DNS Basics: What You're Paying For Every Year

When you pay $14.99 to renew your domain name each year, you're paying for DNS. Most business owners don't know what that means. Here's the plain version.

What DNS Actually Is

DNS stands for Domain Name System. Think of it as the internet's phone book.

When someone types yourcompany.com into their browser or email client, their computer doesn't know where that is. It asks a DNS server: "Where is yourcompany.com?" The DNS server answers: "It's at 192.168.1.100" (an IP address). Their computer connects. The page loads. The email delivers.

Without DNS, you'd have to memorize strings of numbers like 207.46.197.32 to visit websites or send email. DNS is why we can type names instead.

Why DNS Matters for Your Business Email

Every piece of email you send or receive passes through DNS. Specifically:

MX Records (Mail Exchange) These tell the world where to send email for your domain. When someone emails you@yourcompany.com, their mail server looks up yourcompany.com's MX records to find where to deliver it.

If your MX records are wrong, your emails bounce. Customers don't get your responses. Vendor invoices go nowhere. You lose business and look incompetent.

SPF Records (Sender Policy Framework) These tell the world which servers are allowed to send email "from" your domain. Without SPF, anyone can send email that appears to come from you@yourcompany.com.

DKIM and DMARC Records These are DNS records too. They prove your emails are legitimate and tell other mail servers what to do with unauthenticated emails.

What Happens When DNS Goes Wrong

Scenario 1: Expired Domain You forgot to renew. Someone else buys yourcompany.com. They set up email "from" your domain. They send fake invoices to your customers. Your customers pay the wrong person.

Scenario 2: Accidental Deletion Your web developer "cleaned up" DNS records and deleted your MX records by mistake. For three days, every email to your company bounces. Customers think you're out of business. Vendors think you're dodging them.

Scenario 3: DNS Hijacking Attacker compromises your registrar account. Changes your nameservers to point your domain to their servers. Captures all your email traffic. Redirects your website to a phishing page.

Scenario 4: BGP Hijacking More sophisticated: attackers reroute traffic for your IP address range at the network level. Your email goes to them. Your website serves their content. This happens more than you'd think—small ISPs and cloud misconfigurations are common causes.

What It Costs

Domain Registration: $10-$20/year at most registrars. Some charge $50+ for the same thing. Shop around—there's no difference in service quality between a $14 domain and a $50 domain.

Premium DNS (optional): $0-$20/month. Cloudflare's basic DNS is free. Enterprise features (advanced analytics, SLA guarantees) cost more. For most SMBs, free is fine.

DNS Monitoring: $0-$10/month. Services like Cloudflare or DNSWatch monitor for unauthorized changes. Most basic monitoring is included with your registrar.

Domain Registrar Security Add-ons: $0-$10/month. Registrar locks, WHOIS privacy, MFA on your registrar account. Some registrars charge for these; some include them.

Recovery If Something Goes Wrong: $1,000-$10,000+. If your domain is hijacked or expires and gets picked up by a squatter, getting it back is expensive, time-consuming, and not guaranteed.

Minimum Viable Implementation

1. Write down your domain registrar. If you don't know where you bought yourcompany.com, find out now. Check your credit card statements. Ask whoever set up your website. You need this information for renewals and security.

2. Enable registrar lock. This prevents accidental or unauthorized transfers. Most registrars call it "transfer lock" or "domain lock." It's usually free. Turn it on today.

3. Enable MFA on your registrar account. This is the most important step. Most domain hijacks happen because the registrar account password is weak or compromised, not because of some sophisticated attack. MFA stops those attacks cold.

4. Set calendar reminders 30 days before renewal. Domain expiration is a real risk. Set it and forget it with auto-renew if your registrar offers it. But also keep a manual reminder.

5. Document your DNS records. Take screenshots or export your DNS zone. Store it somewhere safe. If something goes wrong, this record lets you rebuild quickly.

Vendor Questions (Copy/Paste)

1. "Do you offer free registrar lock to prevent unauthorized domain transfers?"

2. "What MFA options do you support—SMS, authenticator app, hardware keys?"

3. "What's your process if someone calls claiming to be me and asks to transfer my domain or change my DNS?"

4. "How quickly can I make DNS changes, and how long do they take to propagate?"

5. "What happens to my domain if I forget to renew? What's your grace period?"

6. "Do you offer DNSSEC? If so, how do I enable it?"

When to Hire Help

DIY-friendly if:

• Single domain
• Simple DNS (just your website and email)
• Using a reputable registrar (Cloudflare, Namecheap, Google Domains)
• Basic understanding of A records, MX records, and TXT records

Get professional help if:

• You're migrating your domain to a new registrar or DNS provider
• You've experienced DNS issues (email not delivering, website down)
• You have multiple domains with different providers
• You're setting up complex email routing (multiple domains, forwarding rules)
• You received an email or call about your domain you didn't initiate

Warning signs:

• Emails to your domain are bouncing with "mailbox not found" errors
• Customers saying they're getting emails "from" your domain you didn't send
• Your website or email goes down with no explanation
• You've received an unexpected domain transfer notification
• Your registrar's support is telling you things you don't understand