The Domain Name System (DNS) is another one of those crucial pieces of the Web that we expect to 'just work' without really worrying about all the complexities and uncertainties involved. DNS is important to website operators because it determines their website name - URL. However there are many factors to consider when deciding which DNS provider to register your domain with, including privacy, usability and security. To learn more about DNS in general, please refer to our chapter on the Domain Name System.
A domain name needs to be registered, hosted and resolved. These functions can be performed by a single or several different entities (providers).
Choosing a Registrar
A registrar reserves your website name on the Internet and is responsible for maintaining these records with centralised databases. Only your registrar may modify or edit details on your domain on these databases. The registrar must pay membership fees and operate according to ICANN requirements. Here are a few important considerations when choosing a DNS registrar:
- Location: As with hosting providers, DNS companies are governed by the legislature of the country they are located in. If you are looking for a country specific domain name suffix (e.g. .ru .ie .ca) then you will likely need to find a DNS provider from this specific country
- Reputation: The cheaper providers are not necessarily the best choice. Their reputation is influenced by their treatment of clients, response times for support questions, reaction to DDoS and other types of attacks against your domain, as well as their policies for allowing you to transfer your domain to another provider. Some of the larger DNS registrars include Go Daddy, eNom, Tucows, Melbourne IT who process millions of domains and may not be so responsive to support requests or any adhoc questions you may have
- Privacy: Most registrars will require verification of your identity before allowing you to register a domain. These details can be publicly accessible via a Whois request on the Internet. Many registrars provide a Whois privacy option that will hide these results from public view (they can still be accessed by official request)
Choosing DNS Hosting
DNS hosting refers to accepting requests from the Internet for your domain name and resolving it to IP addresses that are specified in your account (or zone file). Resolving a domain name to an IP address is done by your hosting provider's nameservers. If you wish to register a domain name with providerX but host the domain with providerY, you will need to specify providerY nameservers with your registrar. Other points to consider when looking for DNS hosting:
- Number of requests: provider usually agree to resolve your domain name to an IP address a limited amount of times per month. Once this is exceeded, you could be paying extra
- Mail: most DNS providers offer you the ability to forward email to a pre-defined server. In addition, some of them will queue (spool) mail if your server is not responding
- Record management: Some DNS providers allow you to specify one DNS record only - for your main website. Should you wish to have several different records for your domain (e.g. www.website.com and my.website.com) as is allowed by the DNS protocol, then they offer you an 'advanced' package for zone file management
- TTL: Time to Live specific how quickly your provider will update your zone record changes. Some providers allow you to specify this time, whilst others lock you in to their default (sometimes this can be as slow as one change per 24 hours)
- Secondary DNS: Some DNS providers allow you to specify an alternative destination for name resolution. This could come in handy if you want to run your own DNS nameservers without going through all the administrative requirements of being a full fledged provider
- Service Level Agreements (SLA): Defines a contract with you on how quickly will the provider will respond to your queries, what kind of effort will be extended to keeping your domain accessible at all times, and so on.
Contingency Planning
- Social Engineering: Hijacking a DNS account is a popular attack against a website. An account password can be guessed or broken through brute force. Alternatively the provider can be tricked into surrendering account details to an unauthorised party. Check your provider's procedures for password reset and account authentication (some of them assume the account holder simply from the email domain the request comes in on - this can be easily faked). Lookout for providers that offer 2-tier authentication and refer to Access_Restrictions section for more details.
- DDoS: Your website can also be attacked on the DNS level - meaning an attempt to overwhelm your DNS provider so that they stop resolving your address. Check your providers defenses against various levels of DDoS and the SLA specifying how much or long they are willing to protect you for.
...