Think of DNS management as an opportunity too. There is no reason why you shouldn't be paid for you time managing DNS -- Brian Francoeur
Tweet

The DNS black book is written in a language no mere mortal can decipher, yet as a provider of creative and digital marketing services, you need to know DNS.

This guide was written to provide agencies with an organized, easy to understand reference to create and implement a DNS strategy for a portfolio of client websites that’s easy for you to manage.

Let’s start with a definition, quoting Cloudflare.

The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.

Here are some of the main reasons you need to manage DNS for:

  • Migration of a website to a new host
  • Setting up subdomains
  • Pointing DNS to email servers
  • Setting up a CDN
  • DNS configuration for load balancing, failovers, etc.

Too many agencies do DNS on an ad-hoc basis. This creates a lot of extra work and confusion which can lead to serious vulnerabilities or catastrophic failures due to improperly configured DNS settings. A solid, well-thought out strategy creates a consistent set of rules and procedures for everyone to follow. This reduces the amount of work to be done and greatly improves the security and uptime of your clients’ websites.

DNS management: what you should be aiming for

Before explaining what DNS is in more detail here’s what and agency should be aiming for as part of an effective DNS strategy for a portfolio of client websites:

  • Each client retains ownership of the domain name but delegates access to your web developer(s)
  • Agency able to manage the DNS for each client’s domain name, sub-domains, email, and other web-based services.
  • Efficient and timely management of DNS access for portfolio of websites

Starting point is to have a basic understanding of how the DNS works. So, what is DNS? The acronym stands for “Domain Name System”. DNS translates the human-readable name of a website into its corresponding IP address.

How DNS works

At a high level, DNS looks deceptively simple. It’s just matching names and IP addresses, right? How hard can that be? Quite difficult, it turns out. Here’s a simplified take on the DNS resolution process.

Let’s use a request for https://convesio.com as an example. As soon as you type the URL in your browser a request is sent from your computer to a DNS server to find its IP address. This is the unique address of the physical server hosting convesio.com.

If that’s a website that you haven’t accessed already chances are that the first DNS server you reach doesn’t have it’s IP address cached. If this is the case then another DNS server is pinged to retrieve it. And another, and another until it’s found on one of hundreds of DNS servers scattered around the world. Once located, The IP address is pinged back to the browser / requesting it so that it can then pull all the necessary files off the server to render the webpage.

Illustration showing how the DNS system works

In this example the IP address is found on the second DNS server. This diagram, however, doesn’t show the different types of DNS servers that exist and how they are networked together following a set hierarchy to resolve domains. This is necessary because the DNS system servers billions of domain names and requests for them every day.

This is why when you buy a domain name and point to a host, or when migrating a website to a new host and updating DNS so that the domain can point to it, there is a lag. The switch over isn't instant because a whole bunch of DNS servers need to be updated.

You can get a sense of this by using DNS Checker, a handy tool that tracks propagation of changes to a DNS record over the network.

DNS management: the 10,000 ft view

DNS is managed by adding and editing DNS records. These are instructions for the system to route traffic to the right server. For example, A records are used to point a domain to a server. An example of this is convesio.com’s A record that points to 104.17.46.19, which is a Cloudflare server. Common types of DNS records are covered further on in this article.

This means that you need an interface to manage DNS records. Here’s what Cloudflare’s version looks like:

Screenshot of Cloudflare's DNS records screen

When you’re planning your DNS strategy you need to consider where you want to manage DNS. You have three options:

  • Domain Registrar - This is where the domain name was registered. Registrars typically offer DNS management but it may cost you extra.
  • DNS Host - A specialist provider offering a powerful toolset for DNS management as well as add-on services such as downtime notifications and functionality to easily manage a large portfolio of domain names.
  • Web Hosting Provider - You will have purchased a domain with a registrar and point it to a hosting provider where the website will be hosted and where you can also manage DNS for it.

So, what approach should an agency be using?

Two key considerations here. Firstly, their clients should be the ones registering and owning their business’ domain name. They shouldn’t be sharing login details to the registrar with anyone. Secondly, agencies need to streamline DNS access and management so that they can act quickly if there are issues.

We can quickly discard the first option as an agency would have to manage a whole bunch of logins. And, as mentioned, the owner of a domain should not be giving anyone access to manage the domain (and potentially transfer its ownership).

The third option would work well if the agency is also managing hosting for their clients. The hosting solution needs to feature DNS management, thought, and that’s usually not the case with specialist WordPress providers, Convesio included.

The best option for agencies, therefore, is to use a specialist DNS management and get every client to point their domain to them.

Flow chart showing a DNS management model

Before explaining how to best manage DNS for a portfolio of client websites let’s look at what the process looks like for a single website.

ABOUT THE AUTHOR
Brian Francoeur
Brian Francoeur is a freelance WordPress web designer and developer. He is known for his depth of knowledge about WordPress and his commitment to helping clients grow their businesses through innovative design. When he’s not busy on a project, he’s thumping out funky bass lines or playing with his dog Zavalla.
Free Resource

Sign up for our newsletter

Receive our monthly round up of what's new with WordPress.

Spotlight

Want faster, scalable & more reliable WordPress sites?

Convesio is not just another hosting provider. Our infrastructure was designed from the ground up for hosting high performance, scalable WordPress sites.

30 DAY FREE TRIAL

Setting up DNS for a single website

These steps cover a new domain use case but can also be used for existing domains. A new client that wants to delegate DNS management perhaps. In this case you would be skipping the first step.

StepDescriptionResponsibility
Register a domainThe client should make sure that the domain’s WHOIS contact details are accurate. Client
Point nameservers to a DNS hostThe agency should provide the client with the nameservers to use.Client
Point the domain name to the hosting providerSetting the A record to point to the hosting provider’s IP address.Agency
Setting up email and other recordsMX, SPF, DKIM and other records to get email to work as well as other services.Agency
Check that the DNS change have updatedChanges are never instant as records need to be updated on many servers across the globe. You can use a tool like DNS Checker propagation.Agency

Please note: if you’re migrating DNS for an existing website you need to add DNS records to the DNS host first. Fortunately, a number of providers have tools to automate this part.

Now, let's look at more detailed information about key steps.

Point nameservers to a DNS host

Nameservers work in tandem with DNS records are two different things. Forbes' analogy is a good one: if the DNS records are a catalog the nameservers are the library in which they are found.

When you register a domain name the nameservers are set automatically to point to their own service. For example:

  • ns1.exampleregistrar.com
  • ns2.exampleregistrar.com

Next, ask your client to change the nameservers to the ones of your DNS host. This is what the screen looks like in Google Domains.
Screenshot of the nameserver settings in Google Domains

If you’re using Cloudflare as the DNS host their nameservers will look something like this:

  • bob.ns.cloudflare.com
  • lola.ns.cloudflare.com

Please note: one ore more additional nameservers are used to ensure the domain name still works if the primary one fails.

Screenshot of Convesio's dashboard showing IP addresses for that accountPoint the domain name to the hosting provider

This is when you start adding DNS records for a domain via your DNS host. Your client will not need to do anything from this point onwards.

For this step you’ll need to know the IP address of your hosting provider. If you’re using Convesio you can find these in the Domains screen of the dashboard. There are two, in fact, as Convesio ‘load balances’ website traffic to two different servers.

Add an A record for each:

Screenshot of A records set in Cloudflare

If you want to add a redirect for the www version of the domain you’ll need to add a CNAME record.

Screenshot of the CNAME record in Cloudflare

Setting up email and other DNS records

DNS records are used to manage other domain related services.

The best example of this is email, which just like a website needs to be hosted on a server. WordPress hosting providers typically don’t offer email hosting and the recommendation here is for the client to use a reputable service like Google Mail or Microsoft Outlook.

There are quite a few types of DNS records, in fact - you can see the full list on Wikipedia, but you can get away by knowing just a handful of them. Here’s a list of the ones that you need to be aware of.

DNS Record TypeWhat is it used for?Example
A and AAAABoth of these records map a host to an IP address. The ‘A’ record maps to an IPv4 address while the ‘AAAA’ record maps to an IPv6 address.Convesio.com’s A record points to 104.17.46.19, which is a Cloudflare server.

(It’s not where the website is hosted by more of a filter sitting between visitors and the Convesio’s server).
CNAMEA CNAME record defines an alias for the canonical, or official name for our server. For example, we could have a A record defining ‘server1’ as the host and use ‘www’ as an alias for that host:If you type convesio.com in your browser address bar you’ll be instantly redirected to convesio.com.

The CNAME entry for this features www as the ‘name’ and convesio.com as the ‘content’.

You can set as many CNAME records as you want, including when you’re using a subdomain to point to a different site or function. For example, Convesio’s sign up:

https://account.convesio.com/
MXThese define the mail exchange records for a domain. MX records help to ensure that your emails arrive at your mail server the way they’re supposed to. Generally, MX records should point to an A or AAAA record, not a CNAME.Here’s an example of an Office 365 MX record for the example.com domain:

example-com.mail.protection.outlook.com
SPF SPF stands for Sender Policy Framework and email authentication standard that helps protect both senders and recipients of email from spam, phishing and spoofing. Email systems check each email’s header information against to SPF record to ensure it’s legitimate, so that only the owner of the xyz.com domain can send @xyz.com emails.If you want to use SendGrid email services you will need to add a SPF record, which they will provide, to your DNS.

For example:

v=spf1 include:u123456.wl.sendgrid.net -all
DKIMDKIM stands for DomainKeys Identified Mail and along with SPF is an open standard to ensure email can be authenticated. It’s more complicated to set up than SPF but more secure too as it covers forwarding as well.v=DKIM1; k=rsa; p=MII
BIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAt
5jy+IBRBwp/ddnKVAgkcO
/mHkxjYr3GV1Ef5kKfb/P
TOfrpASRlb1234123krfY
ZehJSuZnmfIvBt9CrA4sL
IcTbaX/S16VJyapyzcnlC
XwJLTI0vONyKaqWQpK7Ao
PfVfmPX0MjGOFFzx6ec21
joXA1df8AzSHxVlyjaAUG
EQMGzgVfy+x/+xUEI4UyE
UzvWBum+VgYeGJNGCEShY
0/o8149jwapaYZcWMqgnY
yG0lV+caKBzYXR/XC6wiS
Jp89PrfMXwIsu9hnrzbpV
2H+H8ZHp31KEvnCmQVebM
qSlQDBouDbGkzixyx/x38
QxuIsIL4DV9l4r7eWlmQj
AnNKaawIDAQAB
TXTThink of TXT records as notes you can associate to your domain. It was originally intended as a place to save human-readable information but it's often used to save machine-readable ones. Google uses TXT records for webmasters to verify ownership of a domain. For example, to be able to access Google Search Console data for domain xyz.com he / she needs to add a TXT record provided by Google that looks like this:

google-site-verification=
rXOxyZounnZasA8Z7oaD3c14JdjS9aKSWvsR1EbUSIQ

Once you’ve finished setting up DNS records, check that they are working properly. Visit the website you’ve set up DNS for and send some test emails. Bear in mind that changes to DNS need to propagate across the whole DNS system. You may have to wait a few hours to see changes take effect. Also, clear your browser’s cache before checking a website as you may be viewing a local version.

A note about SSL

Managing SSL is not strictly part of the DNS management process but a step in the setup and configuration of a website.  Once you have finished with DNS and everything is working as expected make sure you install SSL for the domain. This is usually a function offered by the hosting provider.

How to manage DNS for a portfolio of client websites

Now that you understand how DNS works and how to manage it for a single website let’s look at best practices to manage DNS for a portfolio of client websites. Let's remind ourselves is what we're aiming for:

  • To establish a process to quickly and painlessly set up and manage DNS for a large number of client websites
  • Ensure that your client remains the owner of the domain and that there is a process so that DNS management can be handed back over
  • Monitoring and speedy issue resolution

1. Select a DNS host

This will be your control center to manage your entire portfolio of client websites.

The core functions you are looking for are:

    • Management of multiple domains

<li

  • Client access (optionally)
  • Good performance, security and redundancy
  • A solid SLA and expert 24/7 support

Also, usability is important too. Sign up for a free trial and get a sense how quickly you can navigate and perform operations.

You should also check what associated services they offer so that you don't have to sign up with another provider to access them. For example, uptime monitoring, analytics, DDoS protection and CDN options.

Here’s a short list of the more reputable DNS hosts.

2. Keep track of your assets & resources

There’s a lot of information to keep track of for each domain that you may also want to share with your client. This could be a simple spreadsheet or a database that is part of a client portal, the idea being that you’re sharing a ‘living document’ with your client. Keep track of:

  • Domain name
  • Registrar and contact details associated to the domain
  • Domain expiry date
  • DNS management tool
  • DNS Records
  • SSL cert details
  • CDN and other associated services
  • Internal email address to use for monitoring
  • Names of people who have access to the information

It’s tempting to store passwords in this resource too but that wouldn’t be safe. Best use a password manager such as LastPass, Dashlane or 1 Password.

This is important too: you should have a process whereby access to platforms and documentation is updated once a resource is no longer involved.

3. Set up monitoring

There are a number of very good monitoring tools so do a little research to find what’s best for you. Have a look at Pingdom, Uptime Robot and Freshping.

If you’re managing a large portfolio of clients it’s worth having a strategy to capture and route communications and alerts to the right platform or person, allowing for prioritization too. The channels are typically email, SMS and a messaging platform such as Slack.

For email, you may want to create a forward formatted as [email protected] pointing to a generic [email protected] inbox. If you’re using a Help Desk system (and you should) or an alert management system like Opsgenie you can then route alerts to the right person or tool.

For example, you can set a downtime alert to email [email protected] that routes to a Help Desk platform that a) creates a high priority ticket assigned to a particular person or team and b) sends an Slack message to a #dnsmanagement channel so that key people are informed.

DNS as a Service

Managing DNS is both time consuming and interruptive -- you will need to drop everything to fix an issue the moment you are alerted.

Good management practices will help you reduce this but you should also monetize the extra responsibilities. Here are some suggestions on how you can do this:

  • Bundle in DNSaaS with your existing maintenance and support packages. Or offer it as an add-on
  • Productize your WordPress hosting stack and factor DNS hosting in the pricing.
  • Partner with a hosting provider and you can do the DNS work for you. You’ll be earning a fee for each website you refer

Conclusion

Hopefully this guide will have helped you understand how DNS works and navigate the intimidating world of DNS records.

For many agencies DNS is a bit like web hosting - a critical piece of the WordPress puzzle but often a distraction more than a value-add. But here's the thing: clients feel the same way. So if you can help them take the pain away you will be doing them a great service.

Think of DNS management as an opportunity too. There is no reason why you shouldn't be paid for you time managing DNS. Offer it as a service or bundle it in your retainer offer.

Comments

Be the first one to comment.
Have your say

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright 2021 © Convesio