DNS Services - 101Domain.com
Title | DNS Services 101Domain.com |
---|---|
Use | Points Voluntarily, OMGTech and PCFT domains at their respective websites Allows setup of MX, TXT and other records that are used to show ownership of the domain to service providers such as AWS. Also provides web forwarding from the .ly to the .nz domain. |
Owner | https://voluntarily.atlassian.net/wiki/spaces/VP/pages/106987604 |
Location | |
Cost | annual domain renewal charges |
Billing | Vaughan's Credit Card [I think] |
|
|
Access Control
Access is currently via a single login
username: andrew.watkins
password: see LastPass
2FA enabled. Andrews Authy iPhone App.
Admin Permissions Process
Access may be delegated by Operations manager to a member of the Dev or Ops team to allow renewal, management and configuration of domains.
Anyone wishing to use the shared account name and password must setup their own 2FA device.
Revoking Permissions
If it is necessary to prevent access to the account then the password should be changed. This will then restrict access to those who
a) have access to the LastPass password
b) have previously configured 2FA
Auditing Permissions and Changes
Regularly check -
The listed domains and expiry dates
The IP Access logger
Asset Backup and disaster recovery
There’s nothing we can particularly backup here.
In the event of a DR incident, we may need to configure DNS to point our domains at a new server or services.
In the worst-case scenario we would have to
Purchase and configure a new domain on a new domain service provider
Confirm domain to the platform services that require a verified domain: Auth0, AWS
Communicate the new domain to the customer base.
Risk Impact of losing access to service
If the DNS service becomes unavailable people wishing to access the Voluntarily platform would not be above to convert https://voluntarily.nz to the appropriate IP address. This may not be noticed for a while due to DNS caching.
If someone gained access to the account they would be able to redirect traffic from our site to somewhere else - potentially a similar-looking spoof site that might try to access user credentials.
Access to the account is protected by allowing only a limited number of people to manage the service and requiring 2FA to be set up for each person.