Manage domains and DNS for customers?
-
@Pete-S said in Manage domains and DNS for customers?:
Is there a good way to manage domain renewals and DNS settings on behalf of a customer?
Basically handle everything and then invoice the customer. But the customer should still legally own the domain(s).
So we have a standard for this...
We tell the customer that the Registrar function is a legal one and that on one but the owner and/or their attorney should have access to that the same as any other legal real estate holding. That they must maintain access and keep their info and payment up to date and otherwise never touch it and never, ever let us have access to it.
We manage their DNS and this protects them from us completely (we've had customers have other MSPs steal their identity before), and allows us to protect them from everyone else.
-
@PhlipElder said in Manage domains and DNS for customers?:
@Pete-S said in Manage domains and DNS for customers?:
@PhlipElder said in Manage domains and DNS for customers?:
@JaredBusch said in Manage domains and DNS for customers?:
@Pete-S said in Manage domains and DNS for customers?:
Is there a good way to manage domain renewals and DNS settings on behalf of a customer?
Basically handle everything and then invoice the customer. But the customer should still legally own the domain(s).
Anyone granted access to log in to the registrar can become the sole owner by transferring the registration to someplace that no one else has access to.
Without any legal contracts stating clearly how it all works, the legal owner is whoever is paying for it. That would be you, not them, in the scenario listed.
IANAL, but barring things like previously trademarked names, a company would likely not win (assuming cost of litigation is not an issue) in court if you said they did not own the right to their domain registration.
We actually put it in writing that we are managing their Internet properties and services and that ownership of said properties are theirs. If they decide to move on, it's in the contract that they would pay the fee(s) for the transfer out with the unlock codes presented once that process was initiated.
OK, so if you work with a new customer you will transfer their domains to your registrar and account? And then you can take care of everything - renewals, dns settings etc.
When the relationship ends, you will transfer their domain back to a registrar of their choosing.
That is correct. We manage everything. We drop a few horror stories where web devs made changes, or deleted DNS entries, because they thought they weren't needed.
None of that would make you need to have their registrar data, though. We protect against that without needing that access.
-
@scottalanmiller said in Manage domains and DNS for customers?:
@Pete-S said in Manage domains and DNS for customers?:
Is there a good way to manage domain renewals and DNS settings on behalf of a customer?
Basically handle everything and then invoice the customer. But the customer should still legally own the domain(s).
So we have a standard for this...
We tell the customer that the Registrar function is a legal one and that on one but the owner and/or their attorney should have access to that the same as any other legal real estate holding. That they must maintain access and keep their info and payment up to date and otherwise never touch it and never, ever let us have access to it.
We manage their DNS and this protects them from us completely (we've had customers have other MSPs steal their identity before), and allows us to protect them from everyone else.
Oh man, the pouty thing is so old. Even larger orgs can be guilty of creating a clusterf*ck when we're involved either to help with the transition or we are the destination of that transition.
-
@scottalanmiller said in Manage domains and DNS for customers?:
@PhlipElder said in Manage domains and DNS for customers?:
@Pete-S said in Manage domains and DNS for customers?:
@PhlipElder said in Manage domains and DNS for customers?:
@JaredBusch said in Manage domains and DNS for customers?:
@Pete-S said in Manage domains and DNS for customers?:
Is there a good way to manage domain renewals and DNS settings on behalf of a customer?
Basically handle everything and then invoice the customer. But the customer should still legally own the domain(s).
Anyone granted access to log in to the registrar can become the sole owner by transferring the registration to someplace that no one else has access to.
Without any legal contracts stating clearly how it all works, the legal owner is whoever is paying for it. That would be you, not them, in the scenario listed.
IANAL, but barring things like previously trademarked names, a company would likely not win (assuming cost of litigation is not an issue) in court if you said they did not own the right to their domain registration.
We actually put it in writing that we are managing their Internet properties and services and that ownership of said properties are theirs. If they decide to move on, it's in the contract that they would pay the fee(s) for the transfer out with the unlock codes presented once that process was initiated.
OK, so if you work with a new customer you will transfer their domains to your registrar and account? And then you can take care of everything - renewals, dns settings etc.
When the relationship ends, you will transfer their domain back to a registrar of their choosing.
That is correct. We manage everything. We drop a few horror stories where web devs made changes, or deleted DNS entries, because they thought they weren't needed.
None of that would make you need to have their registrar data, though. We protect against that without needing that access.
To some respects yes, but we've also had clients who listened to a web dev and flipped the DNS settings at the registrar level to the Web Dev's BIND servers sitting behind fake IPs to make it look like there's more than one (a requirement). To get everything back, including mail flow, can take 24 to 72 hours.
Nope. We hold the cards.
-
@PhlipElder said in Manage domains and DNS for customers?:
@scottalanmiller said in Manage domains and DNS for customers?:
@Pete-S said in Manage domains and DNS for customers?:
Is there a good way to manage domain renewals and DNS settings on behalf of a customer?
Basically handle everything and then invoice the customer. But the customer should still legally own the domain(s).
So we have a standard for this...
We tell the customer that the Registrar function is a legal one and that on one but the owner and/or their attorney should have access to that the same as any other legal real estate holding. That they must maintain access and keep their info and payment up to date and otherwise never touch it and never, ever let us have access to it.
We manage their DNS and this protects them from us completely (we've had customers have other MSPs steal their identity before), and allows us to protect them from everyone else.
Oh man, the pouty thing is so old. Even larger orgs can be guilty of creating a clusterf*ck when we're involved either to help with the transition or we are the destination of that transition.
That's the nice thing about a good process, if done correctly it should never transfer. There's no IT function involved, it's just a legal one. So the one thing we always tell them is to never turn it over to an IT team (internal, external, web, anything.) Because once they do that (even to us) they'd risk doing it to someone else after us. And it is a liability we don't want to keep, especially as there's no technical benefit to it.
-
@PhlipElder said in Manage domains and DNS for customers?:
@scottalanmiller said in Manage domains and DNS for customers?:
@PhlipElder said in Manage domains and DNS for customers?:
@Pete-S said in Manage domains and DNS for customers?:
@PhlipElder said in Manage domains and DNS for customers?:
@JaredBusch said in Manage domains and DNS for customers?:
@Pete-S said in Manage domains and DNS for customers?:
Is there a good way to manage domain renewals and DNS settings on behalf of a customer?
Basically handle everything and then invoice the customer. But the customer should still legally own the domain(s).
Anyone granted access to log in to the registrar can become the sole owner by transferring the registration to someplace that no one else has access to.
Without any legal contracts stating clearly how it all works, the legal owner is whoever is paying for it. That would be you, not them, in the scenario listed.
IANAL, but barring things like previously trademarked names, a company would likely not win (assuming cost of litigation is not an issue) in court if you said they did not own the right to their domain registration.
We actually put it in writing that we are managing their Internet properties and services and that ownership of said properties are theirs. If they decide to move on, it's in the contract that they would pay the fee(s) for the transfer out with the unlock codes presented once that process was initiated.
OK, so if you work with a new customer you will transfer their domains to your registrar and account? And then you can take care of everything - renewals, dns settings etc.
When the relationship ends, you will transfer their domain back to a registrar of their choosing.
That is correct. We manage everything. We drop a few horror stories where web devs made changes, or deleted DNS entries, because they thought they weren't needed.
None of that would make you need to have their registrar data, though. We protect against that without needing that access.
To some respects yes, but we've also had clients who listened to a web dev and flipped the DNS settings at the registrar level to the Web Dev's BIND servers sitting behind fake IPs to make it look like there's more than one (a requirement). To get everything back, including mail flow, can take 24 to 72 hours.
Nope. We hold the cards.
That's why we warn them to block and drop any vendor that would ever request those creds. It's social engineering to try to grab control of the customer. No different than someone asking for their bank credentials or to be given the title to their car.
-
@PhlipElder said in Manage domains and DNS for customers?:
To some respects yes, but we've also had clients who listened to a web dev and flipped the DNS settings at the registrar level to the Web Dev's BIND servers sitting behind fake IPs to make it look like there's more than one (a requirement). To get everything back, including mail flow, can take 24 to 72 hours.
That should have prompted legal action. That's a big deal.
-
I get the problem, customers are SO dumb. And they really are. But it's not an IT function to protect them against and not a liability that I think IT should take on. That's what a lawyer is for.
Hand those creds to a lawyer and never let anyone have them. Lawyers have special oversight for that kind of stuff that makes them different, even than us.
-
@scottalanmiller said in Manage domains and DNS for customers?:
@PhlipElder said in Manage domains and DNS for customers?:
To some respects yes, but we've also had clients who listened to a web dev and flipped the DNS settings at the registrar level to the Web Dev's BIND servers sitting behind fake IPs to make it look like there's more than one (a requirement). To get everything back, including mail flow, can take 24 to 72 hours.
That should have prompted legal action. That's a big deal.
Heh ... we live in the People's Republik of Kanada.
Breathing on a lawyer up here would require a $10K retainer. Most small businesses would just walk away after recovering their assets.
It's just easier, for us and our clients, to maintain a handle on everything. In the end, they know us and we know them and they trust us to do what's best for them. Everything is in writing so there's no question about ownership.
EDIT: Ideals and Reality: Never the twain shall meet.
-
@PhlipElder said in Manage domains and DNS for customers?:
Breathing on a lawyer up here would require a $10K retainer. Most small businesses would just walk away after recovering their assets.
It often seems like the best answer is moving businesses out of Canada, lol. You know it is bad when the Americans are like "how is it that bad?"
-
@PhlipElder said in Manage domains and DNS for customers?:
@scottalanmiller said in Manage domains and DNS for customers?:
@PhlipElder said in Manage domains and DNS for customers?:
To some respects yes, but we've also had clients who listened to a web dev and flipped the DNS settings at the registrar level to the Web Dev's BIND servers sitting behind fake IPs to make it look like there's more than one (a requirement). To get everything back, including mail flow, can take 24 to 72 hours.
That should have prompted legal action. That's a big deal.
Heh ... we live in the People's Republik of Kanada.
Breathing on a lawyer up here would require a $10K retainer. Most small businesses would just walk away after recovering their assets.
It's just easier, for us and our clients, to maintain a handle on everything. In the end, they know us and we know them and they trust us to do what's best for them. Everything is in writing so there's no question about ownership.
EDIT: Ideals and Reality: Never the twain shall meet.
Yeah, that makes sense. In the US this would generally be a free item with your attorney. We wouldn't need to pay for that. Same in Nicaragua. Just part of being the corporate attorney. If you really have owners that can't stop handing out their credentials....
Then you have other issues. Which lots of people do, of course, where you can't let them have admin access to anything as they can't stop handing out their passwords (and yes, we see this all the time, too.)
-
@scottalanmiller said in Manage domains and DNS for customers?:
@PhlipElder said in Manage domains and DNS for customers?:
Breathing on a lawyer up here would require a $10K retainer. Most small businesses would just walk away after recovering their assets.
It often seems like the best answer is moving businesses out of Canada, lol. You know it is bad when the Americans are like "how is it that bad?"
When I had a chat with our accountant about getting my US Passport (Dad's an American), his answer was, "The Empire would have you by the balls." Quite literally. Our incorporated would be subject to IRS and US taxes assessed before Canadian corporate taxes so essentially Gross Profit. 17% of that number which works out to be a lot higher than what we're paying to the Canadian government.
Nope. :0)
I think it depends on what state we'd take up residence in too? Each state can have a very different corporate tax structure. The People's Republik of Kalifornia would be close to ours from what I've seen. Basically, take everything including the First Born and a litre of blood every month.
-
@scottalanmiller said in Manage domains and DNS for customers?:
@PhlipElder said in Manage domains and DNS for customers?:
@scottalanmiller said in Manage domains and DNS for customers?:
@PhlipElder said in Manage domains and DNS for customers?:
To some respects yes, but we've also had clients who listened to a web dev and flipped the DNS settings at the registrar level to the Web Dev's BIND servers sitting behind fake IPs to make it look like there's more than one (a requirement). To get everything back, including mail flow, can take 24 to 72 hours.
That should have prompted legal action. That's a big deal.
Heh ... we live in the People's Republik of Kanada.
Breathing on a lawyer up here would require a $10K retainer. Most small businesses would just walk away after recovering their assets.
It's just easier, for us and our clients, to maintain a handle on everything. In the end, they know us and we know them and they trust us to do what's best for them. Everything is in writing so there's no question about ownership.
EDIT: Ideals and Reality: Never the twain shall meet.
Yeah, that makes sense. In the US this would generally be a free item with your attorney. We wouldn't need to pay for that. Same in Nicaragua. Just part of being the corporate attorney. If you really have owners that can't stop handing out their credentials....
Then you have other issues. Which lots of people do, of course, where you can't let them have admin access to anything as they can't stop handing out their passwords (and yes, we see this all the time, too.)
Once we've established ourselves as being point on everything and anything tech related specific to the operation of their business it's fairly easy to keep.
We get calls and e-mails from our clients about requests they get from others every once in a while to confirm what the request was for and whether we should handle it or not.
They have all of their passwords in a password vault on-premises. We have a hit-by-a-bus plan in place for all of them. So, if there is a problem or they want to move on there's no dealing with a Pity Party on our part we gladly hand the Keys of the Kingdom over with the understanding that we would no longer touch anything. Period.
-
@scottalanmiller said in Manage domains and DNS for customers?:
Then you have other issues. Which lots of people do, of course, where you can't let them have admin access to anything as they can't stop handing out their passwords (and yes, we see this all the time, too.)
It's amazing how true this is!