Categories
Domain Registry Trust, Identity and Access Blogs

How secure are your domains?

Businessman pointing at search bar on a virtual screen
Image by Jack Moreh on Stockvault

A domain name is a very important asset to an organisation. They help to establish a unique identity for your website and represent your brand, so keeping them secure is key. If the domain is not secured properly, it is at a higher risk of being hijacked. 

This is particularly important as domains are a popular target for cyber criminals, and attacks on domain name servers (DNS) are all too common. This can have a serious effect on the trust of your organisation if the domain is compromised. 

To help you out – this blog covers some simple steps you can take to ensure your domains are kept secure and protected from threat actors.  

WHOIS Records:

The WHOIS data is publicly visible and includes registrant contact details. We require these details to be kept up to date and to ensure this happens, Jisc emails the registrant annually to review this and update if required. This can help to lower the risk of a domain being compromised. The WHOIS records can be published with generic details such as a generic team name and email address. Don’t forget the email address needs to be a monitored inbox, that can send and receive emails.  

While you can have generic details for the public WHOIS, we do request that you keep a named contact with the registration, which is kept private for Jisc to use in circumstances that we many need to contact the domain owner.  

If you are a member, you can manage your domain through Jisc via the Domain Registry Portal. The details are shown in the portal as registrant details and alternative registrant details for the public WHOIS. If your domain is managed through an external registrar, you will need to contact them to get this updated on your behalf.  

Renewals:

Currently, Jisc members domains are automatically renewed as part of your membership package. However, staying on top of your domain estate is important and any dormant domains should be removed.  

For our non-member customers, renewing your domain is key to keeping your services running. If a renewal is missed, then the domain is at risk of being suspended and eventually removed from the registry.  

It is recommended that renewals for domains are processed at least three months in advance, so it is best to make a note of when your domain is due for renewal. If you are unsure of your renewal date, you can check with your registrar or search your domain on a WHOIS lookup where it will show the renewal date. We do also email the registrar reminders 90 days from expiry at regular intervals to renew the domain. 

Domain is no longer needed:

It is very important to monitor your domain estate. If you have domains on the registry that are no longer required, they should be removed. Leaving a domain dormant can open it to attacks. As the domain suffixes we manage are closed domain spaces, there is no need to brand protect your names as domains are only issued based of the strict eligibility criteria.  

Nameservers:

With the nameservers for your domain, it is a requirement that you have at least two nameservers listed – a primary and secondary as a backup. However, you can have up to 10 nameservers listed for a domain.  

It is important that you check your nameservers listed on the registry and ensure that they are spelt correctly with no typos and correspond to your published DNS records. Missing nameserver records can cause delays for clients when resolving your records, as they attempt to contact a nameserver that is either non-existent or non-authoritative. Extraneous NS records can cause havoc if they point to nameservers that are not being kept current, or worse, if they are no longer under your control.  

Remember – it’s important to monitor your domain estates regularly as if any issues arise, you’ll be able to find and resolve it as quickly as possible. 

To learn more about Jisc’s domain registry, DNS services or how you can improve your security posture through advanced protection services like Janet Network Resolver – please get in touch via help@jisc.ac.uk

Leave a Reply

Your email address will not be published.