Folks, I know which registrars I like for personal use, there's a few which are competent, but I'm having a hard time finding someone "not broken" for corporate use by my employer. Suggestions welcome, but please see the requirements.
Requirements:
0. Registrar only; whether or not they do DNS, SSL certs, whatever is
irrelevant, as long as we can set DNS servers to point to our own
selection of NS hosts.
1. No shared passwords; each user authorized to access the registrar
has their own account, with their own password.
2. Strong desire that it also support 2FA, with admin overviews of who
does or does not have 2FA enabled; we'll reluctantly let this one
slide if we can find a provider who meets the other reqs.
3. The user who signs in is not "the contact" in whois: role contacts
should be set for each publicly visible contact, _multiple_ people
able to make technical changes, etc.
4. Whois privacy service available (for those TLDs which allow it).
5. Ideally, billing-only accounts, who can manage corporate
credit-cards on file, etc, but not make tech changes (and tech
accounts which can't retrieve billing details); but this one, again,
we can let slide.
The bare minimum threshold is points 1 and 3 -- basically, competent
account management for the idea that the person accessing the service is
not "the customer" but "someone working at the customer". This is not a
high bar. Even in the SSL CA business, the DNS business and the CDN
business, it's not hard to find companies who can manage these points.
When the SSL CA business can pass the bar, I know it's not a high bar.
Price is not a primary driver.
Gandi is decent for personal use, but their way to implement 1 is to
fail on 3, because they've associated public NIC handle too closely with
user accounts. We do not want SPOFs in staff, not even for me ;)
because I could be hit by a bus sliding down a Pittsburgh hill in the
snow and become a pancake. Given that a modern Internet company has
their domain as a critical corporate asset, it's unacceptable to only
have a "shared known password" as the only protection on the domain.
Please, who is there out there for companies, to have half-way competent
domain registration and access controls?
Thanks,
-Phil
signature.asc
Description: Digital signature
_______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
