What Is a Domain Name, How DNS Works, and How to Avoid Losing Your Domain

What is a domain name?

A domain name is a convenient text address that users enter to find a website on the Internet. For example, instead of remembering the IP address of a server, a person enters a domain name in the browser: example.com, company.ua or shop.com.ua.

A domain itself is not a website. The website is physically hosted on a server or hosting account, while the domain only points users to the right place. In simple terms, the domain is the address, and hosting is the place where the website files, database, email and other services are stored.

For a business, a domain has special value. It is used in advertising, on business cards, in documents, in email addresses, in search engines and in communication with customers. If a domain is lost, the website, email, advertising campaigns and part of the business processes may stop working.

What does a domain consist of?

A domain name consists of several levels separated by dots. For example, in the domain shop.example.com:

• .com is the domain zone or top-level domain;
• example is the main part of the domain name;
• shop is a subdomain that may point to a separate section or service.

Domain zones can be different. There are international zones such as .com, .net and .org. There are country-code domains, such as .ua for Ukraine, .de for Germany and .pl for Poland. There are also thematic and new domain zones, such as .shop, .online, .site, .tech and many others.

The choice of a domain zone depends on the purpose of the website. Ukrainian businesses often choose .ua, .com.ua, regional Ukrainian zones or international domains if the website is aimed not only at Ukraine.

How a domain works together with a website

When a user enters a domain name in the browser, the computer does not immediately know where the website is located. First, it needs to determine which IP address corresponds to that domain name. This is exactly what the DNS system is used for.

In simplified form, the process looks like this:

1. The user enters a domain name in the browser.
2. The browser or operating system sends a request to DNS servers.
3. DNS returns the IP address of the server where the website is hosted.
4. The browser connects to that server.
5. The server sends the website page back to the user.

This is why several things are important for a website to work: the domain itself, correct DNS records, active hosting or a server, and a properly configured web server.

What is DNS?

DNS is the system that connects domain names with technical addresses and services. Thanks to DNS, users do not need to remember server IP addresses. It is enough to enter a clear and recognizable domain name.

A domain’s DNS is served by NS servers. NS servers are the servers that store information about the domain’s DNS records. They specify which IP address the website should point to, which servers receive email, which records are used for service verification, email protection and other technical tasks.

If the NS servers of a domain are changed, DNS management effectively moves to another DNS service. For example, the domain may be registered with one registrar, while its DNS records may be managed by the hosting provider, a CDN service or a separate DNS provider.

Main DNS record types

DNS may contain different types of records. Website owners most often work with the following:

• A record — points a domain or subdomain to an IPv4 address.
• AAAA record — points a domain or subdomain to an IPv6 address.
• CNAME record — creates an alias by pointing one domain or subdomain to another name.
• MX record — defines the mail servers that receive email for the domain.
• TXT record — is used for service data, domain verification, SPF, DKIM, DMARC and other settings.
• NS record — shows which servers are responsible for the domain’s DNS zone.
• CAA record — allows specifying which certificate authorities are allowed to issue SSL certificates for the domain.

Incorrect DNS records may cause the website to stop opening, email delivery to fail or SSL certificate validation to break. That is why DNS changes should be made carefully, especially if the domain is used for business email and an active website.

What are WHOIS and RDAP?

WHOIS is a service used to obtain information about a domain name: registration date, expiration date, registrar, DNS servers, technical statuses and other registration data. For many years, WHOIS was the main way to check domain information.

RDAP is a more modern protocol for accessing registration data. It is gradually replacing WHOIS because it better meets modern requirements: it provides a structured response format, supports internationalization, offers more secure access to data and allows public and restricted information to be separated.

For an ordinary domain owner, WHOIS or RDAP is useful because it allows checking:

• whether the domain is registered;
• which registrar manages the domain;
• until what date the domain is paid;
• which NS servers are used;
• which technical statuses are set for the domain;
• whether the domain expiration date is approaching.

It is important to understand that due to personal data protection rules, not all information about a domain owner may be public. Some data may be hidden or available only to authorized parties according to the rules of a specific domain zone.

What personal data may be associated with a domain?

When registering a domain, contact details of the registrant, administrative contact and technical contact are usually provided. Depending on the domain zone and registrar rules, this may include:

• person’s name or company name;
• email address;
• phone number;
• postal address;
• country;
• administrative or technical contact details.

Some of this data may not be displayed publicly, but it is still important for domain maintenance. Important messages may be sent to the contact email: renewal reminders, confirmation of contact changes, transfer requests, registrar notifications or registry notices.

If contact details are outdated, the domain owner may not receive an important message. As a result, a domain may be lost not because of a technical error, but because an old or unavailable email address remained in the registration data.

Who is considered the domain owner?

The domain owner is not necessarily the person who uses the website, pays the developer or has access to the CMS admin panel. What matters is which data is specified in the domain registration information at the registrar or registry.

If a domain is registered to a developer, former employee, friend or third-party company, problems may appear in the future. Formally, that person or organization may have control over the domain, confirm changes, initiate transfers or restore access.

For a business, the correct approach is to register the domain to the company or to a responsible person who actually represents the owner of the project. Access to the domain, registrar account and contact email should be held by the business owner, not only by a developer or administrator.

How can a domain be lost?

Losing a domain usually does not happen instantly. Most often, it is the result of several mistakes: the domain was not renewed on time, expiration notices were missed, the email address was unavailable, access to the registrar account was lost, and the owner’s data had not been updated for a long time.

The main risks of losing a domain are:

• the domain is not registered to the actual website owner;
• the registration period has expired and the domain was not renewed;
• the contact email no longer works;
• the domain contact email was hosted on the same domain;
• an unreliable or questionable email service was used;
• there is no access to the registrar account;
• the domain is not protected from unwanted transfer;
• the registrar account password was weak or compromised;
• two-factor authentication is not enabled;
• the domain is managed by a person who no longer works with the company.

The most dangerous situation is when the domain has expired, the contact email is unavailable and access to the registrar account is lost at the same time. In such a case, recovery can be difficult, lengthy or even impossible, depending on the rules of the specific domain zone.

Why the domain contact email must be up to date

The email address listed in the domain contact details must always be available. Important messages may be sent to it: renewal reminders, contact change confirmations, transfer requests, notifications from the registrar or registry.

It is not recommended to use an email address on the same domain for domain management. For example, if the domain example.com expires and stops working, the email address admin@example.com may also become unavailable. As a result, the owner may not be able to receive a confirmation email needed to change data or restore access.

It is better to use a stable external email address whose availability does not depend on the domain itself. It is also important not to use temporary, random or questionable email services that may be blocked, deleted or become unavailable.

If the domain contact email needs to be changed, in many cases such a change must be confirmed through the current email address. Therefore, if the old email is already unavailable, a simple contact update may become a complicated procedure of proving rights to the domain.

Grace period, redemption period and pending delete

Every domain has a registration term. If it is not renewed on time, the domain goes through certain stages of its life cycle. Exact timeframes may differ depending on the domain zone and registry rules, but the general logic is often similar.

Active / Registered

The domain is active, paid and can work normally. During this period, the owner can manage DNS, change settings, renew the domain or transfer it to another registrar if the rules of the domain zone allow it.

Grace period

The grace period is a limited period after the registration term expires when the domain can still be renewed through a standard or close-to-standard procedure. During this time, the website and email may already stop working or may work with restrictions, depending on the registrar’s policy and the domain zone rules.

Redemption period

The redemption period is the domain recovery period after expiration or deletion. At this stage, the domain can usually still be restored, but the restoration procedure may be more expensive than regular renewal. In many international domain zones, the redemption period lasts approximately 30 days.

Pending delete

Pending delete is the final stage before the domain is completely removed from the registry. At this stage, the domain usually can no longer be renewed or restored through the standard procedure. After this period ends, the domain may become available for registration by anyone.

The main conclusion is simple: do not wait until the last day. It is better to renew a domain in advance, especially if it is used for business, email, advertising or important services.

Domain statuses and why they are needed

Domains can have different technical statuses. They show what is currently happening with the domain and which operations are allowed or prohibited. Some statuses are set by the registrar, while others are set by the registry of the domain zone.

The most common statuses include:

• ok — the domain is active and has no special restrictions.
• clientTransferProhibited — transfer to another registrar is prohibited at the registrar level. This is useful protection against unwanted transfer.
• serverTransferProhibited — transfer is prohibited at the registry level.
• clientUpdateProhibited — changes to certain domain parameters are prohibited.
• clientDeleteProhibited — deletion of the domain is prohibited.
• redemptionPeriod — the domain is in the recovery period.
• pendingDelete — the domain is waiting for final deletion.
• pendingTransfer — the transfer process to another registrar is in progress.

If you see an unfamiliar domain status in WHOIS or RDAP, it is worth contacting your registrar. Some statuses are normal and protective, while others may indicate a problem, expiration, blocking or an ongoing transfer process.

Domain transfer lock

For most domains, it is useful to enable transfer lock. This status is usually called clientTransferProhibited or simply “transfer lock”. It prevents the domain from being transferred to another registrar without first unlocking it.

This does not protect against every possible risk, but it reduces the chance of an unwanted or accidental transfer. It is especially important to use this protection for domains connected to business, email, advertising, payment services or a personal brand.

Before a legitimate transfer to another registrar, the lock must be temporarily removed, the authorization code must be obtained, the transfer must be confirmed and, after completion, the protection should be checked again.

What is DNSSEC?

DNSSEC is a security extension for DNS. Its purpose is to help verify that a DNS response really comes from an authoritative source and has not been altered on the way.

In simple terms, DNSSEC adds a cryptographic signature to DNS records. Thanks to this, a client or DNS resolver can verify the authenticity of the received response.

DNSSEC does not replace an SSL certificate and does not protect the website itself from hacking. It is a separate layer of protection specifically for DNS. It can be useful for important domains, but it must be configured carefully: mistakes in DNSSEC may cause the domain to stop opening correctly for some users.

Who manages domain zones?

The domain system includes several levels of participants. At the global level, the coordination of the domain name system is handled by ICANN. New international top-level domain zones appear through the relevant ICANN programs.

Each domain zone is managed by a registry or zone administrator. The registry is responsible for the rules of the zone, its technical operation, interaction with registrars and storage of domain data.

A registrar is a company through which an end user registers a domain. The registrar accepts the order, processes payment, provides a control panel, allows DNS changes, domain renewal and transfer initiation.

A registrant is the owner or user of the domain name. For a website owner, the most important thing is that the domain is registered to the correct registrant, not accidentally left under a developer, former employee or third party.

Ukrainian domain zones and Hostmaster

For Ukraine, the main national domain zone is .UA. The administrator of the .UA domain is Hostmaster Ltd. Domain registration is performed through registrars that work with the administrator of the domain zone.

In addition to second-level domains in the .UA zone, Ukraine actively uses public second-level domains such as com.ua, net.ua, org.ua, as well as regional domain zones associated with cities or regions.

There are also special domain zones with separate rules. For example, gov.ua is intended for government authorities, local government bodies and state organizations according to the rules of that zone.

Some Ukrainian domains may have special requirements. For example, registration of a second-level domain in the .UA zone usually requires rights to the corresponding trademark. Therefore, before registration, it is important to check the rules of the exact domain zone you choose.

Can you create your own domain zone?

In theory, it is possible to create your own top-level domain zone. For example, a large company may apply for a branded zone such as .brand, if this is allowed by the current ICANN program for new top-level domains.

However, this is not the same as ordinary domain registration. It requires going through a complex application process, proving technical, financial and organizational ability to operate a registry, meeting ICANN requirements and ensuring stable operation of the domain zone.

For most companies, it is much more practical to register a good domain in an existing zone: .ua, .com.ua, .com, .net, .org, .shop, .online or another zone that matches the business goals.