Talking to a lot of different people at CodeMash earlier this year made me realize how much of the knowledge that we have gained over the years managing domains at DNSimple would benefit customers and non-customers alike. Therefore, we've come up with some simple tips and good practices to make sure that you have a healthy domain management system.
Domain management is pretty straightforward with just one domain name, but what happens when you have many domains, or domains with subdomains (unique names that will identify a specific location on your website) that are essential to the well-being of your company. Are you really thinking about the importance of your domain names? Based on the customer support requests we receive, as well as our own experiences managing our domains, it is not always as simple as it sounds.
This post contains advice that every domain owner should consider, from individuals to big enterprises. Most of these suggestions come from direct conversations either at events or from common issues we've seen while providing customer care.
Ensure you own your domains
All domains have an owner while they are registered. The rightful owner of the domain is its registrant. The registrant is the only entity that has the authorization to perform certain actions on a domain, such as the transfer of the domain between registrars (companies that provide registration services for domain holders).
Make sure your name (either your company name if you register the domain on behalf of a business, or personal name if it is for you, an individual) is listed as registrant for the domain. If you register the domain on behalf of a company, make sure the registrant contains the company name.
You may be surprised how many times we receive requests from entities that claim to be the owner of the domain, but the domain is instead showing a different registrant such as the web agency that developed their web site, or the friend that helped with the registration.
The registrant is generally visible in the WHOIS records for the domain, which is another reason to keep them accurate and up to date. Any domain registrar should allow its customers to update the contacts associated with a domain. At DNSimple, we use whatever contact details you select as the domain registrant for all of the contacts on the domain.
If your name is not attached as registrant for the domain, whoever is listed as registrant may effectively revoke your access at any time. Moreover, in case there are any issues with the registration, you may risk losing access to your domain permanently.
Keep track of where you registered a domain
Regardless of whether you are registering domains for your business or yourself, you should keep a list of the registered domains with important information about each domain. It doesn't really matter which tool you use: a spreadsheet, a text file in a shared folder, or git. The most important rule is to keep track of your domains. Not having this can and has created a lot of panic when a domain needs to be updated or changed quickly and those on hand do not have this information.
For each domain add at least the name of the registrar where you registered the domain and a link to the control panel. This will allow to keep track of where the domain is registered when it's time to renew it or make other important changes like the nameservers. You can expand the list with more information, such as the account email or username (useful to make sure it's immediately updated when needed).
If you don't have that list, create it today. Collect all the domains you have knowledge of and ask your co-workers to try to compile an accurate list. Determine where the domains are registered: you can search your inbox or use tools like www.whois.net or our WHOIS interface to determine where the domain is registered.
To reduce the maintenance effort you should consider consolidating your domains in a single registrar whenever possible.
Keep track of who you are resolving a domain with
As for domain registration, you should also keep track of where the domain is resolving. Every once in a while we receive requests from customers complaining because the domain is not resolving properly; they expect the domain to resolve with us but for some reason it's pointing somewhere else.
To help you determining where your domain is located you can use zone.vision. Enter your domain name and look the name servers section to find which name servers you are delegating to. The name of the DNS hosting provider is usually in the domain name.
Again, consolidating your DNS hosting will reduce maintenance greatly.
Consolidate your domain portfolio
The increasing number of TLDs available for registration can lead to the fragmentation of the domain registration. It's not uncommon to use several domain registrars to register different variant or extensions of the same name.
Consolidating your domain portfolio in one provider, or a small list of providers, is a recommended approach.
The most common limitation to a single provider is the TLD registration support. Some registrars may support certain TLDs and not others due to various reasons, including residency requirements, or other legal requirements. This is also true with DNSimple; we don't currently support all the existing TLDs.
Domain registration and DNS hosting can be handled separately, or with the same company. For example, in DNSimple you can add any domain and manage it via our infrastructure: configure the DNS records, request SSL certificates, etc. Of course the domain renewal will have to happen at the specific domain registrar, but at least you will have a list of all the domains in a single place. You will also have a single place to manage all the DNS records and other domain services.
If your DNS provider also supports registration then you can use it for most of the extensions and fall back to a second provider only for the registration of those domains that the primary one doesn't support. Once registered, point the name servers from the second provider to the primary provider to delegate the DNS management to a single service.
Enable auto-renewal of your domains
Do you know for sure when each of your domain names will expire and how to renew them? These days it's very hard to guarantee that your registrar will notify you of an expiring domain; email notifications may go to our SPAM folder, delivered to the wrong team, or pass unnoticed.
Enabling domain auto-renewal ensures that your domain is renewed before it expires and greatly reduces the risk of losing a domain. Whenever you can, enable auto-renewal, as it will give you peace of mind and can avoid many of the challenges with manual domain renewal.
Recovering an expired domain is usually complicated, expensive, and takes anywhere from a few days to months. In some cases it's impossible to recover a domain if it is past its expiration date, and you may lose your domain forever.
Enable two-factor authentication
Always enable two-factor authentication on your account. This feature adds an extra level of security that reduces the risk of unauthorized access to your account.
If someone other than you gets access to your account, in the simplest scenario they may be able to disable your domains. In the worst case, they may delete your domains or steal them. Keep your account secured!
One of the common objections around access to domains is shared management. You should never share the same credentials among different people, instead using the account multi-user feature, and then ensure anyone with access also enables two-factor authentication.
Share the account management with other users
This is another golden rule to follow to avoid losing access to your domain management: always share the account with a second user/email, ideally with at least 2 extra people.
We've seen several cases where the account was associated with an employee that left a company and suddenly they lost access to their domains. In some cases you can still recover the account if you have access to the email, unless two-factor authentication is enabled (and it really should be!).
To avoid this issue you should add multiple users to an account. When someone leaves the organization, simply remove them from the list of members.
There is a golden rule! Have at least 3 points of entry.
Don't use a single email address with a custom domain
Every once in a while we receive requests from customers that used an email from a custom domain as the primary (and unique) point of contact. For example, they have the domain example.com registered and the email address on the account where it is registered is email@example.com. The domain, generally in the same account, is having issues and the user can't access the account nor receive notifications.
There are several possible alternatives here:
- If you use a custom domain (we do at DNSimple), then you really need to make sure the domain is locked for changes, emails monitored, and you immediately verify the domain if any contact changes. You also need to ensure that the account is in good standing.
- Ideally, you should always have multiple users attached to a domain (as explained above) and have at least one of them use an email that belongs to a domain separated from the ones you own.
- With DNSimple you can also add a specific account email that will receive the notifications. This is separate from the user email. Instead of a single mailbox you may want to use a group to deliver the notifications to multiple recipients.
While we do many things to make domain management easy for you, there are a few simple steps you can take to ensure your important domains are protected:
- Ensure you own your domains. Make sure your registrant details are correct.
- Consolidate your domains to make managing them easier. Don't think that you are stuck with a domain registrar. You can always transfer a domain name from one provider to another.
- Enable auto-renewal whenever possible, and use strong security features like two-factor auth.
- Make sure to provide account access to at least two people, using our multi-user feature, and always use at least one email address that will continue working even if your domain is down. You may also want to consider using a separate billing address to ensure that invoices are received and paid.
Whether you manage one domain or a whole suite of domains, it is important to keep your domains healthy and under your control.