A domain registration and its associated accounts are a keystone to your organization’s security. Most of the items on the checklist are not time-consuming or difficult.
- Ensure that your Domains are fully locked at the registry level.
- Name a Domain Name Administrator.
- Ensure updated WHOIS records.
- Renew your domain names.
- Unused or expired domains, delete them.
- Use a reliable Registrar service.
- Enable Multi-Factor authentication on your registrar account.
- Verify that the name servers critical to your domain are fully locked.
- Stay current with vulnerability alerts and announcements.
- Verify that the Check Zone Transfer Status (AXZF) is not open.
- Verify Domain name servers and IP addresses are current and valid.
- Ensure that the name servers are fully operational.
- Verify delegation and authoritative name server records match.
- Ensure consistency on the name servers.
- Check glue records are consistent and match.
- Delete unused Glue records.
- Ensure CNAME is pointing to the correct domain.
- Use Certification Authority Authorization records.
Originally published by the British Government, you can see the complete original post here: https://www.gov.uk/guidance/keeping-your-domain-name-secure