What is Domain and DNS Security?
With the prevalence of site hackings through out of date or unpatched content management systems (WordPress/Magento/etc) people often forget a fundamental part of their website; the domain itself. Recently there has been a serious DNS breach identified by Sucuri which highlighted just how careful you have to be with both your domain and the DNS provider you use. Your domain registration is your ownership of a domain – the company you pay for the registration of the domain needs to be a legitimate one, with proper support, and preferably full control via a client login. Secondly, (and sometimes this will be the same company) your domain will have nameservers, which direct where things like web traffic and your email go. These special servers are an extremely important part of your website, and you need to make sure you use a provider that has proper security on these, and multiple nameservers in different locations to ensure redundancy. Pete wrote all about how DNS works over on this blog post.
So how can you make sure your domain is secure?
First up, make sure your registrar has proper security in place, both in terms of your client login (two factor authentication is a very good idea) and in terms of their infrastructure. At Nimbus we have three nameservers located at different datacenters around the UK, and you can setup two factor authentication on your account with us via your client area. We also maintain a full history of your DNS history (5 snapshots) so we can roll it back easily if required.
Secondly, make sure you ONLY give out access to your DNS management to those who require it, and remove their access if no longer required. At Nimbus you can setup multiple sub accounts on your main account, to make this nice and easy. If a platform like Cloudflare requires you to use their nameservers, make sure you again apply two factor authentication to your account there.
Thirdly – make sure your domains WHOIS information is always up to date. This ensures that you can always gain access to your domain if anything goes wrong – particularly .uk domains, as Nominet will use this in the first instance to establish whether the domain is yours, should you ever have an issue with your registrar.
Finally, some people will advise you not to keep your domain and hosting in the same place. Certainly if you don’t trust your web host to act professionally if there are any issues with your relationship, this would be a good idea, but if you do trust them, then having both in the same place will not only ensure faster and more rounded support, but also one location to secure to ensure that your domain stays safe.