DNS-002 critical Domain Management

Domain expiry monitoring

All domains have auto-renewal enabled or expiry alerts set. At least one person is notified 30+ days before any domain expires. Domain expiry is a single point of failure that takes down everything.

Question to ask

"When does your main domain expire — and who gets the alert?"

What to check

  • Check WHOIS expiry dates for all domains in inventory
  • Verify auto-renewal is enabled at registrar
  • Verify alert/notification is configured for expiry

Related items

DNS-001 Domain inventory maintained

Verification guide

Severity: Critical

A domain expiring takes down everything — website, email, API, the lot. This is a single point of failure that's entirely preventable.

Check automatically:

  1. WHOIS expiry check for each domain:
whois example.com | grep -i "expir"
# Look for "Registry Expiry Date" or "Expiration Date"
  1. Bulk check with dig (nameserver delegation still works = not expired):
dig NS example.com +short

Ask user:

  • "Is auto-renewal enabled for all domains?"
  • "Who gets notified when a domain is approaching expiry?"
  • "Has a domain ever accidentally expired?"

Pass criteria:

  • Auto-renewal enabled on all domains, OR
  • Expiry alerts configured (30+ days before) with a named recipient
  • More than one person aware of expiry dates

Fail criteria:

  • Auto-renewal not enabled and no expiry alerts
  • Only one person knows about domain renewals
  • Domain expires within 60 days and nobody flagged it

Evidence to capture:

  • Expiry dates for all domains
  • Auto-renewal status
  • Who receives expiry notifications

Section

20. Domain & Email Infrastructure

Error Tracking & Reliability

← Previous

DNS-001

Domain inventory maintained

 Next →

DNS-003

Registrar account security