This is not an article on effective websites, it’s all about maintenance and support for your website and is targeted at the agency, techy customer or IT professional.
This might sounds like jargon; you know what a domain is but have no idea what DNS is or how it all works. If that’s the case, then please I beg you stop here unless you have a genuine interest in the technical aspects and doing further research.
This topic is a contentious one between IT professionals and Marketing Agencies who manage domains and DNS. Both want to manage the product for the client, and both have the best interests of the client at heart. While neither usually understands the perspective of the other when it comes down to their specialist area, and usually, the result is one has to bend to the will of the other.
Ten reasons why your agency should have just as much justification to manage the customer domain or/or DNS with your website management plan.
- Simplicity and Consistency: Managing everything under one company simplifies the process and reduces the risk of miscommunication or oversights due to a scattered approach.
- IT Involvement: While IT teams may need occasional access to DNS for certain setups, this can be facilitated through shared DNS on Cloudflare without giving them control over the domain on their reseller account.
- SSL Management: HTTP-01 challenge for SSL certification (a process where the server proves it controls the domain) is easier and more secure when handled by the same agency managing your DNS. Our hosting integrates closely with this form of management if Cloudflare can be used.
- Timing and Collaboration: DNS and SSL setups are complex and need coordination. Unsynced changes, like turning on Cloudflare proxy before enabling SSL, can cause issues.
- Third-Party Integrations: DNS records often connect to numerous third-party tools, such as email delivery services like Mailgun or Google Search Console (previously Google Webmaster Tools), which require proper management.
- Direct Access in Emergencies: Agencies need direct access to DNS records when issues occur with servers or load balancers to minimize downtime for your website.
- Automated DNS Management: Server systems like RunCloud can automatically manage DNS records (add, edit, remove), ensuring accurate and real-time DNS updates. You can work around this by getting a Cloudflare API token with controlled permission from the IT provider if they insist on using their Cloudflare account but if they want to use another system it’s all manual.
- CDN’s – Lightspeed, the fastest web server on the planet, allows for the use of a CDN named quic.cloud, one of many. Without DNS access, the web guy cannot integrate this easily into a site and the site cannot be optimised to perform even quicker than it would without CDN’s.
- Load Balancing at DNS – CloudFlare offers load balancing and pool-based switching between monitored IPs. While this seems a bit techy, it’s primarily linked to your website’s uptime and white you could get your IT guy to configure this for you because it’s not a common request to an IT provider. It’s probably better situated with your web agency; they deal with this sort of thing all the time and pooled server IPs do tend to change depending on the cloud setup.
- Floating IPs after restore: Understand the basics, a websites runs on an IP address on the internet that a hosting infrastructure provides us. Sometimes you may want to update DNS to another IP at another remote location but cannot use a floating IP to reassign the same IP to that new location. For example, your website is in Sydney, but you want to move it to Melbourne through a snapshot restore. For us, if it’s a multi-tenant server with for example 30 clients and 30 IT providers who maintain they need exclusive DNS access, we then need to try to contact 30 people at 3am to get an A name and C Names updated. What’s even better is we won’t have to do it once but multiple times, even having to go to the extent of calling them and explaining how to do the udpate. Not collaborating on this type of DNS results in days and days of downtime and frustration that can be avoided. I am quick to offer IT professionals access to DNS if they can justify it and ask that they provide notes in Cloudflare when they make an update to provide an audit log.
While these points make a compelling case, it’s important to note that the most effective solution can vary based on the specific needs and context of a business.
I’ve also written an article on DMARC and the technical relevance here for website email traffic as well as day to day business traffic. I find 99% of IT companies looking after domains do not use DMARC to it’s full extent and are most likely to not use DKIM either. I’ve got a full article on why your digital marketing agency needs this access.
Some businesses may prefer to have their in-house IT teams manage certain aspects for reasons like internal policy, regulatory compliance, or other unique factors. It’s always best to assess the pros and cons within the context of a specific business and make an informed decision. Cloudflare’s shared DNS in accounts is ideal for agencies who need to give IT teams access but not ideal if an IT team has the primary due to integration reasons with hosting platforms.
As web services increase and the dependency to integrate hosting within DNS for SSL and CDN’s and many other services, the debates will increase on the topic. Collaborate people and if you don’t trust someone then use some granular permissions on Cloudflare to make sure they can only do what they need to do.