Domain management can be a daunting task for system administrators, but with the right tools and best practices in place, it can be a breeze. When it comes to domain management, there is always something new to learn - from the complexity of updating DNS records to the mundane tasks of finding and registering a winning domain name.
The tasks involved in managing a domain might be simple, but their importance should not be underestimated. Poorly managed domains can leave a company vulnerable to external and internal threats and cost millions in lost revenue, restoration of compromised systems, and litigation.
In this article, I will go over some of the best practices to help you get started managing your domains. I will cover everything from choosing a domain name and registering it, to making your website and email secure.
Domain name registration
I always find the first step in domain management the hardest: choosing a domain name. When choosing a domain name, choose a name that is short, memorable, and easy to spell. This will help your audience find you and keep them coming back. It is also important to choose an appropriate top-level domain (TLD) for your domain, such as .com for a commercial website or .org for an organization.
Once you have chosen a domain name, you are already halfway there! All you have to do is check whether the domain name you chose is available. You can check the availability of a domain name using a variety of online tools and get suggestions for alternate domain names if the one you want is unavailable.
The final step in registering your domain name is actually registering it. This is done by using a domain name registrar. The price for registering your domain with different registrars is comparable, so you might want to choose from one of the largest registrars such as GoDaddy or NameCheap. The most popular domain name registrars are GoDaddy, NameCheap, Tucows Domains, Google, and Network Solutions.
With a registered domain, make sure you carefully manage your DNS records. Publish only the records you require and tightly control who has authority to publish and change DNS records for your domain.
Finally, be sure to enable automatic renewals on your domain so you avoid an expired domain that causes you to lose revenue.
Ensure website security
When it comes to hosting a website, there are a few security considerations that should always be made. First, all modern websites should have a TLS certificate. TLS certificates are installed once on your web server, then they are used when clients connect to your website to secure the communications. Having a proper TLS certificate on your website with strong encryption and good cipher suites helps protect your customers and your business.
Use free online tools like NetworkCalc's Certificate Lookup tool to check your website's security certificate and ensure that it is valid. Try the Certificate Lookup tool below to check the status of your existing website's TLS certificate.
Regardless of how often your website gets patches, it is important that you monitor what packages are being patched and when. When updates become available for packages your software depends on, you should apply them as early as you can. Security patches are especially important, as they close holes that may leave your website vulnerable if left unpatched.
Different software packages are patched on different intervals - some packages receive updates once a year, others receive updates once a month, and still other receive them every few minutes. Of course, you need to ensure patching the packages used in your website does not break key functionality.
Domain management best practice says that you should perform regular patching of server operating systems, runtimes, third party packages, and any other software involved in serving your website. You might believe that patching any one of these things is enough, but it only takes one vulnerability for bad actors to compromise your systems and harm your business. Stay vigilant and patch all your systems on a predictable schedule.
Protect your email, too
The need for email will not go away any time soon, so it is important to keep up with the latest technology. The fundamentals matter, too.
Whether you host your email on-premise or use cloud email services like Office 365 Exchange Online, you should have a valid SPF record to authorize services to send on behalf of your domain and disavow services that should not. SPF only takes a few minutes to set up and will protect you from spammers, hackers, and anyone who wants to impersonate your email domain without your authorization.
Third-party SPF records are included by reference in your own, so it is important to check your SPF record periodically. If you find any errors or changes, they can invalidate your SPF record. Enter your domain name or the subdomain for your SPF record in the SPF Checker tool below to check the status of your SPF record:
In addition to SPF, you should use DMARC and DKIM to enforce authentication and digitally sign emails originating from valid senders of your domain. Together, SPF, DMARC, and DKIM form the 3 pillars of email authentication. Managing all of them gives you a lot of control over your email domain.
On the end-user side of email, cloud-based email providers typically expose a lot of services, many of which your users may not ever use. I recommend reviewing the configuration of your email provider at least once a year and disabled unneeded services to reduce your attack surface. Some of the common areas of an email service that you can consider disabling or putting protective controls around are:
- In-app purchases
- Untrusted add-ins and add-in stores
- Webmail accessible from anywhere in the world
- Authentication methods (single sign on and multi-factor authentication are excellent)
You can install cloud-based email security services like Mimecast or on-premise email security solutions like SpamTitan to filter out many of the bad or dangerous emails your end-users would otherwise receive. In addition, services like Mimecast and Zix provide outbound data-loss prevention (DLP) services to prevent exfiltration of your corporate data through email. Secure email services are also useful to allow your customers and end-users to exchange sensitive information with a high level of encryption to conceal it.
In this article, I covered some of the best practices for getting started with domain management. I described specific steps you can take to find and register domains, secure and update your websites, and protect your corporate email and end-users. Many of these best practices can be boiled down to putting in the effort when you first stand up a domain to consider configuration and security, along with reviewing your domains regularly. I hope you find one or two things in this article you can start doing today to improve and simplify your domain management.