Sign up for our newsletter
Receive our monthly round up of what's new with WordPress.
This guide was written to provide agencies with an organized, easy to understand reference to create and implement a DNS strategy for a portfolio of client websites that’s easy for you to manage.
Let’s start with a definition, quoting Cloudflare.
The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.
Here are some of the main reasons you need to manage DNS for:
Too many agencies do DNS on an ad-hoc basis. This creates a lot of extra work and confusion which can lead to serious vulnerabilities or catastrophic failures due to improperly configured DNS settings. A solid, well-thought out strategy creates a consistent set of rules and procedures for everyone to follow. This reduces the amount of work to be done and greatly improves the security and uptime of your clients’ websites.
Before explaining what DNS is in more detail here’s what and agency should be aiming for as part of an effective DNS strategy for a portfolio of client websites:
Starting point is to have a basic understanding of how the DNS works. So, what is DNS? The acronym stands for “Domain Name System”. DNS translates the human-readable name of a website into its corresponding IP address.
At a high level, DNS looks deceptively simple. It’s just matching names and IP addresses, right? How hard can that be? Quite difficult, it turns out. Here’s a simplified take on the DNS resolution process.
Let’s use a request for https://convesio.com as an example. As soon as you type the URL in your browser a request is sent from your computer to a DNS server to find its IP address. This is the unique address of the physical server hosting convesio.com.
If that’s a website that you haven’t accessed already chances are that the first DNS server you reach doesn’t have it’s IP address cached. If this is the case then another DNS server is pinged to retrieve it. And another, and another until it’s found on one of hundreds of DNS servers scattered around the world. Once located, The IP address is pinged back to the browser / requesting it so that it can then pull all the necessary files off the server to render the webpage.
In this example the IP address is found on the second DNS server. This diagram, however, doesn’t show the different types of DNS servers that exist and how they are networked together following a set hierarchy to resolve domains. This is necessary because the DNS system servers billions of domain names and requests for them every day.
This is why when you buy a domain name and point to a host, or when migrating a website to a new host and updating DNS so that the domain can point to it, there is a lag. The switch over isn't instant because a whole bunch of DNS servers need to be updated.
You can get a sense of this by using DNS Checker, a handy tool that tracks propagation of changes to a DNS record over the network.
DNS is managed by adding and editing DNS records. These are instructions for the system to route traffic to the right server. For example, A records are used to point a domain to a server. An example of this is convesio.com’s A record that points to 22.214.171.124, which is a Cloudflare server. Common types of DNS records are covered further on in this article.
This means that you need an interface to manage DNS records. Here’s what Cloudflare’s version looks like:
When you’re planning your DNS strategy you need to consider where you want to manage DNS. You have three options:
So, what approach should an agency be using?
Two key considerations here. Firstly, their clients should be the ones registering and owning their business’ domain name. They shouldn’t be sharing login details to the registrar with anyone. Secondly, agencies need to streamline DNS access and management so that they can act quickly if there are issues.
We can quickly discard the first option as an agency would have to manage a whole bunch of logins. And, as mentioned, the owner of a domain should not be giving anyone access to manage the domain (and potentially transfer its ownership).
The third option would work well if the agency is also managing hosting for their clients. The hosting solution needs to feature DNS management, thought, and that’s usually not the case with specialist WordPress providers, Convesio included.
The best option for agencies, therefore, is to use a specialist DNS management and get every client to point their domain to them.
Before explaining how to best manage DNS for a portfolio of client websites let’s look at what the process looks like for a single website.
Receive our monthly round up of what's new with WordPress.
Convesio is not just another hosting provider. Our infrastructure was designed from the ground up for hosting high performance, scalable WordPress sites.30 DAY FREE TRIAL
These steps cover a new domain use case but can also be used for existing domains. A new client that wants to delegate DNS management perhaps. In this case you would be skipping the first step.
|Register a domain||The client should make sure that the domain’s WHOIS contact details are accurate.||Client|
|Point nameservers to a DNS host||The agency should provide the client with the nameservers to use.||Client|
|Point the domain name to the hosting provider||Setting the A record to point to the hosting provider’s IP address.||Agency|
|Setting up email and other records||MX, SPF, DKIM and other records to get email to work as well as other services.||Agency|
|Check that the DNS change have updated||Changes are never instant as records need to be updated on many servers across the globe. You can use a tool like DNS Checker propagation.||Agency|
Please note: if you’re migrating DNS for an existing website you need to add DNS records to the DNS host first. Fortunately, a number of providers have tools to automate this part.
Now, let's look at more detailed information about key steps.
Point nameservers to a DNS host
Nameservers work in tandem with DNS records are two different things. Forbes' analogy is a good one: if the DNS records are a catalog the nameservers are the library in which they are found.
When you register a domain name the nameservers are set automatically to point to their own service. For example:
Next, ask your client to change the nameservers to the ones of your DNS host. This is what the screen looks like in Google Domains.
If you’re using Cloudflare as the DNS host their nameservers will look something like this:
Please note: one ore more additional nameservers are used to ensure the domain name still works if the primary one fails.
Point the domain name to the hosting provider
This is when you start adding DNS records for a domain via your DNS host. Your client will not need to do anything from this point onwards.
For this step you’ll need to know the IP address of your hosting provider. If you’re using Convesio you can find these in the Domains screen of the dashboard. There are two, in fact, as Convesio ‘load balances’ website traffic to two different servers.
Add an A record for each:
If you want to add a redirect for the www version of the domain you’ll need to add a CNAME record.
Setting up email and other DNS records
DNS records are used to manage other domain related services.
The best example of this is email, which just like a website needs to be hosted on a server. WordPress hosting providers typically don’t offer email hosting and the recommendation here is for the client to use a reputable service like Google Mail or Microsoft Outlook.
There are quite a few types of DNS records, in fact - you can see the full list on Wikipedia, but you can get away by knowing just a handful of them. Here’s a list of the ones that you need to be aware of.
|DNS Record Type||What is it used for?||Example|
|A and AAAA||Both of these records map a host to an IP address. The ‘A’ record maps to an IPv4 address while the ‘AAAA’ record maps to an IPv6 address.||Convesio.com’s A record points to 126.96.36.199, which is a Cloudflare server.
(It’s not where the website is hosted by more of a filter sitting between visitors and the Convesio’s server).
|CNAME||A CNAME record defines an alias for the canonical, or official name for our server. For example, we could have a A record defining ‘server1’ as the host and use ‘www’ as an alias for that host:||If you type convesio.com in your browser address bar you’ll be instantly redirected to convesio.com.
The CNAME entry for this features www as the ‘name’ and convesio.com as the ‘content’.
You can set as many CNAME records as you want, including when you’re using a subdomain to point to a different site or function. For example, Convesio’s sign up:
|MX||These define the mail exchange records for a domain. MX records help to ensure that your emails arrive at your mail server the way they’re supposed to. Generally, MX records should point to an A or AAAA record, not a CNAME.||Here’s an example of an Office 365 MX record for the example.com domain:
|SPF||SPF stands for Sender Policy Framework and email authentication standard that helps protect both senders and recipients of email from spam, phishing and spoofing. Email systems check each email’s header information against to SPF record to ensure it’s legitimate, so that only the owner of the xyz.com domain can send @xyz.com emails.||If you want to use SendGrid email services you will need to add a SPF record, which they will provide, to your DNS.
v=spf1 include:u123456.wl.sendgrid.net -all
|DKIM||DKIM stands for DomainKeys Identified Mail and along with SPF is an open standard to ensure email can be authenticated. It’s more complicated to set up than SPF but more secure too as it covers forwarding as well.||v=DKIM1; k=rsa; p=MII
|TXT||Think of TXT records as notes you can associate to your domain. It was originally intended as a place to save human-readable information but it's often used to save machine-readable ones.||Google uses TXT records for webmasters to verify ownership of a domain. For example, to be able to access Google Search Console data for domain xyz.com he / she needs to add a TXT record provided by Google that looks like this:
Once you’ve finished setting up DNS records, check that they are working properly. Visit the website you’ve set up DNS for and send some test emails. Bear in mind that changes to DNS need to propagate across the whole DNS system. You may have to wait a few hours to see changes take effect. Also, clear your browser’s cache before checking a website as you may be viewing a local version.
A note about SSL
Managing SSL is not strictly part of the DNS management process but a step in the setup and configuration of a website. Once you have finished with DNS and everything is working as expected make sure you install SSL for the domain. This is usually a function offered by the hosting provider.
Now that you understand how DNS works and how to manage it for a single website let’s look at best practices to manage DNS for a portfolio of client websites. Let's remind ourselves is what we're aiming for:
1. Select a DNS host
This will be your control center to manage your entire portfolio of client websites.
The core functions you are looking for are:
Also, usability is important too. Sign up for a free trial and get a sense how quickly you can navigate and perform operations.
You should also check what associated services they offer so that you don't have to sign up with another provider to access them. For example, uptime monitoring, analytics, DDoS protection and CDN options.
Here’s a short list of the more reputable DNS hosts.
2. Keep track of your assets & resources
There’s a lot of information to keep track of for each domain that you may also want to share with your client. This could be a simple spreadsheet or a database that is part of a client portal, the idea being that you’re sharing a ‘living document’ with your client. Keep track of:
This is important too: you should have a process whereby access to platforms and documentation is updated once a resource is no longer involved.
3. Set up monitoring
If you’re managing a large portfolio of clients it’s worth having a strategy to capture and route communications and alerts to the right platform or person, allowing for prioritization too. The channels are typically email, SMS and a messaging platform such as Slack.
For email, you may want to create a forward formatted as [email protected] pointing to a generic [email protected] inbox. If you’re using a Help Desk system (and you should) or an alert management system like Opsgenie you can then route alerts to the right person or tool.
For example, you can set a downtime alert to email [email protected] that routes to a Help Desk platform that a) creates a high priority ticket assigned to a particular person or team and b) sends an Slack message to a #dnsmanagement channel so that key people are informed.
Managing DNS is both time consuming and interruptive -- you will need to drop everything to fix an issue the moment you are alerted.
Good management practices will help you reduce this but you should also monetize the extra responsibilities. Here are some suggestions on how you can do this:
Hopefully this guide will have helped you understand how DNS works and navigate the intimidating world of DNS records.
For many agencies DNS is a bit like web hosting - a critical piece of the WordPress puzzle but often a distraction more than a value-add. But here's the thing: clients feel the same way. So if you can help them take the pain away you will be doing them a great service.
Think of DNS management as an opportunity too. There is no reason why you shouldn't be paid for you time managing DNS. Offer it as a service or bundle it in your retainer offer.