ENS Domains: Common Questions Answered – A Technical Reference for Professionals

What Is an ENS Domain and How Does It Work at the Protocol Level?

The Ethereum Name Service (ENS) is a decentralized naming system built on the Ethereum blockchain. It maps human-readable names like alice.eth to machine-readable identifiers such as Ethereum addresses, content hashes, and metadata. At its core, ENS relies on a set of smart contracts that manage domain registration, ownership, and resolution. The system comprises two primary contracts: the ENS registry, which stores domain ownership and resolver pointers, and the resolver, which translates names to addresses.

Domain ownership is governed by the registrar contract, currently the ETH registrar for .eth domains. Registration follows a Vickrey auction mechanism replaced by a permanent registrar model in 2021. Under the current model, users register domains for a fixed period (typically one year) and must renew before expiration. The registration process involves committing a hash of the domain name and a secret, revealing it after a delay (currently 60 seconds for .eth), and finalizing the transaction. This two-step process prevents front-running attacks where malicious actors could observe your desired domain and register it first.

ENS resolution is not limited to Ethereum addresses. The protocol supports arbitrary records, including Bitcoin addresses, IPFS content hashes, email addresses, and text records. Resolvers translate the name to the requested record type via smart contract functions like addr() and text(). This flexibility makes ENS a universal naming layer for Web3 applications, wallets, and decentralized websites.

How Much Does It Cost to Register and Maintain an ENS Domain?

The cost of an ENS domain consists of two components: the registration fee and the transaction gas fee. The registration fee is based on domain length and duration:

• 3-character domains (e.g., abc.eth): Approximately 640 USD equivalent in ETH per year (based on current premium pricing).
• 4-character domains (e.g., abcd.eth): Approximately 160 USD equivalent per year.
• 5+ character domains (e.g., example.eth): Approximately 5 USD equivalent per year.

These fees are dynamic and collected in ETH. The exact amount is determined by ENS’s pricing oracle, which adjusts based on ETH/USD exchange rates. Renewals cost the same as initial registration for the same duration. Domains can be registered for up to 100 years, locking in the current rate.

Gas fees are the second cost component. Registering a domain requires two on-chain transactions (commit and reveal), each costing variable gas depending on network congestion. During peak times, gas costs can exceed the registration fee itself. To manage this, engineers and power users should track gas prices before initiating transactions. A practical tool for estimating these costs is the ENS gas cost estimator, which provides real-time projections based on current network conditions, helping you decide whether to proceed immediately or wait for lower fees.

Renewals require a single transaction and generate similar gas costs. ENS automatically sends renewal reminders 90, 30, and 7 days before expiration via email if configured. After expiration, a grace period of 90 days allows renewal at standard rates. After the grace period, the domain enters a 21-day premium period where anyone can register it at an elevated price.

Can I Create and Manage Subdomains Under My ENS Domain?

Yes. ENS supports subdomains, also called subnames, under any registered domain. For example, if you own example.eth, you can create pay.example.eth, vault.example.eth, or team.example.eth. Subdomains are separate NFTs with their own owner, resolver, and records. They inherit the parent domain’s foundational security but can be independently managed.

Creating a subdomain involves:

1. Setting a resolver for the subdomain (usually the same public resolver as the parent).
2. Setting records (addresses, text, content hash) on the resolver.
3. Optionally transferring ownership of the subdomain to another address.

Subdomains are useful for organizational structures, dApp user handles, or multi-sig wallet aliases. From a security perspective, the parent domain owner retains the ability to delete or reclaim the subdomain under certain resolver implementations. However, if the subdomain owner is set to a different address and the resolver allows independent management, the parent cannot modify records without overriding the resolver. This tradeoff should be considered when designing access control for subdomain systems.

Gas costs for creating a subdomain are lower than registering a top-level domain because no premium fee applies. Each subdomain creation costs roughly 50,000–100,000 gas depending on records set. Bulk creation is possible via smart contract wrappers for enterprise use cases.

How Secure Are ENS Domains? What Are the Key Risks and Mitigations?

ENS security relies on Ethereum’s consensus layer and the integrity of the registrar contract. The core risks include:

• Private key compromise: The most common attack vector. If your wallet’s private key is exposed, an attacker can transfer ownership of your ENS domain, change records, or fail to renew it. Mitigation: Use hardware wallets and multisig wallets for high-value domains.
• Phishing and social engineering: Attackers may impersonate ENS support or create fake renewal websites. Always verify URLs and never share seed phrases. The ENS team operates an ENS bug bounty program to identify vulnerabilities before they are exploited, rewarding researchers for responsible disclosure.
• Resolver compromise: If you use a custom resolver, a bug could allow unauthorized record changes. Stick to the public resolver audited by OpenZeppelin unless you have specific requirements.
• Front-running during registration: While mitigated by the commit-reveal scheme, sophisticated bots can still attempt to grief registrations. Using a unique secret and monitoring mempool transactions reduces this risk.
• Expiration and domain sniping: Failing to renew before the grace period ends allows anyone to register your domain during the premium period. Set up automatic renewals or calendar reminders well in advance.

For high-value domains (e.g., single-letter or brand names), consider locking the domain in a smart contract that prevents transfer except under multisig approval. The ENS app itself does not support this natively, but custom contracts can achieve it.

What Happens When an ENS Domain Expires? Can I Reclaim It?

The expiration lifecycle has four phases:

1. Active period: Domain is fully owned and functional.
2. Grace period (90 days): Domain still resolves to your records, but cannot be transferred or renewed by anyone but you. Renewal is possible at standard rates.
3. Premium period (21 days): Domain becomes available for anyone to register, but at an elevated price. The price starts at 100,000 USD equivalent and decays linearly to the standard registration fee over 21 days.
4. Free registration: After the premium period, anyone can register the domain at standard rates.

If your domain enters the premium period, you can still reclaim it by paying the premium price, but this is economically prohibitive compared to renewing during the grace period. There is no mechanism to recover a domain once it is registered by a new owner. Therefore, proactive renewal management is critical. Most wallets and the ENS manager app support automatic renewal via allowance setting—authorizing the ENS registrar to deduct renewal fees from your wallet without manual transactions.

In summary, ENS domains offer a robust naming standard for Web3, but require careful attention to costs, security, and renewal logistics. By leveraging tools like the gas cost estimator and staying informed through bug bounty programs, technical professionals can manage ENS domains efficiently and securely.