top of page
  • Writer's picturePaul Ebersman

How do I secure my domain name?

A laptop, sitting on the desk in a business. Two people sit just out of frame, one with a hand resting on the trackpad, the other pointing at something on the computer screen.

Your domain name is the entry point for your entire business identity on the internet. It’s how you offer services and products, communicate with customers and vendors, and how your employees get their jobs done. If someone malicious can subvert your domain name and/or prevent anyone from accessing it, you cease to exist on the Internet. So how do you protect this vital resource?

Getting a domain name

When your company, “Example, Inc”, decides to register a domain name like “”, you usually register it with a registrar, like GoDaddy, Namecheap, Tucows, etc. With your first domain name, you need to set up a registrar account with that registrar.

One of the things you’ll need to decide when you register your domain name is who will be publishing the information about your company (like where to send email, how to reach the web site) to other computers on the Internet. The servers that do this are called Authoritative Nameservers, and they map the human readable addresses, like to the underlying computer readable numerical addresses. The process uses a protocol called the Domain Name System (DNS). Your nameservers could be supplied by your registrar, they might be supplied by your cloud provider as part of setting up a cloud infrastructure (like AWS, Azure, Google Cloud), or be run by your Content Delivery Network (CDN) provider as part of a content/load-balancer/DDoS protection service, like Akamai, CloudFront, Azure CDN, Cloudflare.

Picking authoritative nameservers

What you care about most when picking nameservers are how secure they are and how robust they are in the face of large network failures or attacks. You should ask:

  • Does the provider have diverse, redundant servers to reduce the likelihood of a disruption (it may be done via anycast)?

  • What kind of Distributed Denial of Service (DDoS) protection do they offer?

  • What kind of Service Level Agreements (SLAs) or guarantees of uptime do they provide?

Protecting your domain name

Malicious actors tend to either try to deny anyone access to your nameservers such that no one can reach any of your servers, or they try to impersonate your servers, called masquerading, to provide false information, steal login credentials or redirect internet traffic. Denial of service is something you need your nameserver provider to deal with for you.

Most masquerading attacks involve getting access to your registrar account and changing the nameservers used or the Domain Name System (DNS) data served, such that users go to a fake site run by the attackers, not your legitimate servers. It is important to protect your registrar account credentials in much the same way you secure any privileged accounts:

  • Use strong passwords

  • Never use the same password on your registrar account that you have used anywhere else

  • Use a password manager

  • Use multifactor authentication

  • Only give the permissions necessary for each person to do their job

  • Phishing training for staff

  • Use role or company only emails for recovery emails

  • Regularly audit access and accounts

  • Use registrar and registry locks to prevent domain transfers or changing your authoritative servers, if they are available from your registrar

Beyond that, on your servers, do what you do for any critical service:

  • Actively monitor your domain for changes to your authoritative servers

  • Monitor key records/services, such as web and email

  • Set up alerts for critical or unexpected changes

  • Monitor web certificates to see if any servers you don’t recognize have a certificate for your domain name


By picking a robust operator to run your nameservers and keeping your registrar accounts secure, you can prevent malicious actors from “stealing” your online presence.

Additional reading

Do you have questions about this topic? You probably aren’t alone! Use the buttons at the top right corner of the page to connect with us on social media or join us as a caller on a future episode of The Mindful Business Security Show and ask your questions on the podcast!


Recent Posts

See All
bottom of page