Secure your website's domain name
Your domain name can be as important to your business as your physical address. If it isn't protected there's a risk online attackers could take over your domain name and impersonate your business.
The risks
If your
A unique address for websites. For example, in 'www.example.com', the 'example' part is the domain.
This is for businesses that have a website and associated email system. It requires a moderate to high level of technical expertise. We recommend reading it but also checking with your IT provider where necessary.
How to protect your business
If you want to set up a website or a custom email address, you will need to purchase (register) a domain name from a
An organisation that is allowed by regulators to sell (register) domain names.
The .nz domain names and any registrars who offer it, are regulated by the Domain Name Commission (DNC) and InternetNZ.
This guide has the steps you can take to protect your domain name and your domain name system
DNS records hold information about your domain, such as what IP address is associated with a domain name. It points your domain (example.com) to your website’s IP address (192.0.2.1).
The advice is designed to protect your domain name from being taken over or impersonated by cybercriminals.
Keep in mind
- A domain name is a human-readable web address – such as ownyouronline.govt.nz.
- An Internet Protocol (IP) address is a machine-readable web address – such as 198.51.100.52 .
- The DNS turns domain names into IP addresses and back again.
- DNS records store information that tells computers what to do when someone wants to go to your domain name.
- When you register a domain name, it is reserved for you for a set amount of time, often a year or two.
- Registering a domain name is not the same as making a website.
Basic steps
-
Use strong login authentication
Create long, strong and unique passwords for all accounts associated with your DNS, including your website, email, registrar,
andA company that offers tools and resources to put your website on the internet.
provider.An internet server that resolves domain name queries.
Create a password policy for your business
Turn on two-factor authentication (2FA) for your account, so even if someone has your password, they cannot access your account.
-
Remember to extend your domain name registration
Domain names are registered for a limited time and need to be renewed. If your domain name registration expires, someone else could register it and start using it. You can set yourself timely reminders or set up automatic renewals. To avoid failed payments, make sure your payment method is up to date.
Next steps
-
Keep your contact details up to date with your registrar
Ensure you fill in all your details when you register your domain name and update them if they change. This helps others – such as the National Cyber Security Centre – contact you quickly if there's an issue with your website or one of your services.
-
Keep your DNS records updated
If your DNS records are not updated, they may still be pointing your domain name to an IP address or service provider that you no longer use. When this happens, someone else might be able to use your domain name for a malicious purpose.
When pointing DNS records to a service provider, make sure you have an account with them and your domain name gets assigned to your account.
When no longer using an IP address or service provider, make sure to remove your old DNS records so someone else can’t use them.
It can be worthwhile occasionally checking if you still have active accounts with your service providers, and any leftover DNS records are deleted.
More technical steps
-
Protect your email from spoofing
email is a tactic often used by cybercriminals. To prevent this, set updisguising a phone number or email address as a different one.
An SPF (Sender Policy Framework) allows you to tell others what servers are approved to send emails using your organisation's domain name. Otherwise, an attacker can send emails using your domain name from any email server.
, andDKIM (DomainKeys Identified Mail) allows your mail server to sign emails you send with a special key that is used to check that you created the email and others haven't modified it.
DMARC (Domain-based Message Authentication, Reporting, and Conformance) allows you to tell others what you want to happen if they receive an email claiming to be from you, but it doesn't pass SPF or DKIM checks
-
Disable or restrict zone transfers
Zone transfers are used to move from one DNS provider to another, this is useful if one provider becomes unavailable. However, it can allow anyone to easily access all information about your records and
An extra section of a domain, for example shop.example.com is a subdomain of example.com.
provider lets you, disable or restrict zone transfers to prevent them from being misused.A source of truth for your domain’s and subdomain’s DNS records. By default, this will be with your registrar, however, it can be delegated to other providers.
-
Consider using DNSSEC
DNS security extensions (
) help your customers ensure they get the correct DNS response. However, DNSSEC can be difficult to set up and mistakes might break things. Ask an IT professional to help you set up and maintain your DNS.DNSSEC is a security extension for DNS that adds a digital signature to DNS records. This helps protect the domain from being spoofed or taken over.