Disclaimer: This post isn’t really about vibe-coding or AI-assisted coding; it’s about the domain name system, WHOIS, and how modern TLD operators have quietly recreated the same domain-squatting problem we spent decades trying to get rid of.

While vibe-coding a small tool to hunt for interesting domain names, I stumbled into something I didn’t expect, and, honestly, something a bit worrying.

A bit of history

Initially, the Internet had only a handful of top-level domains. The familiar .com, .net, and .org, a few restricted ones like .gov, .mil, and .edu. And, of course, the well-known two-letter country codes that follow a strict naming convention and process. (Did you know .io and .me are actually country TLDs?)

Everything was tightly regulated and intentionally slow to change. Then, domain speculation took off. If a .com costs $10/year, a squatter could buy a promising name and list it for $3,000 for a total profit of 3000 dollars minus 10 dollars for every year it stays reserved without purchase. Many did exactly that. Squatters also dynamically adjusted their pricing to new businesses. If a new business named “corp” showed up in a business registry, squatters would shortly jack up prices by as much as they wanted. Companies that arrived late to the Internet had to pay whatever the squatter demanded.

It was unfortunate, but at least the squatting happened after registration.

New gTLDs

In the early 2000s, ICANN approved additional generic TLDs. By 2012, ICANN introduced a comprehensive application process, allowing organisations to run their own TLDs. That’s how we got .info, .aero, .guru, .ninja, and all the other TLDs.

Organisations could apply to be the administrators of an entire TLD, after paying a hefty non-refundable application fee, and justifying their interest and how they plan on running the TLD. This would further decentralise the Internet.

In theory, this should have solved domain scarcity by giving us thousands of fresh naming possibilities. In practice, something else happened.

Finding unregistered domain names

There are many highly memorable domain names that are simply English words. For example: apple.com, orange.fr, book.com, nest.com, time.com. I was on a mission to find catchy single-word domains with these new gTLDs.

I could, of course, have written a script by hand, but since I had heard a lot about vibe-coding, and many people who were once sceptics recommended I tried Claude and see for myself what it could do.

So I did. I vibe-coded a domain-search tool that lets me find simple, unregistered domains.

What follows is a disheartening story of how every last corner of the Internet is built first and foremost with profitability in mind, and how the gTLD programme didn’t alleviate domain availability concerns and might have made it even worse.

My tool (and why I wrote it)

My hostname search tool works on two principles:

1. If a domain name has any records → domain is registered.
2. If a domain name has no records → check WHOIS. This is because it is entirely possible to register a domain and not publish any records on it. Additionally, some TLDs don’t return NXDOMAIN for reserved names, so WHOIS is the ultimate authority.

Simple enough. Except it didn’t work. I kept getting thousands of false positives: domains that appeared unregistered but absolutely weren’t, because when I went to check each of them manually in registrars like GoDaddy or Hetzner, they either showed up as “unavailable” or available for price tags in the thousands of dollars, much higher than the usual TLD rates.

What I discovered

After digging for hours, I realised the issue wasn’t my code. It was the TLD operators.

Many of the newer TLDs have pre-reserved vast dictionaries of common English words. Not registered in the usual sense, but flagged internally as “premium” names. WHOIS often returns ambiguous or non-standard results for these, so they look vacant to naïve tools.

These domains aren’t available for $10–30/year like normal registrations. They’re held back and listed for hundreds or thousands of euros.

In other words: TLD operators are now squatting domain names before anyone else even gets a chance.

Entire TLDs launching with a pre-defined dictionary of high-value names, reserved specifically so the operator can profit from them and hopefully recoup the cost of registering and maintaining a new TLD with ICANN, which can cost hundreds of thousands of dollars, if not millions.

Anything you can imagine and exists in the dictionary, I can guarantee you will be listed as a “Premium” domain. The TLD does not matter. .ninja, .app, .engineering, .house, .zone, .network, they all do the same. They all reserve common dictionary words to sell at ridiculous prices.

Conclusion

After digging into this, I’m convinced that the way we handle TLDs and domain allocation needs far more scrutiny than it gets. The promise of the gTLD expansion was more choice, more availability, and less artificial scarcity. What we got instead was a system that reproduces the same incentives as the old one, just closer to the root of the hierarchy.

I don’t necessarily blame the registries. When ICANN charges hundreds of thousands of dollars to operate a new TLD, the economic incentives steer towards aggressive rent extraction. If you design a system that rewards scarcity, you will get scarcity: whether from squatters or from the registries themselves.

But this still leaves newcomers at a disadvantage. Not just hobbyist sysadmins or people running homelabs, like myself, but even early-stage startups that need a memorable, trustworthy name long before they have the budget to pay four or five figures for a single word. The modern domain landscape quietly penalises exactly the people the gTLD programme was supposed to empower.

At the very least, we need a clear and reliable mechanism to indicate which domains are available at standard rates, without conflating them with premium reservations or opaque registry holdbacks. Today, only large registrars have anything close to full visibility, and WHOIS is no longer reliable for this purpose. My little vibe-coded tool didn’t fail because of a bug: it failed because the ecosystem itself is opaque by design.