Interviews confirm that large organizations typically lack a systematic workflow process for domains and DNS management. Organizations admit that their domain and DNS management processes are informal and manual. Without structured, systems-based, auditable records for domain change management, errors and omissions are inevitable, especially over the long lifecycle of unmanaged domains.
Organizations have rules and procedures for most IT operations, but domain and DNS change management is often handled via email communications and Excel spreadsheet lists of domains, passed between stakeholders. Some organizations partially automate workflow with centralized ticketing, or SharePoint applications. These systems can be time-consuming to create and manage. They’re often fragmented and lack change management audit capabilities. Internally created workflow systems typically lack integration between the domain registration process and DNS provisioning.
Organizations admit that their internal accountability for domains isn’t clear. Without ownership and accountability, domains and DNS are left unmanaged. Domain portfolios tend to grow, and old domains are rarely culled. Legacy domains can become unnecessary over time along with their associated DNS zone file resource records. DNS security settings for these domains ( DNSSEC, DMARC, SPF, and TLS certificates on redirections) are frequently broken or missing altogether.