Skip to content

Do you actually still know which domains you own?

7 domains, 3 registrars, a few subdomains from experiments. And honestly: Nobody has the full picture.

How it starts

In the beginning it's simple. One domain, one registrar, one project. Everything manageable.

Then comes the second domain – for the new product. The third for the blog, because you thought .io was cool. The fourth a colleague registered, "just for testing." The fifth was a bargain, the sixth a defensive registration.

And at some point someone asks: "Which domains do we actually have?" And nobody can say for certain.

The typical picture

When we talk to teams, it often looks like this:

• 3-15 domains, spread across 2-4 registrars
• At least one domain that "someone registered at some point"
• Subdomains from experiments still pointing to old IPs
• A domain about to expire and nobody knows if it's still needed
• DNS records nobody can attribute anymore
• Different people have access to different registrars

This isn't failure. This is normal. Projects grow, teams change, priorities shift. DNS isn't what you think about first thing in the morning.

Why it still matters

As long as everything runs, missing oversight is just untidy. But there are moments when it suddenly becomes relevant:

• A domain expires and doesn't get renewed. Someone else registers it.
• An employee leaves the company – and the registrar account runs on their personal email.
• An auditor asks for a complete asset inventory.
• You want to switch DNS providers and don't know which domains are affected.
• A forgotten subdomain still points to a server you decommissioned long ago.

None of these are hacker scenarios. All of them are real and happen regularly.

What a domain inventory needs

It doesn't have to be complicated. At its core, you want to know for each domain:

• Where is it registered? (Registrar)
• When does it expire?
• Who has access to the registrar account?
• Which nameservers are set?
• Which DNS records exist?
• What is it used for? (Production, staging, redirect, unused)

That sounds like a spreadsheet. And yes, a spreadsheet is better than nothing. But spreadsheets go stale. The day after you fill it in, it's already not 100% accurate.

From spreadsheet to continuous visibility

The difference between a spreadsheet and a monitoring tool: The spreadsheet shows the state from the day you filled it in. A monitoring tool shows the state right now – and tells you when something changes.

You don't have to check your DNS console every day. You don't have to update your spreadsheet every month. You just need to know: If something changes, I'll hear about it.

That's the core of Driftguard. Not fear of attacks. But oversight. Set up once, then you always know where you stand.

The simplest start

If you're realizing right now that you've lost track – here's a pragmatic beginning:

1. Open all registrars where you have accounts. Write down every domain.
2. For each domain: When does it expire? Is auto-renew active?
3. Are there domains nobody needs anymore? Let them expire or delete the DNS records.
4. Are there domains where you're not sure who has access? Clarify that today.

And then: Add them to Driftguard. Not because an attack is coming tomorrow. But because you don't want to search again next week.