Skip to content
Get started

Managed DNS Hosting and Management

Every digital service your business depends on starts with DNS. When it is managed well, it is invisible. When it is not, everything stops.

DNS (the Domain Name Service) is the infrastructure that connects your clients to your digital presence: your website, your email, your cloud applications, your VoIP systems. It is the first thing queried when anyone tries to reach your business online, and it needs to respond correctly, quickly, and securely every time.

Most businesses have DNS running, but few have it configured and managed with the rigour the service requires. A default registrar setup, a forgotten control panel, or a DNS zone last reviewed years ago is not a secure or resilient foundation. Microsolve manages DNS as a properly configured, actively monitored, security-hardened service hosted on AWS cloud infrastructure with anycast routing and DNS Security Extensions (DNSSEC) enabled by default.

Talk to us about managed DNS

DNS is the Foundation Everything Else Depends On

It is easy to underestimate DNS because it mostly works quietly in the background. But its role in your business is absolute. When DNS is unavailable, misconfigured, or compromised, the impact is immediate and broad, affecting every service that relies on your domain name.

Emails stop delivering. Your website becomes unreachable. Cloud applications that authenticate against your domain fail. VoIP calls do not connect. Remote workers cannot access internal systems. The root cause of a failed DNS query may be invisible, but the visible effect is that your business cannot function.

DNS downtime is not rare. DNS attacks include cache poisoning, Distributed Denial-of-Service (DDoS) against DNS infrastructure, and domain hijacking, and are among the most common and impactful categories of cyber incident. And most businesses are operating on DNS infrastructure that was never designed to resist them.

DNS is simple to register and host.  It is genuinely difficult to optimise, secure, and maintain correctly.

Most DNS problems are not immediately obvious. They surface as email delivery failures, intermittent outages, or security incidents that appear to originate somewhere else entirely.

 

What Separates Basic DNS Hosting From a Managed Service

A basic DNS service does one thing: it answers queries. It resolves your domain name to the IP address it points to, and it does that from a single location or a small cluster of servers. It may have been set up by your registrar, your web host, or someone who no longer works for the organisation.

A managed DNS service is a different proposition. It is actively configured, continuously monitored, security-hardened, and maintained as a critical piece of business infrastructure, not an afterthought.

The dimensions that separate the two:

Reliability and Redundancy

Basic DNS hosting runs from a limited number of servers in a limited number of locations. If those servers experience an outage, your DNS goes with them. Managed DNS on cloud infrastructure uses geographically distributed nodes so that if one location fails, queries are automatically served from another. The service continues without intervention, and in most cases, without your business ever knowing there was a problem.

Microsolve hosts DNS on AWS infrastructure using anycast routing, which directs each DNS query to the nearest available server globally. This means faster resolution for users wherever they are, and automatic resilience if any individual node or region becomes unavailable.

Performance Optimisation

Every DNS query adds a small amount of time to the process of reaching your services. That time compounds across thousands of daily queries, across your website, your email, your cloud applications. Well-managed DNS minimises resolution time at every step: through anycast routing that selects the nearest server, through correctly configured Time to Live (TTL) values that balance caching efficiency with the ability to update records quickly, and through regular review of the DNS zone to ensure it is clean, current, and optimally structured.

Security

DNS security is where the gap between basic and managed is most consequential. Basic DNS hosting provides no protection against the most common DNS-based attack vectors. A properly managed service addresses them by design.

The Security Dimensions of DNS Management

DNS security is not a single control. It is a set of overlapping protections that together significantly reduce the attack surface and the consequences of an attempted incident.

DNSSEC: Protecting the Integrity of DNS Responses

DNS Security Extensions (DNSSEC) add a cryptographic signature to DNS responses, allowing the querying system to verify that the response came from the authoritative source and has not been tampered with in transit.

Without DNSSEC, an attacker who can intercept or poison DNS responses can redirect users from your legitimate website to a malicious one without the user ever knowing. Credentials entered on a spoofed site go directly to the attacker. This is called DNS spoofing or cache poisoning, and it remains an active attack vector against unprotected domains.

Microsolve enables and manages DNSSEC by default on all hosted domains. This is not an optional add-on, it is a baseline security requirement for any business that handles sensitive data, processes payments, or has users who trust that links to your domain go where they say they do.

Domain Transfer Lock and Auto-Renewal

Domain hijacking is where an attacker gains control of a domain name and redirects or disables the services attached to it. It typically exploits one of two weaknesses: a domain that has been allowed to expire, or a domain that lacks transfer lock protection.

Microsolve applies transfer lock to all managed domains by default, preventing unauthorised transfers without an explicit, verified release. All domains are configured to auto-renew, eliminating the risk of accidental expiry. Domain renewal is monitored proactively as to not leave it to an automated process that may fail silently.

Change Authorisation and Verification

DNS records control where every service associated with your domain points. An unauthorised or accidental change to a DNS record - whether by an attacker, a misconfigured tool, or an internal error - can redirect traffic, break email delivery, disable authentication services, or expose the organisation to impersonation attacks.

Microsolve subjects all DNS record changes to an inspection and authorisation process before they go live. Changes are verified against the expected change, reviewed for correctness, and implemented with rollback capability if issues emerge. This is a governance control that basic DNS hosting simply does not provide.

DDoS Resilience

DNS infrastructure is a frequent target for Distributed Denial of Service (DDoS) attacks that look like floods of traffic designed to overwhelm DNS servers and make the domain unreachable. Anycast routing provides inherent DDoS resilience by distributing incoming traffic across a global network of nodes, making it significantly harder for an attack concentrated on any single point to succeed.

AWS infrastructure (where Microsolve's DNS service is hosted) provides additional DDoS mitigation capability at the network level, including AWS Shield, which monitors for and automatically responds to the most common DDoS attack patterns.

What a Managed DNS Service with Microsolve Includes

Microsolve manages DNS as a complete, ongoing service. This is not a hosting-only arrangement it is active management of a business-critical infrastructure component.

DNS Zone Hosting

DNS zones hosted on AWS cloud infrastructure with anycast routing across globally distributed nodes

DNSSEC

Enabled and managed by default for all hosted domains. Cryptographic key management handled on your behalf

Transfer Lock

Applied to all domains. Prevents unauthorised transfers without verified authorisation

Auto-Renewal Management

All domains monitored for renewal with proactive confirmation. No silent expiry

Record Management

Changes to DNS records managed through an authorisation and verification process before go-live

TTL Optimisation

Time to Live values set and reviewed to balance caching performance with the ability to update records quickly when needed

DNS Monitoring

Continuous monitoring of DNS resolution, response times, and record validity; alerts on anomalies

Email Authentication Records

SPF, DKIM, and DMARC records configured and maintained to support email security and deliverability

Subdomain and Service Record Management

All service records (MX, CNAME, A, AAAA, TXT, SRV) managed with reference to the complete service map

Documentation

DNS zone documentation maintained and available. No dependency on institutional memory

Regular Review

Periodic review of the DNS environment as services, systems, and security requirements change

Email Security Depends on DNS Being Right

Most email security problems are DNS problems. SPF, DKIM, and DMARC are the three email authentication standards that protect against spoofing, phishing, and unauthorised sending and are all implemented through DNS records.

DNS protects email from phishing and spoof attacks

When these records are missing, misconfigured, or out of date, the consequences are significant: legitimate emails from your domain are marked as spam or rejected, while attackers may be able to send email that appears to come from your domain without any authentication challenge.

Microsolve configures and maintains SPF, DKIM, and DMARC records as part of the DNS management service. These are not set-and-forget configurations. They require review when email platforms change, when additional sending services are added, and when the domain's mail infrastructure evolves. We manage that ongoing maintenance so it does not fall through the cracks.

Learn more about email security and Microsoft 365 management

Built on AWS - Reliable, Scalable, Globally Distributed

Microsolve's DNS hosting is delivered on Amazon Route 53 infrastructure - AWS's enterprise-grade, globally distributed DNS service. Route 53 operates through a network of anycast nodes across multiple AWS regions, routing each DNS query to the nearest available point of presence to minimise resolution time and maximise availability.

AWS Route 53 is one of the most resilient DNS platforms available, with a 100% availability SLA on authoritative DNS queries. It is used by organisations of all sizes globally, from small businesses to enterprise infrastructure, as a foundation for reliable, performant, and secure DNS.

For Microsolve clients, this means DNS is not running on a shared hosting platform or a registrar's default infrastructure. It is running on the same global cloud infrastructure that underpins some of the world's most demanding digital services and managed by Microsolve's team to the standards your business requires.

Frequently asked questions

What is DNS and why does it matter?

DNS stands for the Domain Name System. It translates your domain name into the IP addresses that route traffic to your website, email, and cloud services. Every time someone visits your website, sends you an email, or uses a service connected to your domain, DNS is involved. When it fails or is compromised, those services become unreachable or redirected, often with no visible explanation.

What is the difference between basic DNS hosting and managed DNS?

Basic DNS hosting answers queries. Managed DNS covers the full service of hosting on resilient, distributed infrastructure, active security configuration (DNSSEC, transfer lock, change authorisation), email authentication records, continuous monitoring, and regular review. The difference is the difference between a service that works until it does not, and one that is actively maintained to stay working.

What is DNSSEC and do I need it?

DNSSEC adds cryptographic signatures to DNS responses so that querying systems can verify the response is authentic and has not been tampered with. Without it, attackers can redirect users from your domain to malicious sites without detection. Microsolve enables DNSSEC by default. It is a baseline security requirement for any business handling sensitive information or serving users who trust your domain.

Can DNS be a security vulnerability?

Yes. DNS is one of the most commonly targeted components of internet infrastructure. DNS spoofing, cache poisoning, DDoS attacks on DNS infrastructure, and domain hijacking are all active threats. A managed DNS service with proper security controls such as DNSSEC, transfer lock, change authorisation, and DDoS-resilient infrastructure significantly reduces this exposure.

What is anycast DNS and why does it matter?

Anycast routing directs each DNS query to the nearest available server in a globally distributed network. This reduces resolution time for users wherever they are and provides automatic failover where if one node becomes unavailable, queries are served from the next nearest. Microsolve's DNS service runs on AWS Route 53's anycast infrastructure.

What happens if my domain expires?

If a domain expires without renewal, it becomes unavailable and may be acquired by a third party. Microsolve applies auto-renewal to all managed domains and monitors upcoming renewals proactively so this scenario does not arise from an administrative oversight.

What are SPF, DKIM, and DMARC?

These are email authentication standards implemented through DNS records. SPF specifies which servers are authorised to send email from your domain. DKIM adds a cryptographic signature to outbound email. DMARC defines how receiving servers should handle email that fails authentication checks. Together they protect against spoofing, phishing, and unauthorised use of your domain in email. Microsolve configures and maintains all three as part of the DNS management service.

How do DNS changes get made?

All DNS record changes in Microsolve's managed service are subject to an authorisation and verification process before going live. Changes are reviewed for correctness, verified against the intended outcome, and implemented with the ability to roll back if issues emerge. This governance process prevents the accidental or unauthorised changes that cause a significant proportion of DNS-related incidents.

Who currently manages our DNS and how do we transition?

DNS is often managed without anyone realising by a registrar, an ISP, or a web hosting provider. Transitioning to a managed DNS service is straightforward and can typically be done without any service interruption if managed correctly. Microsolve handles the migration process, including zone transfer, TTL management during cutover, and verification of all records before the transition is completed.

DNS that is configured, secured, and actively managed

If you are not certain who manages your DNS, when it was last reviewed, or whether DNSSEC and email authentication records are configured correctly, a DNS review is a straightforward starting point.

Request a DNS review