Skip to main content
The domain panel is where you manage everything we hold at the registry on your behalf. There’s one panel per domain, reachable from the Members Area by opening Domains and clicking the domain name. The panel covers registry-level state only: contacts, nameservers, lock states, transfer codes, DNSSEC, glue records. DNS records themselves don’t live here. Records are managed where the DNS is hosted: in cPanel’s Zone Editor for in-house DNS, in Free NS for standalone DNS, or at the third-party provider for external DNS. The labels and order of sections in the panel can change as we iterate the design; what stays the same is what each control actually does, and that’s what this page covers.

At a glance

The header of the panel summarises the registration:
  • Domain name and TLD.
  • Status. Active, Expired, In grace, In redemption, or Pending transfer. The status drives which controls are enabled below; a domain in redemption hides the renewal button and shows a “recover” option instead.
  • Registration date and expiry date. The expiry is the date the registry needs payment by, not the day the domain stops resolving.
  • Auto-renew badge. Tells you at a glance whether the domain will renew on its own.
  • Nameservers currently set at the registry.
A quick-action row repeats the most-used controls so you don’t have to scroll: Renew, Get auth code, Toggle transfer lock.

Contact details

This section holds the registrant, admin, tech, and billing records the registry stores for the domain. The exact fields each role exposes depends on the TLD; some ccTLDs use only a registrant record. The Registrant card is the legal owner. Editing the registrant’s name, organisation, or email triggers ICANN’s Transfer Policy on gTLDs, which sends a confirmation email to both the old and new addresses and applies a 60-day transfer lock once both approve. Phone, postal address, and fax are not “material” for this purpose; you can edit them without the policy flow firing. The Admin, Tech, and Billing cards each let you point at a separate contact or copy from the registrant. Most users keep them all the same as the registrant. A “Use as default” button on each card lets you save the address and reuse it for future registrations. Defaults live on the account, not the domain. For the data model, validation rules, and what each registry publishes, see Contact details. For the email flows that fire on changes, see Verification emails.

Nameservers

The nameserver section sets the NS records the registry serves for the domain. It’s a list of two to four hostnames; the registry takes them verbatim and returns them to anyone querying the TLD’s authoritative nameservers. Three options, each with its own NS-management page:
  1. In-house DNS uses your hosting plan’s cPanel nameservers. Records are managed in the Zone Editor.
  2. Free NS uses Noxity standalone DNS, no hosting plan required. Records are managed in the dedicated DNS panel.
  3. External DNS points the domain at a third-party provider (Cloudflare is our recommendation). Records are managed wherever the provider’s UI lives.
Saving the section pushes the NS change to the registry. Propagation through the public DNS depends on the TLD and on caching downstream; typically the new nameservers are queryable within minutes, but old DNS responses can stick in resolvers for the length of the previous TTL.
Some registries (notably DENIC for .de) check that the nameservers respond authoritatively for the domain before accepting the change. If they don’t, the panel surfaces the registry error and the change doesn’t apply.

Auth (EPP) code

A short string the registry uses to authorise transfers between registrars. The control is two buttons:
  • Generate auth code. Issues a fresh code from the registry. The code shows once on the page and is also emailed to the registrant address. Generating a new code invalidates any previous one.
  • Reveal active code. Some TLDs let you read the current code without generating a new one. Where the registry blocks this (most do), the only way to see the code is to regenerate it.
For .uk and .co.uk, the panel shows an “IPS tag” field instead. Nominet uses tags rather than codes; we set the tag to whatever the gaining registrar specifies, then the domain moves on the registry’s next sync. For the full transfer flow, see Transfer out.

Transfer lock

A single toggle, on or off. When on, the registry refuses any inbound transfer attempt from another registrar regardless of whether the auth code is correct. New registrations and successful inbound transfers default to on for safety; ICANN’s 60-day post-registration lock layers on top of this and isn’t overridable. When off, the domain can be transferred away as soon as a gaining registrar submits a valid auth code. We turn it off on request when you’re starting an outbound transfer. The toggle pushes to the registry on save and the new state is live within seconds.

WHOIS privacy

Where the TLD allows it, this toggle replaces the public WHOIS contact data with a generic Noxity-managed record so personal details don’t show up in WHOIS lookups. ICANN’s GDPR consensus policy has redacted most natural-person data on gTLDs since 2018, but the toggle still has effect:
  • On gTLDs, it switches the public registrant email to a forwarder that proxies through domain-privacy@noxity.io. Mail addressed to the proxy gets relayed to the registrant.
  • On ccTLDs that publish data, the toggle has no effect. .de, .eu, and .it all publish minimum required data by registry policy and no proxy can override that.
The privacy toggle is free on every TLD where it’s available.

Auto-renew

A toggle that controls whether the registration auto-charges before expiry. The mechanics are covered in full on the renewals page; briefly:
  • On: we attempt the charge 14 days before expiry, retry every 2 days through grace, stop in redemption.
  • Off (default): no charges, but the standard reminder emails still go out.
The toggle is independent per domain. Bulk-toggle from the Domains list page.

DNSSEC

DNSSEC adds cryptographic signatures to your DNS records so resolvers can verify they haven’t been tampered with. This section is where you publish the DS records (Delegation Signer) at the registry. If you’re using a Noxity-managed nameserver setup that signs the zone (in-house cPanel DNS, Free NS), the DS records appear here automatically. There’s nothing to configure on the panel side; the chain of trust is set up the moment the zone is signed. If you’re using external DNS, your DNS provider gives you the DS data (key tag, algorithm, digest type, digest hex). Add a row in this section per key. Most providers want you to wait until the keys are visible at the registry before turning on DNSSEC validation in their dashboard, otherwise resolvers can briefly fail validation while the chain catches up. Removing all DS records here disables DNSSEC for the domain.

Glue records

Glue records are A / AAAA records for the nameservers themselves, served at the parent zone (the TLD) so that resolvers can find a nameserver whose hostname is inside the same domain it serves. You only need them when running your own nameservers under your domain, e.g. ns1.example.com answering for example.com. This section lets you add a glue record per IP. The registry stores them and serves them in the additional section of the TLD’s DNS response. For most domains, glue records aren’t relevant: Noxity-managed DNS uses our own nameserver hostnames, and external providers handle glue under their own zone. The section is collapsed by default and only matters for advanced setups.

Activity log

Bottom of the panel. A timestamped list of every change applied to the domain: contact edits, nameserver changes, auth-code generations, lock toggles, renewals. Useful when you’re troubleshooting an unexpected state or proving to a third party (registry support, audit) what changed and when. The log holds 12 months on the panel; for older history, open a ticket and we can pull it from the registrar logs.

Common questions

The registry republishes WHOIS on its own schedule, typically within an hour of the change. Some registries cache for longer (.de, .it can take a few hours). Wait, then check again. If a change isn’t reflected after 24 hours, open a ticket.
The TLD’s authoritative servers picked it up within minutes. What’s slow is the recursive resolvers your visitors use, and they cache responses for the length of the previous record’s TTL. If the previous nameservers had a 24-hour TTL, expect that long for the change to be visible everywhere. There’s no override; resolvers respect the TTL they were given.
Not in this panel. DNS records live with the DNS host: cPanel’s Zone Editor for in-house DNS, the Free NS panel for standalone, or the third-party UI for external DNS. The domain panel only sets which nameservers the registry points the domain at.
Either the domain is inside the 60-day post-registration / post-transfer lock, or a previous registrant change is still pending dual approval. Both states are registry-side and resolve when the lock expires or when both addresses click approve.
Generating a new auth code invalidates the previous one at the registry. If the panel shows a code that doesn’t match what you wrote down, someone (or something) has regenerated since.
Almost always: DS records at the registry don’t match the keys the DNS provider is signing with. Either remove the DS records here (which disables validation, the safe undo) or roll the DNS provider’s keys to match what’s published at the registry.

Need a hand?

Open a ticket

Best for anything that needs an account check or a config change on our end.

Live chat

Faster for quick questions during business hours.