Account Management

New Account

How to set up a new account?

  1. Click the LOGIN/SIGNUP link (top right-hand side of navigation menu). The Login/Sign Up dialog box displays.

  2. Click the Sign Up tab.The Sign Up dialog box displays.

  3. Type your First Name, Last Name, Email Address, and Password, then type your password again in Confirm Password.

  4. Click the Terms of Service link to review the Terms & Conditions and, if you agree, click the checkbox.

  5. Click CREATE A NEW ACCOUNT. An email will be sent to your address with instructions.

  6. Watch for the email address verification email, click the link provided, and begin using your new account.

NOTE:You will need to verify your email address before you begin managing products in your account.

Account verification

Why am I unable to edit/manage any domains or products in my account?

When you login into your account, is there a red notification bar at the top of your account area?  If yes, then you have not verified your account email address.  This is a mandatory security procedure that we have in place to protect your information and products.  Check your email account and follow the instructions.  Once you have verified your account you will be able to manage your account.  If you cannot find this email in your mailbox, then

  1. Log in to your account.
  2. Click the Resend Email link on the red bar [located at the top of the page].
  3. Check your email and follow the instructions.

How do I verify my account email address?

You should receive an email at the email address you provided when creating your account.

  1. Check your mailbox for the email and, if received, click the link in the email.
  2. Follow the instructions in the email.
  3. If you do not receive the email in your inbox, follow the instructions above.
My Account

How do I access my account?

  1. Click the Login/Signup link (top right-hand side menu link on your website). The Login/Sign Up dialog box displays.
  2. Type the Email Address and Password you used when creating your account. You will automatically be brought to your account page showing: any Action Required items, My Activity items, a list of Get Started Link items, and a list of My Domains (your domains).
  3. To go back to your account area from this page, click your email address link in the navigation menu (top right-hand side).
  4. Select the section of your account where you wish to go.

How do I update my account email address?

It's important to keep your account's email address updated so you can receive notifications from us about your account.

  1. To update your account's email address:
  2. Log in to your Account Manager.
  3. Go to the MY ACCOUNT section.
  4. Click the ACCOUNT INFORMATION tab.
  5. Click the EDIT button (lower right-hand corner).
  6. Type your new email address in the Email Address text box.
  7. Click SAVE.

NOTE: Updating your email address does not update your domain name's contact information. To make those updates, see Update Domain Contacts.

VAT [Value Added Tax]

What is VAT?

Value Added Tax (VAT) is a tax charged on the sale of goods or services. It is calculated and added to the price of the goods or services being purchased. VAT only applies to residents within the European Union. Therefore, if you are from an EU country and do not have a registered business VAT number, you are required to pay the appropriate VAT amount on your order/.[View a list of country VAT rates].

What is VAT ID?

The Value-Added Tax ID is used in the European Union for taxation purposes. The ID is a two-letter country code followed by 5-12 characters. These characters are numbers in most countries, though some IDs also may contain letters.

How is VAT charged?

The VAT due on any sale is a percentage of the sale price. From this amount, however, the person being taxed is entitled to deduct all the tax already paid at the preceding stage. In this manner, double taxation is avoided and tax is paid only on the value added at each stage of production and distribution. In this way, since the final price of the product is equal to the sum of the values added at each preceding stage, the final VAT paid is the sum of the VAT paid at each stage.

Registered VAT traders are assigned a number and must show the VAT charged to customers on invoices. If the customer is a registered trader, he/she knows how much he can deduct, and the consumer knows how much tax he has paid on the final product. In this way, the correct VAT is paid in stages and the system is, in effect, self-policing.

What Credit Cards are supported?

Only Visa, Mastercard, American Express credit and debit cards are accepted at this time.

How do I close my account?

To close your account:

NOTE: All of the domains and products in your account need to be cancelled or transferred before you can close your account.  

  1. Log in to your account.
  2. Go to the MY ACCOUNT section of your Dashboard.
  3. Click the ACCOUNT SETTINGS tab.
  4. Under the Close Account section, click the "I understand this and wish to proceed" checkbox. The words Close my account display below the checkbox.
  5. Click the link to close your account.  

IMPORTANT NOTE: Once your account has been closed, it cannot be reopened.

Forgot password

I forgot my password and cannot log in to my account.

  1. Click the LOGIN/SIGNUP link on the website.
    1. The Login/Sign Up dialog box displays.
  2. Click the Forgot Password? link. The message "Enter your email to receive a password reset link" message displays.
  3. Type your Email Address (the email address you used to create your account).
  4. Click the red SEND button (or click the Back to login link to return to the Login/Sign Up dialog box). You will receive an email within a few minutes with a link to reset your password.
Reset passwords

How to reset a password?

  1. Click the Forgot Password? link in the Login/Sign Up dialog box.
  2. Type your Email Address (the email address you used to create your account).
  3. Click the red SEND button.
    1. You will receive an email within a few minutes with a link to reset your password.
  4. Follow the instructions in the email.

How to reset a password when you did not receive an email to reset it?

  1. Check the email account that you used to create your account.
  2. Determine whether or not the email is in your spam folder.
  3. If the email is NOT in your spam folder:
    1. Click the Forgot Password? link again in the Login/Sign Up dialog box.
    2. Check your email again and follow the instructions when you receive the email.
  4.  If the email IS in your spam folder:
    1. Move it to your Inbox and open it.
    2. Follow the instructions in the email.  

NOTE: If you still cannot receive the reset password email, or still cannot log in, then please contact Support.

Orders and Invoices

To view your orders:

  1. Log in to your Account Manager.
  2. Click the MY ORDERS tab.  A list of all orders (and their statuses) will display, including the following order information: Order Number, Status, Customer ID, Order Date, Coupon ID,  Total, Invoice Number, and Order Details

To view your invoices:

  1. Log in to your Account Manager.
  2. Click the MY ORDERS tab. A list of all orders (including their invoice number) will display.
  3. Click the specific invoice number you wish to review in the Invoice Number column. A copy of the desired invoice displays itemizing all pertinent details of your domain purchase.

To print an invoice:

  1. Log in to your Account Manager.
  2. Click the MY ORDERS tab. A list of all orders (including their invoice number) will display.
  3. Click the specific invoice number you wish to review in the Invoice Number column. A copy of the desired invoice displays itemizing all pertinent details of your domain purchase.
  4. Click the blue PRINT button in the upper right-hand corner of the window. The Print Preview window displays with various printer options.
  5. Select the appropriate printer settings from those available.
  6. Click the PRINT button, or click CANCEL to return to the previous window.
Payments and credit Cards

Credit cards that are supported:

Only Visa and Mastercard credit cards and debit cards are accepted at this time.   American Express cards are NOT supported.

To update your credit card information:

  1. Log in to your account.
  2. Go to the MY ACCOUNT tab.
  3. Click the PAYMENT INFORMATION tab.
  4. Click the EDIT icon of the card that you wish to update (in the last column on the same line).
  5. On the UPDATE CREDIT CARD DETAILS window, click the EDIT button.
  6. Update your credit card Billing Address information as required.
  7. Click  SAVE to save your updates.

NOTE:  You cannot update your credit card number or CSV code or the name on your card here.  This is because we only store the last 4 digits of your credit card number for security purposes.

How can I remove a credit card?

  1. Log in to your account.
  2. Go to the MY ACCOUNT section.
  3. Click the PAYMENT INFORMATION tab.
  4. Click the trash can (delete) icon on the card row that you wish to delete. The card will be deleted from your available cards.

How can I add a credit card to my account?

You can currently only add a new card via the purchase flow.  You cannot add a new credit card directly to your account.  This functionality will be added in the future.

What does primary credit card mean?

The primary card is the card that we will use for any domains or products in your account that are set to "auto-renew".  Payment will be automically deducted from the primary card.

NOTE: The last credit card you have added to your account will automatically be set as the Primary Card on file.

How can I set a credit card as my primary credit card?

  1. Log in to your account.
  2. Go to the MY ACCOUNT tab.
  3. Click the PAYMENT INFORMATION tab.
  4. Click the radio button in the PRIMARY CARD column for the card that you wish to set as your primary card. That card will become the first card charged in all future transactions.

To disable auto-renew your domains/products:

  1. Log in to your account.
  2. Click the MY DOMAINS tab.
  3. In the AUTO-RENEW column, uncheck (click) the box for the desired domain. The DISABLE AUTO-RENEWAL dialog box displays explaining the domain will expire on its expiry date if auto-renew is disabled.
  4. In the DISABLE AUTO-RENEWAL dialog box, click the YES button to turn it off, or click NO to return to the previous window.
  • For products - Open the management modal, click of the Actions icon on the product row, in the subscription tab, click the auto-renew button

To enable auto-renew on your domains/products:

  1. Log in to your account.
  2. Click the MY DOMAINS tab.
  3. In the AUTO-RENEW column, check (click) the box for the desired domain. The DISABLE AUTO-RENEWAL dialog box displays explaining the following: "Enabling auto-renew will mean your payment card on file will be charged automatically to keep this product active. Are you sure you want to turn on auto-renew?"
  4. Click the YES button to turn it on, or NO to return to the previous page. If you click the box, a checkmark displays in the checkbox for the selected domain.

Is there a global auto-renew settings for my account?

No, there is no global auto-renew setting on an account level.

I can't edit any domains or products in my account.
  1. Log in to your account.
  2. In your account area you will see a red bar at the top of each section. 
  3. Check your email account  for an email called ' Please verify your email address to activate your...'
  4. Follow the instructions and click on the link in the email.  You will be brought to the login screen.
  5. Once you log in to your account , you will be able to edit and manage your domains and products in your account.
How do I login to my account?
  1. Click the LOGIN/SIGNUP link on the website [top right hand side of the homepage].
    • The Login/Sign Up dialog box displays.
  2. Enter your email address and password and click the 'LOGIN' button

I cannot remember my Password

If you cannot remember your password then follow these steps:

  1. Click the Forgot Password? link. The message "Enter your email to receive a password reset link" message displays.
  2. Type your Email Address (the email address you used to create your account).
  3. Click the red SEND button. You will receive an email within a few minutes with a link to reset your password.

My email address will not work and I cannot login to my account, what do I do?

If you are getting an error when on the 'Forgot Password' screen, when entering your email address then you will need to contact customer support at and provide them the domain names that you are trying to access.  They will be able to tell you the email address your account been created with.

Domain Management

What is domain forwarding?

Domain forwarding (sometimes known as URL forwarding or URL Redirection) is a technique which can be used to redirect a domain to another URL.

When you set up URL forwarding for a domain, it redirects anyone who visits that domain to the domain you have specified.

There are different types of Domain forwarding [URL forwarding] that you can setup: Masked and Redirect.

  • Masked forwarding prevents visitors from seeing your domain name forwarding by displaying your domain name in the Web browser's address bar.
  • Redirect forwarding will send visitors to your domain name to another site on a different domain name and the different domain name will be visible.

Here is an example of how you can configure forwarding

Forwarding example.INFO to example.NET
Forwarding Option Visitor Goes To Site Visitor Sees Address Bar Displays
example.INFO example.INFO
without Masking
example.INFO example.COM example.COM
with Masking
example.INFO example.COM example.INFO
Set up Domain URL forwarding

You can set up domain URL forwarding to point your domain (e.g. to any destination page of your choice (e.g. Normally, when you set up URL forwarding for a domain, it will take effect within minutes.

Note: you can only set up URL forwarding for a domain using our default nameservers.

  1. Log in to your iDomains account.
  2. Go to the My Domains section.
    1. The Domains table is displayed showing all domains in your account.
  3. Click the Actions icon on the row of the domain that you want to add URL forwarding to.
  4. Go to "Domain Forwarding".
    1. The Domain Forwarding screen displays.
  5. In the Point to: text box, type the URL to which you want the domain name to point.
  6. In the Type of Format text box, use the down arrow to select either "Masked URL forwarding" or "Redirect URL forwarding", whichever is applicable to your situation. For more information on the types of forwarding click here
  7. Click Save to save your settings.
Domain Privacy

What is Domain Privacy [Whois Privacy]?

Typically when you register a domain name, your contact information is publicly available. Domain Privacy shields your personal information from public view. You control who reaches you and when.  

You can purchase domain privacy for each of your domains at any time.

NOTE: SomeTLDs do not allow you to add domain privacy to their domain names.  We restrict you from adding Domain Privacy to the domains that don't support it.

How do I add Domain Privacy to a Domain?

When you are purchasing a domain, you will have the option to add Domain Privacy in your cart. Or alternatively, you may add Domain Privacy to your domain via your Account Manager.

NOTE:  If the domain privacy option does not display, then the TLD you are purchasing does not support it.  

  1. Log in to your account.
  2. Go to the MY DOMAINS tab. 
  3. Select the domain you wish to add Domain Privacy to by clicking the check box in the first column.
  4. Click the DOMAIN PRIVACY button at the top of the table. You will be brought to the Cart to pay for your Domain Privacy feature.

NOTE: Your Domain Privacy end date will be the same as the domain expiry date of the domain you are adding it to.

Register a domain
  1. Type the domain name you are looking for [e.g.] or a keyword [e.g. bobspizza] in Search box.
    Your search results will be displayed. If the domain is available for purchase, the status will be "Available".
  2. Click the "Add" button to the right of the name and that domain name will be added to your shoping cart. You can repeat the process to get additional names.
  3. When you are ready to continue, click the shopping cart icon at the top of the page.
    Your cart will show the item(s) you wish to purchase with the amount(s) and ask you to proceed to Checkout.
  4. Click the red Checkout button.
    If you are not logged in, the Login / Sign-up window will display. Sign in or create a new account.
  5. Once logged in, you will be automatically directed to the Checkout page.
  6. Type your credit card information. If you already have an account, you may select from a card you have used previously on the site.
  7. Type your Credit Card Billing Address.
    NOTE: You may use your billing Address for your domain contact information or type your domain name contact information separately [domain contact information is an ICANN requirement for each doamin purchase].
  8. Click the red Purchase button.
  9. If you wish to return to your Shopping Cart page, click the Edit Cart link.
    NOTE: You may read the Terms & Conditions of Use and/or the Domain Name Registration Agreement by clicking the appropriate link. 
  10. Once your payment is processed (which should take only a few minutes), you will see your order summary. This will confirm your domain name, product type, amount, and number of years for which your domain has been registered.   
Manage Domains in My Account

Where can I find my domains?

  1. Log in to your account.
  2. Go to the MY DOMAINS tab. All of the domains associated with your account will be displayed.

How do I edit my domains?

  1. Log in to your account.
  2. Go to the MY DOMAINS tab.
  3. Click the Actions icon on the row of the domain that you want to edit/update. The Manage Domain- window displays.

From this window, you may:

  • add/change/delete domain name servers,
  • set up a domain to be forwarded,
  • set up or change domain contacts, or
  • change DNS settings, transfer a domain or delete a domain.

NOTE: Remember to click Save in each section to save any changes you made to your domain.

What are domain contacts?

Each domain name registered must include contact details. There are four sets of contact required per domain:

  • Registrant
  • Technical
  • Billing
  • Administrative  [these can all be the same].  

These contact details are entered into a WHOIS database so that the domain owner can be contacted if necessary for various reasons.

NOTE: When you purchase a domain name, the contacts you enter or agree to are used.  It is possible to update the Domain Contact Details so that different details are used for each type of contact.

The Registrant and Administrative contacts are the most important. The Registrant contact will be used primarily to determine who currently has rights over the domain for matters such as domain transfers. If the Registrant cannot be contacted, the Administrative contact will then be contacted.

If you have Domain Privacy added to your domain name, then your domain contacts will not be available to the Public in the Public Whois database.

If your domain name is not working

There are several reasons why your domain may not be resolving (working) properly. They include:

  • You haven't allowed sufficient time for your domain to propagate across the Internet. In some instances, but not generally, this may take as long as as 24 or 48 hours.
  • You did not add your domain to a name server. In other words, no name servers are attached to your domain name.
  • You registered your name with one registry but you did not point the name servers to your new registry servers. You can do that by updating your DNS settings, simply log in to your account.  See Change DNS Settings.
  • If none of the above are the problem, please contact us.
Renew a domain that has expired

If your name has expired, it may still be possible to renew it.  Once a domain name has reached its expiry date, it will enter a Grace Period. Domains can be renewed within this period for a cost of 1 year renewal.  At the end of the Grace Period, domains not renewed then enter a period called Redemption Grace Period (RGP). This is a thirty (30) day period that begins after a registrar requests that a registry delete a domain.  Domains can still be renewed within RGP but in additon to the 1 year renewal fee for the domain, there is also a $150 administrative fee to renew the domain.

  1. Log in to your account.
  2. Go to the MY DOMAINS tab. All of the domains in your account will display in a table.
  3. Check the status of your domains, and remember that any domain in the Grace Period or Redemption Grace Period can still be renewed.
  4. Click the Renew link (alongside the status) to start the renewal process.

NOTE: Enable Auto-Renew to avoid any domains/products being impacted at renewal time.

Please contact us for assistance in renewing an expired name.

What are the default name servers of my domain

The default name servers for your domain are:

Change name servers on your domain

To change a name server:

  1. Log in to your iDomains account.
  2. Click the MY DOMAINS tab.
  3. Click the Actions icon of the domain on which you wish to change name servers. The Manage Domains - window displays.
  4. In the Manage-Domain - window, click the Name Servers tab.
  5. When the list of current name servers for the domain displays, change the name server(s) as desired, or add nameservers as required.
  6. Click SAVE

To edit name server information:

  1. Click the EDIT button on the line of the appropriate name server.
  2. Type the new name server information on the appropriate line in the Name Server column.
  3. Click the SAVE button. The new information will be stored.

To add a new name server:

  1. Click the ADD NAME SERVER button and type the new name server information in the box in the Name Server column.
  2. Click the CREATE button, or click CANCEL. A congratulatory message displays if you are successful.

To delete a name server:

  1. On the same line as the name server you wish to delete, click the DELETE button. If successful, a message will indicate a successful deletion.
  2. Click the Revert to Default button to use the default server. A dialog box displays asking you if you are sure you wish to revert to the default name server.
  3. Click YES to revert, or NO to return to the previous page. A congratulatory message displays if the deletion was successful.
To lock a domain name

Your domain is automatically locked by default for the first 60 days.

  1. Log in to your account.
  2. Click the MY DOMAINS tab.
  3. In the LOCK STATUS column, click the check box (i.e., place a checkmark) for the domain that you wish to lock.
To unlock a domain name

Your domain is automatically locked by default for the first 60 days.

  1. Log in to your account.
  2. Click on the MY DOMAINS tab.
  3. In the LOCK STATUS column, click the check box on the line for the domain that you wish to unlock (and 'uncheck' the check box).

NOTE: If there is no checkmark in the check box, the domain is already unlocked.

Update Domain Contacts

It's important to keep your domain names' registrant, administrator, technical, and billing contact information (also known as your Whois information) updated at all times. This information is used to notify the pertinent contact of changes or requests for your domain names.

NOTE: You will need to update each domain in your account separately.

To update your domain contacts:

  1. Log in to your Account.
  2. Click the MY DOMAINS tab.
  3. Click the Actions icon beside the domain your wish to update. The Manage Domain - window displays.
  4. On the Manage Domain - window, click the DOMAIN CONTACTS tab. The Domain Contacts window displays.
  5. Review the contact information and click the EDIT button to make changes or additions. An editable version of the window displays.
  6. You can update each contact separately, or use the same contact information for all four contacts if desired.
  7. Click SAVE to update your domain contact information.

NOTE: If you initially set up only one contact and now wish to add other contacts, uncheck (click) the "Apply this contact information to all 4 contacts (Registrant, Administrative, Technical and Billing" checkbox. You can then update each contact separately by clicking each tab and providing the contact information. When finished, click the SAVE button.

To Configure Your Domain Name to Work with Tumblr
  1. Edit your primary A record (i.e. @) or create a new A record for the subdomain you want use to point to 
  2. Log in to your Tumblr account.
  3. Click SETTNGS (the gear icon) at the top of your Dashboard.
  4. Click the blog you wish to update on the right side of the page.
  5. Click the pencil to the right of the Username section and enable "Use a custom domain."
  6. Type your domain (e.g. or subdomain (e.g.
  7. Click Test your domain.
  8. Correct problems if the test finds any, and click Test your domain until the test is successful.
  9. Click SAVE.

NOTE: It may take up to 48 hours for the domain name's settings to propagate.

Why is my domain on "CLIENT HOLD" or REGISTRAR-HOLD in the WHOIS lookup?

A domain name with the Status of "CLIENT HOLD" OR "REGISTRAR-HOLD" is expired.

You will need to contact your Domain Provider to renew your domain name.

Depending on where you perform the WHOIS lookup, the output may show the expiry date as being next year.  This is a temporary year given by the Registry in order to allow the domain name to still remain registered to you even though the domain has expired.

If the domain is not renewed within 40 days of the expiry date the Registry will revoke the "extra year" and the domain name will be deleted from our system.

DNS Management

DNS Architecture

What is DNS architecure?

The DNS architecture is a hierarchical, distributed data base and an associated set of protocols defining:

  • a mechanism for querying and updating the data base
  • a tool for replicating information in the data base among servers
  • data base schema

What is a root domain?

A root domain is the top of the tree, representing an unnamed level; it is sometimes shown as two empty quotation marks "(""), indicating a null value.

What are top level domains (TLDs)?

TLDs are names used to indicate a country/region or the type of organization using a name. TLDs are the highest level or organization on the web.

What are second level domains?

Second level domains are variable-length names registered to an individual or organization for use on the Internet.

This part of the domain name is the part that people, organizations or businesses register to represent their places on the web. Second level domain names also differentiate themselves, or their offerings, from other web sites. These names display to the immediate left of the TLD.

What are third level domains?

This portion of the domain name displays in front of the second-level domain name. Third level domains are also called 'subdomains'. The most common third-level domain name is www, but there are other forms, for example,

What is a host (or resource) name?

Host names represent a leaf in the DNS tree of names and identify a specific resource.

What are domain names?

Domain names are the way we organize, navigate and understand the Web. Without domain names, URLs would be a series of numbers, or IP addresses, that would be difficult to remember. However, a domain name gives us an address that is easier to recall. A domain name is key to doing just about anything on the Internet, from setting up a website to sending and receiving email, to building an online store.

What is ICANN?

ICANN (Internet Corporation for Assigned Names and Numbers) is the global, non-profit, private-sector coordinating body acting in the public interest. ICANN oversees the distribution of unique numeric IP addresses and domain names thereby ensuring the DNS functions properly. ICANN also oversees the processes and systems that ensure every domain name maps to the correct IP address.

Who are registrants?

A registrant is an individual, company or organization who possesses the right to use a specific domain for a specific time period. The registrant (also referred to as the 'user') determines how the domain name will be used during its term of service.

Who are registrars?

A registrar is an entity accredited by the Internet Corporation for Assigned Names and Numbers (ICANN) to provide direct services to registrants. Their job is to help registrants find, manage and then send required domain name information to a registry. Currently there are over 900 registrars around the world serving a variety of registrants.

What are registries?

Registries (domain registry operators) and the 'back end' operations that maintain and operate the infrastructure that converts IP addresses to domain names. Registries receive DNS information from registrars, process it through a centralized database, and distribute the information via Internet zone files so users can find the domain names they're looking for.

Who are resellers?

Resellers resell the services of a registrar. Even though they are not accredited by ICANN, resellers generally provide excellent customer service and support.

The Internet, Domains and DNS

What is the Internet?

"The Internet" is a worldwide network of interconnected computers which all use the protocol TCP/IP to communicate. All websites that are publicly-accessible are hosted by a web server computer that is part of the Internet. Every personal computer, cell phone, etc. that is used to access websites is part of the Internet as well.

What is HTTPS?

HyperText Transfer Protocol, or HTTP, is the language or "protocol" spoken by all web browsers when they communicate with web servers. Secure Sockets Layer (SSL) is a protocol that provides secure communication. When two programs communicate with each other using HTTP via SSL, it is referred to as "HTTPS". Part of the security is a verfication process that each of the two programs must follow so that they recognize each other and agree on an encryption method. This is part of the SSL Certificate process.

What is a DNS dynamic update?

In some instances, computers are given a different IP address every time they connect to the Internet. This practice allows Internet service providers (ISPs) to serve many customers using only a few IP addresses. but it means that a computer's address on the Internet is always changing. If users host a website, they don't want the website name to change, even if  their ISP changes the IP address. DNS dynamic update automatically maintains the relationship between their fixed website name and the changing IP address so that their website is easy to find on the Internet.

What is a Internet Domain Name System (DNS)?

A Domain Name System (DNS) is a database that stores all of the domain names and corresponding IP address numbers for a specific top-level domain (TLD) such as .info or .org. It is the addressing system for the Internet. Computer systems and resources on the Internet are identified and located by the DNS. When a user types in a Web address (URL), for example, the DNS matches the name that is typed with the correct IP address. The user is then connected to that web site.

How does the DNS work?

DNS syncs up domain names with IP addresses. This process enables users to use domain names while computers on the Internet use IP addresses to locate the domains. Domain names allow people to organize, navigate and understand the web and provide a literal address that directs Internet users to the area of the web they wish to go.

As on late 2014, there are over 276 million registered domain names. 

What are resource records?

A DNS database consists of resource records (RRs). Each RR identifies a particular resource within the database. There are various types of RRs in DNS.

What are DNS name servers?

A Domain Name System (DNS) name server connects you to desired websites. These name servers are physical servers that store DNS database records. They are the hardware that handles billions of user requests every day. When a user types a web address into a browser, a domain name server receives the query, finds the desired IP address, and directs the user’s computer to the correct website. This entire process requires only a few seconds.

What is an authoritative name server?

An authoritative name server stores all of the information about a zone.

What is a recursive name server?

A recursive name server answers DNS queries from Internet users and stores DNS response results for a specified time period. Responses are cached (stored) each time a response is received by a recursive name server so that subsequent queries can be performed faster.

What does 'resolution' mean?

Resolution in DNS is the process of converting domain names into an IP addresses.

What is the DNS cache?

Every time a user types a web address into a web browser, a query is sent to a DNS server. If the query is successful, the website will open. An error message will display if the query fails. A record of all queries (both successful and unsuccessful) is stored (temporarily) on the user's computer in the "DNS cache". This cache is always checked prior to querying any DNS server. If a record is found that matches the query, DNS uses that record instead of querying the server thereby decreasing network and Internet traffic and improving query speed.

Should the DNS cache be cleared periodically?

Clearing the DNS cache forces DNS to query a DNS server instead of using cached information. If a user is making changes to a website that he/she manages, or receiving repeated errors when a correct web address is being typed, clearing the DNS cache is recommended.

What does cache poisoning mean?

If malicious DNS data goes into the cache of a recursive name server, this results in "cache poisoning." Cache poisoning allows an attacker to redirect traffic to fraudulent sites.

What is a 'man in the middle' attack?

When communication between two systems is secretly intercepted and then modified, this is known as a man-in-the-middle (MITM) attack. In some instances, attackers modify the communication to redirect traffic to a different address or website. Because users are unaware of the "man in the middle", they assume they are communicating with the desired web site.

What are root servers?

The first DNS server the recursive resolver communicates with is called a "root server". Root servers are running all over the world (13 sets of root servers in over 300 locations) and each one holds DNS information about TLDs such as .info or .org. The first step in answering a user's query is for the recursive resolver to ask a root server for DNS information about the TLD. The root servers are supported by thousands of servers located strategically according to amount of Internet activity.  

Zone File Transfer Delegation

What is a zone?

A zone is a portion of the DNS database that contains the resource records with the owner names that belong to the contiguous portion of the DNS namespace. Zone files are maintained on DNS servers. A single DNS server can be configured to host zero, one or multiple zones

What does the term 'delegation' mean?

Delegation is the process of assigning responsibility for a portion of a DNS namespace to a DNS server owned by a separate entity.

What is a primary zone?

A primary zone is an original copy of a zone in which all resource records are updated (added, modified, and deleted).

What is a secondary zone?

A secondary zone is a read-only copy of the primary zone. It is created and updated by transferring zone data from the primary zone.

What is a stub zone?

A stub zone is a read-only copy of a primary zone. It contains only the DNS resource records which identify the DNS servers listed in the zone (SOA, NS, and glue A resource records) that are authoritative for a DNS domain name.

What is a zone transfer?

A zone transfer is the process of replicating a zone file to multiple DNS servers.

What is zone file replication?

Zone replication (also known as cloning zones) is similar to creating a new zone. Users can retain the same zone configuration of an existing zone or change the configuration when replicating it.

What is a full zone transfer?

A full zone transfer (AXFR) replicates the entire zone file.

What is an incremental zone transfer?

An incremental zone transfer (IXFR) replicates only those records that have been modified. An incremental zone transfer might occur in any of the following cases when:

  • the refresh interval expires for the zone
  • a secondary server is notified of zone changes by its master server
  • the DNS Server service is started at a secondary server for the zone
  • the DNS console is used at a secondary server for the zone to manually initiate a transfer from its master server.

What is a DNS query?

A DNS query is a request for DNS resource records of a specified resource record type with a specific DNS name.

What is a recursive DNS query?

A recursive query forces a DNS server to respond to a request with either a failure or a successful response. DNS clients (resolvers) typically make recursive queries.

What is an iterative DNS query?

In an iterative query, the DNS server is expected to respond with the best local information it has, based on what the DNS server has stored from local zone files or from caching. If the DNS server is not authoritative for the name, this response is also known as a referral.

What are Time Live resource records?

The Time to Live (TTL) value in a resource record indicates a length of time used by other DNS servers to determine how long to cache information for a record before expiring and discarding it.

What is DNS Notify?

A DNS Notify is an update to the original DNS protocol specification. It facilitates a means of initiating notification to secondary servers when zone changes occur (RFC 1996).

What are root hints?

Root hints prepare servers that are authoritative for non-root zones to learn and discover authoritative servers that manage domains located at a higher level, or in other subtrees of the DNS domain namespace.

What are extension mechanisms for DNS (EDNSO)?

Extension Mechanisms for DNS (per RFC 2671) allow DNS requestors to advertise the size of their UDP packets and facilitate the transfer of packets larger than 512 octets, the original DNS restriction for UDP packet size (per RFC 1035).

DNS Physical Structure

What is a domain name?

The domain name, along with the client computer name, makes up the fully qualified domain name (FQDN), also known also as the full computer name. The DNS domain name is the remainder of the FQDN that is not used as the unique host name for the computer.

What is a netBIOS name?

For earlier version clients, the NetBIOS name is used to locate various types of NetBIOS services that are shared on your network. The NetBIOS name uniquely identifies a computer’s NetBIOS services and it resolves to the IP address of the computer through broadcast, WINS, or the LMHosts file.

What is a host name?

The host name is the first label of a FQDN. For example, the first label of the FQDN is client1.

What is a primary DNS suffix?

The primary DNS suffix is also known as the primary domain name.

What is a connection-specific DNS suffix?

The connection-specific DNS suffix is a DNS suffix that is assigned to a network connection.

What is a fully qualified domain name (FQDN)?

The FQDN is a DNS name that uniquely identifies the computer in the DNS namespace.

What is a full computer name?

The full computer name is the FQDN for a Windows XP, Windows 2000 or Windows Server 2003 computer

What is the DNS Servers List?

The DNS servers list is a prioritized list of DNS name servers that must be configured for each computer to use when processing queries and resolving DNS names.

What is the DNS suffix search list?

DNS clients are able to configure a DNS domain suffix search list that changes their DNS search capabilities. Adding additional suffixes to the list allows users to search for short, unqualified computer names in more than one specified DNS domain.

What is subnet prioritization?

Local IP addresses are returned to the DNS Client service in preference to IP addresses on different subnets via DNS subnet prioritization. Network traffic is reduced by subnet prioritization encouraging client computers to connect to network resources near them.

What is an advanced parameter?

When initialized for service, DNS servers use server configuration settings taken from the parameters stated in a boot information file, the registry, and possibly zone information provided through Active Directory integration.

What is disable recursion?

The Disable Recursion setting indicates whether or not a DNS server uses recursion.

What are BIND secondaries?

The BIND secondaries format is also compatible with BIND-based DNS servers that run versions 4.9.4 and later.

What is’ fail on load if bad zone data’?

This advanced parameter option can be reconfigured using the DNS console so that the DNS server service logs errors and fails to load a zone file containing records data that is determined to have errors.

What is 'enable round robin'?

This advance parameter setting determines whether or not the DNS server uses round robin to rotate and reorder a list of resource records (RRs) if multiple RRs exist of the same type for a query answer.

What is 'enable netmask ordering'?

This advance parameter setting determines whether or not the DNS server reorders A resource records within the same resource record set in its response to a query based on the IP address of the source of the query.

What is 'secure cache against pollution'?

This advance parameter setting determines whether or not referred names are potentially polluting or insecure and if the server discards them or not. The server determines whether to cache the name offered in a referral on the basis of whether or not it is part of the exact related DNS domain name tree for which the original queried name was made.

DNS Processes

How do DNS queries work?

When you type a domain name (, for example) into your browser, your browser sends a query over the Internet to find the website A query is a question seeking to match the domain name with its corresponding IP address.

When a DNS client needs to look up a name used in a program, it queries DNS servers to resolve the name. Each query message the client sends contains three pieces of information, specifying a question for the server to answer:

  1. A specified DNS domain name, stated as a fully qualified domain name.
  2. A specified query type, which can either specify a resource record by type or a specialized type of query operation.
  3. A specified class for the DNS domain name. For Windows DNS servers, this should always be specified as the Internet (IN) class.

What are alternate query responses?

The previous discussion of DNS queries assumes that the process ends with a positive response returned to the client. However, queries can return other answers as well.

What is an authoritative answer?

A positive answer returned to the client and delivered with the authority bit set in the DNS message to indicate the answer was obtained from a server with direct authority for the queried name.

What is a positive response?

A positive response can consist of the queried resource record or a list of resource records (also known as an RRset) that fits the queried DNS domain name and record type specified in the query message.

What is a referral answer?

A referral answer contains additional resource records not specified by name or type in the query. This type of answer is returned to the client if the recursion process is not supported.

What is a negative response?

A negative response from the server can indicate that one of two possible results was encountered while the server attempted to process and recursively resolve the query fully and authoritatively:

  • An authoritative server reported that the queried name does not exist in the DNS namespace.
  • An authoritative server reported that the queried name exists but no records of the specified type exist for that name.

What is iteration?

Iteration is the type of name resolution used between DNS clients and servers when the following conditions are in effect:

  • The client requests the use of recursion, but recursion is disabled on the DNS server.
  • The client does not request the use of recursion when querying the DNS server.

An iterative request from a client tells the DNS server that the client expects the best answer the DNS server can provide immediately, without contacting other DNS servers.

What is the reverse lookup process?

DNS provides a reverse lookup process, enabling clients to use a known IP address during a name query and to look up a computer name based on its address. A reverse lookup takes the form of a question, such as "Can you tell me the DNS name of the computer that uses the IP address"

What is forwarding?

A forwarder is a Domain Name System (DNS) server on a network that is used to forward DNS queries for external DNS names to DNS servers outside of that network. Users can also forward queries according to specific domain names using conditional forwarders.

What are conditional forwarders?

A conditional forwarder is a DNS server on a network that is used to forward DNS queries according to the DNS domain name in the query.

What is dynamic update?

Dynamic update enables DNS client computers to register and dynamically update their resource records with a DNS server whenever changes occur. This reduces the need for manual administration of zone records, especially for clients that frequently move or change locations and use DHCP to obtain an IP address.

What are protocol descriptions?

An update message can add and delete resource records from a specified zone and also test for prerequisite conditions. (This new opcode, or message, format is called UPDATE, and it was introduced in RFC 2136.) UPDATE is atomic which means that all prerequisites must be satisfied or no update operation will take place. 

What areAccess Control Lists (ACLs)?

Access to the DNS zones and resource records stored in Active Directory is controlled via access control lists (ACLs). ACLs can be specified for the DNS server service, an entire zone, or for specific DNS names.

What are Aging and Scavenging features?

Aging and scavenging features are mechanisms for performing cleanup and removal of stale resource records which can accumulate in zone data over time.

DNS Protocol

What does DNS protocol mean?

The DNS protocol consists of different types of DNS messages that are processed according to the information in their message fields. The DNS message topics include:

What are the DNS protocol message types?

There are three types of DNS protocol messages: queries, responses, and updates. Queries and responses are defined in the orginal DNS standard, and updates in RFC 2136. All follow a common message format.

What is the Transaction ID field?

In the DNS query message header, the Transaction ID field is a 16-bit field that identifies a specific DNS transaction. The Transaction ID is created by the message originator and copied by the responder into its response message. The DNS client can match responses to its requests by using the Transaction ID.

What is the Flags field?

In the DNS query message header, the Flags field is a 16-bit field containing various service flags that are communicated between the DNS client and the DNS server.

DNS Related Information

What are RFCs?

Request for Comments (RFCs) are an evolving series of reports, proposals for protocols, and protocol standards used by the Internet community. Domain Name System (DNS) specifications are based on approved RFCs published by the Internet Engineering Task Force (IETF) and other working groups.

What are the DNS Resource records format fields?

All resource records have a defined format that uses the same top-level fields.

What is the Owner field?

The Owner field Indicates the DNS domain name that owns a resource record. This name is the same as that of the console tree node where a resource record is located.

What is the Time to Live (TTL) field?

For most resource records, the Time to Live field is optional. It indicates the length of time used by other DNS servers to determine how long to cache information for a record before expiring and discarding it.

What is the Class field?

The Class field contains standard mnemonic text indicating the class of the resource record.

What is the Type field?

The Type field contains standard mnemonic text indicating the type of resource record.

What is the Record specific data field?

The record specific data field is a required, variable-length field that contains information describing the resource.

What are DNS resource records?

DNS resource records are the data that is associated with DNS names in the DNS namespace. There are typically two types of resource records: authority records and other records.

What is the Start of Authority (SOA) resource record?

The Start of Authority (SOA) resource record is the first record in any standard zone. It indicates the DNS server that either originally created it or is now the primary server for the zone. It is also used to store other properties such as version information and timing that affect zone renewal or expiration. These properties affect how frequent zone transfers are performed between servers authoritative for the zone.

What are name server (NS) resource records?

Name server (NS) resource records can be used to assign authority to specified servers for a DNS domain name by:

  • Establishing a list of authoritative servers for the domain so that those servers can be made known to others that request information about this domain (zone).
  • Indicating authoritative DNS servers for any subdomains that are delegated away from the zone.

What is the Host (A) resource record?

Host (A) resource records are used in a zone to associate DNS domain names of computers (or hosts) to their IP addresses, and can be added manually,

What is the Alias (CNAME) record?

Alias (CNAME) resource records are also sometimes called canonical names. These records allow you to use more than one name to point to a single host, making it easy to do such things as host both an FTP server and a Web server on the same computer.

What is the Mail Exchanger (MX) resource record?

The mail exchanger (MX) RR is used by e-mail applications to locate a mail server based on a DNS domain name used in the destination address for the e-mail recipient of a message.

What is the Pointer (PTR) resource record?

Pointer (PTR) RRs are used to support the reverse lookup process, based on zones created and rooted in the domain. These records are used to locate a computer by its IP address and resolve this information to the DNS domain name for that computer.

What is the Service Location (SRV) resource record?

Host (A) resource records are used in a zone to associate DNS domain names of computers (or hosts) to their IP addresses, and can be added manually.

Other DNS Information

What is the Boot file?

The BIND boot is a configuration file. This file is not created by the DNS console. However, as an optional configuration for the DNS server service, it can be copied from another DNS server running the Berkeley Internet Name Domain (BIND) server implementation of DNS.

What is the cache.dns file?

This file contains DNS resource records (by default) that prime the local cache of the server with the addresses of authoritative root servers for the Internet. If a user is setting up a DNS server to resolve Internet DNS names, the information in this file is required unless the user enables the use of another DNS server as a forwarder to resolve the names.

What is the Root.dns file?

The Root.dns is a zone file. It can appear at a DNS server if it is configured as a root server for a network.

What is the zone_name.dns file?

The zone_name.dns file is used when a standard zone (either primary or secondary) is added and configured for a server. Files of this type are not created or used for primary type zones that are directory-integrated and stored in the Active Directory database.

What is DNSSEC?

Domain Name Security Extensions (DNSSEC) is an important upgrade to Internet security that protects users against cyber attacks. DNSSEC provides authentication and integrity to the DNS to end malicious attacks by providing:

  • Origin authentication and data integrity: DNSSEC-enabled resolvers can verify that DNS data received is identical to information on the authoritative DNSSEC-enabled name server. This is done by authenticating the origin and integrity of DNS data as it moves around the Internet.
  • Authenticated denial of existence: DNSSEC-capable resolvers are able to determine if a resource, a name server, for example, truly exists. This provides an additional layer of security.

Answers to queries in DNSSEC are digitally signed. A user checking the digital signature can verify if the information is identical to the information on the authoritative DNS server, ensuring that what the user queried is what actually resolves.

Websites and email server owners who have installed DNSSEC can expect to have more certainty that visitors to their website and emails destined for their mail servers will actually make it there and not be redirected.

How does DNSSEC work?

A cryptographic key for the associated DNS record is provided to help protect clients. If an attacker attempts to compromise the record, it results in a bad DNS entry. The DNS cryptographic key will be false. Every time a lookup is attempted, the user will be notified that the DNS entry is invalid. The client is prevented from accessing the rogue web site which often leads to a compromise of user data or credentials.

I changed my DNS settings but nothing happens, why?

When your nameservers are changed, or DNS changes are made, you can expect a propagation time of up to 24 hours. This is because it takes time for the DNS to take effect across the internet. The actual time of propagation may vary in some locations based on your network setup.