Having access to manage your domain names is critical for maintaining your online presence, communications and proof of identity. Avoid common pitfalls.
Recently I had the “pleasure” of assisting a client in gaining access to manage their own domain name from a less than helpful former service provider.
I wish I could say this was an unusual case, but in 15 years of consulting, it’s hardly the first. Many small businesses reach a point where they
decide to have their website professionally done. The first step in putting up a website is purchasing a domain name and most businesses have the website
designer purchase one for them.
There are a few things to consider as you purchase a domain name:
1. This is part of your branding and will be where potential customers find information about your services. It can also be used for business email accounts
to further unify your web presence and make your name memorable.
2. Since you want to be able to easily direct people to your website and allow them to easily reach you by email, (sometimes email still is the best
way to communicate complex information!) you will want to keep it short, simple and memorable. If some version of your company name doesn’t work, consider
incorporating your mission or tagline.
3. There are other extensions besides .com, .net and .org available. If a domain name isn’t available under one of the common extensions, look for
one that works for you.
Domain names are licensed as legal agreements through a registrar authorized by ICANN (Internet Corporation for Assigned Names and Numbers). When a new registration is initiated, the registrar checks to see if the desired name is available
against the current list of active registrations with ICANN. This prevents more than one entity claiming ownership of any registration. ICANN is the authoritative
source and ownership is not easily transferred unless all pieces are carefully put into place and maintained, but more on that later.
So, someone registers a domain for your organization, a name and extension combination satisfactory to you is available and approved by ICANN—it’s
yours! Now, how does that work with getting people to your website or email to your inbox and why does that matter? Each domain name must have DNS (Domain
Name Server) entries to translate www.YourDomain.extension to the IP (stands for Internet Protocol and means an assigned number sequence) address of the
server hosting your website and/or mailboxes. These entries are created in a zone file at the registrar’s website by someone with access to do so—typically
the person that created the registration. The registrar reports these entries to higher-level DNS servers which, in turn, report to other DNS servers until
that information is replicated around the globe. DNS servers used to be referred to as the phonebooks of the internet, but that analogy is getting outdated.
They are directories: someone types www.DomainName.extension in a browser and their computer sends that request out to its nearest DNS server, typically
a server on the network or out to the internet service provider’s DNS server which receives information from a number of other DNS servers to know where
the browser needs to connect to send and receive information. The query for that website goes through a number of “hops” to other servers before reaching
its destination and loading a page in the window. If the DNS entry in your zone file is not pointing to the correct IP address, your website is essentially
unreachable to most people. The same goes for email. Besides entries for website and email servers, there are a number of other DNS record types that can
be in any given zone file. As you grow your web presence to market your business or have to prove domain ownership to obtain services, you will need to
create new entries which require access to that piece of the management.
Because a registration is a legal agreement, access to manage it in any way is strictly controlled. If the person who registered it for you is responsive,
professional and ethical, you will not meet with resistance to gaining some control over the registration. Having control over the registration does not
mean you must understand DNS and make the entries yourself. As a matter of fact, unless you know what you are doing, messing with those aspects of the
management is not recommended. However, holding the ultimate keys to the kingdom is essential to:
1. Maintain security of access to the registration
2. Control who has access to it and in what aspects
3. Have the final authority for any changes to the registration
Why is it important to be sure your registration is secure? That might be answered by asking yourself how bad would it be if someone were to send requests
for your website or emails somewhere else. Protect your access to your domain with a very strong password and multi-factor authentication if available.
Instead of using a primary communication email address which is the same as the domain, set your account to use an alternate address such as a Gmail or
Outlook.com account. Set up notifications for logins and changes to the account so you are aware of activity. If it is expected activity, fine; if not,
you then have a way to be aware of problems quickly. If for any reason you cannot access the domain, the registrar will use this alternate address to verify
your authorization to access the account. Frequently other security measures are used as well: PINs, secret questions, etc. Just make sure these extra
measures are not easily guessed and that you keep them on file rather than relying on memory. We all have the best intentions of remembering that super-secret
information only to be foiled down the road—especially so, because we always use unique credentials for every account we have. Right? In the case
of questions, most answers tend to be case-sensitive just like passwords. I have seen domain owners locked out of their own domains when a registration
expired and the only email address they had on the account used that same domain. When a domain expires, the website is not reachable and emails to addresses
on that domain do not get delivered. If a registration is not renewed in sufficient time, domain squatters are able to purchase it requiring you to pay
high prices to get it back. Finally, if you and the person who purchased the domain for you part ways, you maintain the ability to manage or delegate management
to someone else.
In the case of this most recent issue, the purchaser had become very slow to respond if they responded at all to client requests. The business owner, having
been in business several years, already had a substantial web presence under the first domain name. When they wanted a website revamp and were not getting
satisfaction from the first provider, they moved to a new one. Attempts were made to recover management of the original domain, but failed. A new website
was launched on a new domain name, but because both existed, prospective customers got conflicting information depending on which site they accessed. (The
original domain had not expired, it was just not accessible to the business owner, or anyone they delegated, to make changes.) Because the first domain
had such a strong presence already, it would show up first in searches. Additionally, the new domain name was not preferred by the business owner. This
owner was frustrated by the fact that a substantial online presence had already been established, now was outside of their control and that they were now
starting at the beginning to build a presence again. Building an online presence is a combination of many things, and it is labor intensive to build crosslinks
with sites and search providers. Then there’s all that stationery to reprint, business listings to correct, contacts to update and so on.
Having more than one person able to access the domain to make changes is highly recommended and each registrar handles such access differently. Typically,
each domain has a registrant, administrative contact and technical contact. The registrant has the highest authority and is able to access and control
all aspects of the registration. The administrative contacts typically have access to purchasing services and maybe adding other access accounts. Technical
contacts typically have the ability to make DNS changes, sometimes more.
In companies with multiple employees, it is advised that two or more senior persons have access to all key account credentials in the event of one of the
information holders leaving the company under any circumstances that are less than perfect. Again, over the years I have encountered situations where account
access was maintained by one person and when that person was no longer with the company, recovering access to those accounts was an arduous process involving
lots of calls, certified and notarized letters, proofs of identity and ownership and even legal counsel. Secured network storage can make a good central
repository for such information. Locked file cabinets and safes are last century’s solutions and still work well for physical items. Just be sure that
if things need to survive fire and flood, that the medium is built to protect the specific contents in those events. Most “fire safes” are not sufficient
protection for digital media which will melt to a degree in the event of a building fire or corrode from moisture exposure. These also need to be regularly
inspected to be sure they continue to protect as expected.
In the end, we were able to reclaim access to the original domain, but it was a long process. Through DNS management, traffic to the new domain name is
simply redirected back to the original one and the original points to the new website. This means all traffic, whether the old or new domain is typed,
gets to the same website and same email server. Searches which bring up the old domain name now lead viewers to the new website which was the goal all
along. The business owner controls access to the domain and has granted access to others as needed. When they change service providers, they can revoke
access from one and reassign to another.
Because your domain name is so integral to your branding and marketing, it is important that you have means to manage it or grant someone else access to
do so if needed. Would you let just anyone have sole access to you bank accounts or any other key business asset? Why should your domain name be different?