Having access to manage your domain names is critical for maintaining your online presence, communications and proof of identity. Avoid common pitfalls.
Recently I had the “pleasure” of assisting a client in gaining access to manage their own domain name from a less than helpful former service provider. I wish I could say this was an unusual case, but in 20 years of consulting, it’s hardly the first. Many small businesses reach a point where they decide to have their website professionally done. The first step in putting up a website is purchasing a domain name and most businesses have the website designer purchase one for them.
There are a few things to consider as you purchase a domain name:
Domain names are licensed as legal agreements through a registrar authorized by ICANN (Internet Corporation for Assigned Names and Numbers). When a new registration is initiated, the registrar checks to see if the desired name is available against the current list of active registrations with ICANN. This prevents more than one entity claiming ownership of any registration. ICANN is the authoritative source and ownership is not easily transferred unless all pieces are carefully put into place and maintained, but more on that later.
So, someone registers a domain for your organization, a name and extension combination satisfactory to you is available and approved by ICANN—it’s yours! Now, how does that work with getting people to your website or email to your inbox and why does that matter? Each domain name must have DNS (Domain Name Server) entries to translate www.YourDomain.extension to the IP (stands for Internet Protocol and means an assigned number sequence) address of the server hosting your website and/or mailboxes. These entries are created in a zone file at the registrar’s website by someone with access to do so—typically the person that created the registration. The registrar reports these entries to higher-level DNS servers which, in turn, report to other DNS servers until that information is replicated around the globe. DNS servers used to be referred to as the phonebooks of the internet, but that analogy is getting outdated. They are directories: someone types www.DomainName.extension in a browser and their computer sends that request out to its nearest DNS server, typically a server on the network or out to the internet service provider’s DNS server which receives information from a number of other DNS servers to know where the browser needs to connect to send and receive information. The query for that website goes through a number of “hops” to other servers before reaching its destination and loading a page in the window. If the DNS entry in your zone file is not pointing to the correct IP address, your website is essentially unreachable to most people. The same goes for email. Besides entries for website and email servers, there are a number of other DNS record types that can be in any given zone file. As you grow your web presence to market your business or have to prove domain ownership to obtain services, you will need to create new entries which require access to that piece of the management.
Because a registration is a legal agreement, access to manage it in any way is strictly controlled. If the person who registered it for you is responsive, professional and ethical, you will not meet with resistance to gaining some control over the registration. Having control over the registration does not mean you must understand DNS and make the entries yourself. As a matter of fact, unless you know what you are doing, messing with those aspects of the management is not recommended. However, holding the ultimate keys to the kingdom is essential to:
Why is it important to be sure your registration is secure? That might be answered by asking yourself how bad would it be if someone were to send requests for your website or emails somewhere else. Protect your access to your domain with a very strong password and multi-factor authentication if available. Instead of using a primary communication email address which is the same as the domain, set your account to use an alternate address such as a Gmail or Outlook.com account. Set up notifications for logins and changes to the account so you are aware of activity. If it is expected activity, fine; if not, you then have a way to be aware of problems quickly. If for any reason you cannot access the domain, the registrar will use this alternate address to verify your authorization to access the account. Frequently other security measures are used as well: PINs, secret questions, etc. Just make sure these extra measures are not easily guessed and that you keep them on file rather than relying on memory. We all have the best intentions of remembering that super-secret information only to be foiled down the road—especially so, because we always use unique credentials for every account we have. Right? In the case of questions, most answers tend to be case-sensitive just like passwords. I have seen domain owners locked out of their own domains when a registration expired and the only email address they had on the account used that same domain. When a domain expires, the website is not reachable and emails to addresses on that domain do not get delivered. If a registration is not renewed in sufficient time, domain squatters are able to purchase it requiring you to pay high prices to get it back. Finally, if you and the person who purchased the domain for you part ways, you maintain the ability to manage or delegate management to someone else.
In the case of this most recent issue, the web designer had become very slow to respond if they responded at all to client requests. The business owner, having been in business several years, already had a substantial web presence under the first domain name. When they wanted a website revamp and were not getting satisfaction from the first provider, they moved to a new one. Attempts were made to recover management of the original domain, but failed. A new website was launched on a new domain name, but because both existed, prospective customers got conflicting information depending on which site they accessed. (The original domain had not expired, it was just not accessible to the business owner, or anyone they delegated, to make changes.) Because the first domain had such a strong presence already, it would show up first in searches. Additionally, the new domain name was not preferred by the business owner. This owner was frustrated by the fact that a substantial online presence had already been established, now was outside of their control and that they were now starting at the beginning to build a presence again. Building an online presence is a combination of many things, and it is labor intensive to build crosslinks with sites and search providers. Then there’s all that stationery to reprint, business listings to correct, contacts to update and so on.
Having more than one person able to access the domain to make changes is highly recommended and each registrar handles such access differently. Typically, each domain has a registrant, administrative contact and technical contact. The registrant has the highest authority and is able to access and control all aspects of the registration. The administrative contacts typically have access to purchasing services and maybe adding other access accounts. Technical contacts typically have the ability to make DNS changes, sometimes more.
In companies with multiple employees, it is advised that two or more senior persons have access to all key account credentials in the event of one of the information holders leaving the company under any circumstances that are less than perfect. Another best-practice learned along the way is to create an email account such as records@YourDomain.extension which can either be a shared mailbox or aliased to a personal address in your organization. Use this address for registering your various services and communicating renewals, payment method expirations, etc. As roles within your company change, assign management of this address to appropriate individuals so that key communications are never missed. Again, over the years I have encountered situations where account access was maintained by one person and when that person was no longer with the company, recovering access to those accounts was an arduous process involving lots of calls, certified and notarized letters, proofs of identity and ownership and even legal counsel. Secured network storage can make a good central repository for such information. Locked file cabinets and safes are last century’s solutions and still work well for physical items. Just be sure that if things need to survive fire and flood, that the medium is built to protect the specific contents in those events. Most “fire safes” are not sufficient protection for digital media which will melt to a degree in the event of a building fire or corrode from moisture exposure. These also need to be regularly inspected to be sure they continue to protect as expected.
In the end, we were able to reclaim access to the original domain, but it was a long process. Through DNS management, traffic to the new domain name is simply redirected back to the original one and the original points to the new website. This means all traffic, whether the old or new domain is typed, gets to the same website and same email server. Searches which bring up the old domain name now lead viewers to the new website which was the goal all along. The business owner controls access to the domain and has granted access to others as needed. When they change service providers, they can revoke access from one and reassign to another.
Because your domain name is so integral to your branding and marketing, it is important that you have means to manage it or grant someone else access to do so if needed. Would you let just anyone have sole access to you bank accounts or any other key business asset? Why should your domain name be different?