and emails sent/received not mailboxes. I’ve found Migadu (Swiss with servers in France at OVH), MXRoute (self-hosted in Texas) and PurelyMail (don’t know). Fair warning, they’re all 1-2 man operations. But their prices are amazing because you pay a flat fee per year and can have any number of domains and mailboxes instead of monthly fees for one mailbox at one domain. Saved €130/yr. Learned a lot about MX records and SPF/DKIM/DMARC.
Hosting: had a revelation that none of the webpages I was hosting actually needed live dynamic services (like PHP and MySQL). Those that were using a CMS like WordPress or PHP photo galleries could be self-hosted in docker containers because only one person was using each, and the static output hosted on a CDN. Enter Bunny.net, who also offer CDN and static storage services. For Europe and North America it costs 1 cent per GB with a $1 minimum/mo, so basically $12/yr since all websites are low traffic personal websites. Saved another €130/yr. Learned a lot about Docker, reverse proxies and self-hosting in general.
Keep in mind that I already had a decent PC for self-hosting, but at €330 saved per year I could’ve afforded buying a decent machine and some storage either way.
I think separating registrars, DNS, email and hosting was a good decision because it allows a lot of flexibility should any of them have any issues, price hikes etc.
It does complicate things if I should kick the bucket – compared to having everything in one place – which is something I’ll have to consider. I’ve put together written details for now.
Any comments or questions are welcome. If there are others that have gone through similar migrations I’d be curious what you chose.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System SSL Secure Sockets Layer, for transparent encryption TLS Transport Layer Security, supersedes SSL VPS Virtual Private Server (opposed to shared hosting)
[Thread #551 for this sub, first seen 27th Feb 2024, 22:55] [FAQ] [Full list] [Contact] [Source code]
I also moved away my domains and the ones of the hackerspace I manage, mainly to:
- infomaniak (Switzerland): a bit too pushy with extra services, but not bad
- openprovider (NL): more geared towards bulk users, have to prepay (min 20€), but okay so far
- aruba: meh, but free mailboxes are nice
I also use Migadu, they have been great so far!
desec.io for DNS, also great and supported by Traefik for DNS-01 ACME challenge.
This bunny.net CDN that’s $1 for 100GB intrigues me. How does it work? I can’t understand from the description. From the docs it looks like some S3-like service, instead in another page “publishing hugo on bunnycdn” it’s an FTP to sync via rclone
Their CDN has two tiers, a super-cheap one (0.005/GB) with only 10 nodes and a more expensive one (0.01/GB) with 100+ nodes. The CDN and the storage services are distinct. The storage service is priced per quantity of data stored and replication zones, the CDN is priced at data served and geo-redundancy. You use FTP to manage the storage, not an API. A CDN can pull from a storage, or from a live website. Each CDN gets a b-cdn.net subdomain and you can either CNAME your own [sub]domain(s) to it or link it strictly for your static assets.
You load money in your account (minimum of $10 per load) and at the end of every month they take how much you’ve consumed (minimum of $1 per month).
In my case I only have a few hundred MB in total so I generate the websites locally and upload the static snapshots to their storage and serve from there with the main website domain CNAME’d to the CDN domain. But they have tutorials for acting as a static cache for WordPress for example or other CMS.
The CDN’s have lots of useful settings like redirect/block rules, you can assign a free SSL cert, can do CORS headers, hotlink protection, custom error pages, control the cache timeouts, concurrent requests, apply all kinds of limits, you can white/blacklist countries, control regional routing and so on and so forth.
I’ve started a similar process to yours and am moving domains as they come up for renewal, with a slightly different technical approach:
- I’m using AWS Route 53 as my registrar. They aren’t the cheapest, but still work out at about half the price of Gandi and one of my key requirements was to be able to use Terraform to configure DS records for DNSSEC and NS records in the parent zone
- I run an authoritative nameserver on an OCI free tier VM using PowerDNS, and replicate the zones to https://ns-global.zone/ for redundancy. I’m investigating setting up another authoritative server on a different cloud provider in case OCI yank the free tier or something
- I use https://migadu.com/ for email
I have one .nz domain which I’ll need to find a different registrar for, cos for some reason route53 doesn’t support .nz domains, but otherwise the move is going pretty smoothly. Kinda sad where Gandi has gone - I opened a support ticket to ask how they can justify being twice the price of their competitors and got a non-answer
I went through the same and ended with netim.com for domains, deSEC.io for DNS and soverin.net for email.
I too am planning to leave; while the pricing is going up, that’s not really my issue. Support is not exactly helpful these days, and their business services stink - not really, because if they actually did, at least we could find them. There’s no added value for lots of money, no innovation, their cli tooling is dead, etc.
Well thanks for the heads up, as a fellow lazy Gandi user I now know where to switch my domains to.
US based, here. I moved my domains and basic DNS over to Porkbun.
I was already self hosting email and web for myself, and wanted to exit those “lines of business,” as it were. Tied of managing the risks of maintaining a mail stop and keeping up with the Googles and O365s of the world to keep my reputation up in the spam rankings for what amounts to a couple of vanity and spamdrop mail addresses.
I mostly host what DNS i need at the registrar, using their API to update my more dynamic records as needed. I may look into diversifying assets into some DNS secondaries later this year, and make the registrar a hidden master or host the hidden master on a VPS somewhere.
For email l decided to set up a lifetime plan with MXroute. At the time, it was US$99 for a no-bullshit lifetime subscription, 10GB for unlimited domains and mailboxes. My personal use is 200MB or so, so its a steal at twice the price. Plus, now I don’t need to deal with upgrades, TLS or any of the other nonsense aside from keeping my DMARC and DKIM records valid.
I’m still self-hosting my websites on a free-to-me VPS, but am planning to migrate that all out to a real VPS soon. The US providers seem spendy to me, but I haven’t quite gotten comfortable with the idea of offshoring my web presence. At least I can ignore GDPR when hosting it In the US. (No offense, Euro-buds!)
Unless its for personal use or it needs to be on-prem, I try not to self-host at home. Better, IMO, to make the operational problems someone else’s and make sure I have good backups.