DOMAIN ADMIN TOOLS

Tips and tutorials for webmasters and domain administrators

19 Best Free Live Chat Software

19 Best Free Live Chat Software

Live chat is big right now – and the numbers behind its adoption prove why. Recent research from Kayako, which surveyed more than 400 consumers and 100 businesses, found that:

  • Consumers are more likely to remain loyal, engage in positive word of mouth, and spend up to $500 extra per month with businesses that provide effortless live chat experiences.
  • Over half of consumers (52%) are more likely to repurchase from a company that offers live chat support.
  • 79% of businesses say offering live chat has had a positive effect on sales, revenue, and customer loyalty.

The bottom line? Live chat offers huge potential benefits, whether you’re a big-ticket B2B company or a transactional ecommerce retailer.

But with so many options on the market, which should you choose? First, let’s look at what you can expect across most live chat tools. Then, we’ll explore 19 Best Free Live Chat Software out there, along with the features that make them different.

Live Chat: Standard Software Features

Knowing what’s commonly available from live chat programs makes it easier to differentiate one option from another.

To that end, here are some common features you’ll find across most live chat software programs:

  • The ability to customize the appearance of your live chat window to your company’s branding.
  • The ability to set “office hours,” during which you have live agents available to chat (vs. a lead capture window that allows visitors to send you their questions for a future response).
  • Triggered display, which makes it possible to display your chat window only on certain pages or in response to certain visitor actions.
  • Basic lead capture capabilities.
  • Chat history and basic chat analytics.

As a note, although these features are available on live chat programs, the extent to which they’re implemented may vary across free and paid plans. Chat history, for example, might be limited to just a few days or weeks on free plans, while longer histories of up to a year may be available by upgrading to the same program’s paid plan.

With that in mind, let’s take a look at our 15 favorite free live chat software programs:

1. Hubspot

Website: hubspot.com/products/crm/live-chat
Price: Free
Free Option: Unlimited

HubSpot launched their free live chat tool as an integral part of their free CRM. This makes it an excellent choice for a growing business because, first off, you won’t have to spend tons of time and money integrated different systems and piping your data into a different place. It just happens automatically. Second, it allows you a full view of your visitor and customer communications as well as contact property data of those you chat with (giving you an edge in terms of context).

Because it’s tied so tightly to the HubSpot CRM you’ll know exactly who you’re chatting with and their history, be it a prospect, long time customer, or new contact.

The whole live chat system is built on their Conversations product, which is like a free, collaborative inbox that the whole company can use to collaborate on incoming messages.

Deals, tickets, and more can be spun up from live chats and transcripts are stored on the contact record in the CRM.

The targeting capabilities are limited, at least on the free setup. However, if you pay for HubSpot’s Marketing Hub, you can do some pretty interesting and robust things with their automation workflows (similar to what you can do with Intercom, Drift, etc.)

2. LiveAgent

Website: liveagent.com/free-live-chat-software/
Price: Free – $39 per month per agent
Free Option: Yes, unlimited agent seats

LiveAgent launched a free live chat tool as an integral part of their free help desk software. The software is ideal for small to medium-sized businesses across all industries. Using the software, you can chat with customers in real-time, while viewing and managing important customer information. All of your live chat conversation transcripts will be saved in the form of a ticket, so you can review what was said to your customers as needed.

Apart from enabling users to chat with customers in real-time, the free software also offers free ticket management, CRM, call center, and knowledge base functionality. In essence, it’s your one-stop-shop for all of your customer service needs.

LiveAgent’s free live chat software is also fully customizable, as well as language adaptable. It’s also the fastest performing live chat widget on the market, enabling you to convert potential buyers into paying customers in seconds. LiveAgent offers 24/7 support, as well as ready to use Android and iOS apps for customer service on the go.

3. Crisp.Chat

Website: crisp.chat/en/
Price: Free – $95/month (details)
Free Option: Yes, 2 seats included

Like many of the live chat tools featured here, Crisp uses chat windows to support customer messaging and feedback gathering. What’s unique, however, is what you can do with this data after it’s captured.

Companies with longer sales cycles, for example, will enjoy the ability to send drip marketing campaigns from the program, based on data gathered by Crisp. The program’s sales pipeline automation tools will also appeal to those with sophisticated sales programs.

Another interesting feature: a status monitoring system that alerts customers to outages as they’re detected. SaaS companies that promise certain uptimes may benefit from these proactive communications.

4. Acquire.io

Website: Acquire.io
Price: $40 per month (details)

Acquire live chat solution help you to engage with your visitors and customers at the most critical point of their journey. Use of AI-driven assistance mechanism automatically interprets common customer queries and resolves them without involving your service agents. Send behavior based auto messages to garner engagement.

Reduce understanding barriers as any input by your customers is assisted with a “Smart Suggestion” feature which helps the customers to easily express their concern without having to worry about terminologies.

Empowers the agent to resolves complex issues in the first interaction with co-browsing. The agent can literally take control over the customer’s browser and give visual cues by engaging in a two-way interaction.

5. JivoChat

Website: https://www.jivochat.com/features/
Price: Free – $13 per month per agent
Free option: Yes, Basic plan for up to 5 agents

JivoChat offers a robust onmichannel business messenger that enables sales and support teams to connect with users via live chat, phone, email and social media channels.

The live chat application provides a single point of record for support and sales reps. Agents receive all chats, emails, and calls in a single, easy-to-navigate window, which enables faster response and resolution times.

The platform offers a host of features that can be used to improve communications with website visitors, including automatic triggers, callbacks, detailed visitor information, CRM integration, and easy connections with other chat tools such as facebook messenger and WhatsApp.

JivoChat is used by over 285,000 websites, and with a 4.7 star rating, is the top-rated mobile support app at the App Store.

6. LiveSupporti

Website: livesupporti.com
Price: Free – $99 one-time fee (details)
Free Option: Yes, 1 agent included

Designed to provide great customer support through live chat, LiveSupporti gives users the ability to assign messages to different groups (for example, your sales or customer service teams), as well as to view a “sneak peek” of visitors’ text as they’re typing in order to provide faster support.

Like Tawk, LiveSupporti uses geolocation features to enable agents to provide targeted support. Advanced visitor statistics also improve the service experience by showing agents which pages they’ve visited, how long they stayed on a particular page, their browser, their operating system and their device.

Unlike many of the other systems mentioned here, LiveSupporti offers an “Infinity” plan that can be locked in for unlimited agents for a one-time fee. If you anticipate using live chat for a long time, across a large team of agents, LiveSupporti’s one-time fee may turn out to be cheaper than ongoing subscription charges.

5. LiveZilla

Website: livezilla.net
Price: Free – 1100€ lifetime fee for unlimited operators and bots (details)
Free Option: Yes, 1 operator or bot included

Like other programs described here, LiveZilla offers three core features: live chat, visitor monitoring and user ticketing.

A few things that set it apart, however, include its development based on open source technology, as well as its data privacy features (especially important to EU companies that must be GDPR compliant).

6. Rocketbots

Website: rocketbots.io
Price: Free – $99/month (details)
Free Option: Yes, up to 1,000 messages per month

Rocketbots straddles the line between live chat tool and CRM. Not only does the program integrate with multiple messaging apps – including Facebook Messenger, WeChat, Slack and Kik – it captures the information gathered on these platforms to facilitate more effective messaging.

Rocketbots calls itself a “self-learning system,” stating that it includes an “AI that learns from your conversations and suggests the replies you’ve already used when similar inquiries come up later. The more conversations you have, the smarter it gets.”

Because the program offers a free trial with no credit card required, it’s worth a look if you’re looking for a more advanced chat system that spans multiple platforms.

7. Userlike

Website: userlike.com
Price: Free – 299€ per month (details)
Free Option: Yes, includes 1 operator, 1 chat widget and unlimited chats

Userlike is an all-in-one software for live chat and messaging support that enables you to chat with your customers right from your website or via popular messaging apps like Facebook Messenger, WhatsApp, SMS and more. It’s designed to support ongoing conversations with customers so that when a customer contacts you again, chat agents can see previous conversations and continue where they left off.Their free plan includes unlimited chats and one chat widget. With their paid plans, you can unlock features like widget customization, chatbots, analytics and integrations with other business tools.For companies based in Europe, Userlike makes data privacy a top priority– it’s hosted in Germany and is 100% GDPR compliant.

8. onWebChat

Website: onwebchat.com
Price: Free – $8/month/operator (details)
Free Option: Yes, up to 100 chats per month

onWebChat may not be as feature-rich as some of the other options, but its lightweight construction offers one key benefit: it claims to not affect site speeds on the sites where it’s installed. Given that more than half of website visitors will leave a page that takes more than three seconds to load, site speed should be a vital consideration when choosing a live chat program.

That said, onWebChat’s minimalist approach doesn’t mean your visitors’ experience will suffer. Besides its core chat features, onWebChat offers the ability to easily toggle between multiple chats, as well as a visitor history viewer that’s visible to agents during chat sessions.

9. Pure Chat

Website: purechat.com
Price: Free – $79/month (details)
Free Option: Yes, unlimited live chat for up to 3 users or operators

A straightforward program, PureChat offers the simplicity of tools like onWebChat alongside more advanced options, such as its ArtiBot.ai lead capture bot.

The free version of the program makes past chat transcripts and canned responses available, while paid plans add real-time visitor analytics and SMS messaging capabilities. Detailed setup guides are available for popular platforms at all subscription levels.

10. ZenDesk

Website: zendesk.com
Price: Free – $59/month/agent (details)
Free Option: Yes, including 1 concurrent chat

Live chat is just one part of ZenDesk’s larger suite of customer support tools, so it’s most effective in practice if you plan to buy into the company’s larger product ecosystem.

If you do, you’ll enjoy access to triggered conversations and live chat analytics, as well as the ability to integrate with everything from websites and mobile apps, to popular messaging apps like Facebook Messenger and LINE.

11. ClickDesk

Website: clickdesk.com
Price: Free – $39.99/month (details)
Free Option: Yes, for up to 10 users and 30 chats

One notable feature you’ll find on ClickDesk that you won’t find on many other live chat programs is video chat functionality, which makes it possible to offer face-to-face support to your customers.

On top of that, ClickDesk guarantees 99.95% uptime, in addition to providing users with a popular help desk option and integrations with commonly-used social media programs.

12. Smartsupp

Website: smartsupp.com
Price: Free – $23.75/month/agent (details)
Free Option: Yes, for up to 3 agents

Smartsupp is a smart choice for ecommerce sellers, given the program’s integration with popular shopping platforms, as well as video recordings of users’ website activities to facilitate easier support experiences.

As an added bonus? If you’re a pro user and you happen to drop by the team’s office in the Czech Republic, they’ll treat you to a complimentary shot of local Slivovica brandy.

13. Zoho SalesIQ

Website: zoho.com/salesiq
Price: Free – $129/month (details)
Free Option: Yes, for up to 2 operators

Like ZenDesk, Zoho’s SalesIQ live chat program is part of the larger Zoho ecosystem, which contains everything from CRM to sales-focused tools.

Users who sign up for multiple Zoho programs will get the most out of SalesIQ’s features, but even those who don’t will be able to enjoy automated visitor geolocation, lead scoring and sales team coaching features that allow team managers to understand the performance of individual agents.

14. Chatra

Website: chatra.io
Price: Free – $19/month/agent (details)
Free Option: Yes, including 1 agent

Like other programs listed here, Chatra offers a multilingual chat widget that ensures agents are able to provide a great experience to all visitors – no matter where in the world they’re located.

Beyond this, users may be interested in Chatra’s screen sharing integration, as well as its outgoing webhooks, which make it easier to sync Chatra activities with other programs. Although both features are only available to paid users, they’re worth a look by any business that’s interested in maximizing the value of its live chat experiences.

15. HelpCrunch

Website: helpcrunch.com
Price: Free – $15/month (details)
Free Option: 14-day free trial

HelpCrunch calls its live chat system a “smart customer communication platform” because it offers so much more than simple chat engagement. Beyond its ability to answer visitor questions, the system comes with built-in lead prequalification features and multichannel messaging opportunities.

Agents using the platform will benefit from tagging, assigning and merging features that simplify visitor conversation management. And a heads-up for smaller teams – these features and more are available for free to single-agent subscriptions.

16. Freshdesk

Website: freshworks.com/live-chat-software
Price: Free – $99/month/team member (details)
Free Option: Yes, including up to 10 team members

Looking for a live chat system that ties directly into a CRM, a marketing automation platform, a help desk and more? Look no further than FreshChat – part of the FreshWorks 360-degree “customer-for-life” software suite.

In addition to its extensibility, FreshChat offers agents visitor context tools, which enrich chat conversations with event timelines, user information and data from visitors’ social profiles. It also makes a huge resource library available, ensuring every FreshChat user gets the most out of the popular platform.

17. Intercom

Website: Intercom.com
Price: Free – $153/month (details)
Free Option: Yes — Free trials for Business Messenger, Team Inbox, Outbound Messages

Intercom is the leading conversational relationship platform that helps businesses build better relationships with their customers through scalable messaging. Staying true to this goal, Intercom’s Business Messenger allows companies to chat with customers in real-time. With its app store of more than 100+ apps, the Business Messenger can easily integrate with other tools, making it infinitely customizable to whatever is most important to your business.

What makes Intercom stand out from competitors is the seamless way you can communicate with all your customers through one interface — whether it’s answering an email or an in-app message. The chat window also mimics apps that users use daily, making it easy and inviting for them to talk to a customer support rep.

Another interesting Intercom feature are the triggered automated campaigns that you can create based on a particular event or user behavior. For example, if a repeat visitor looks at a page a number of times, you can start a direct conversation with them, whether it’s automated or in real-time.

18. Tidio

Website: https://www.tidio.com/live-chat/
Price: Free – $15/month/10$/additional operators (details)
Free Option: Yes, includes 3 operators.

All-in-one website chat (boosted with chatbots) might be all you need to engage your website visitors in real-time, capture leads and create personalized offers on the spot. It goes by the name of Tidio Live Chat.

With Tidio you easily address questions and concerns of your customers, build customized chatbots and track your visitors behaviour – from the moment they land on your page. Tidio offers a free plan (forever) equipped with all important features to help you run a successful eCommerce business. It’s one of the most innovative and affordable solutions on the market. Tidio can also be integrated with most popular eCommerce platforms, as well as Zapier and other third-party apps.

19. Tawk.To

Website: tawk.to
Price: Free (chat agents available for $1/hour)
Free Option: Yes, unlimited usage

Though Tawk doesn’t offer the same level of sales automation features as Crisp, those with simpler live chat needs will appreciate its “always free” option and its promise of one-minute installation.

Once set up, Tawk’s ticketing system, ability to localize greetings and messages based on visitors’ location and trigger-based engagement make it a great choice for providing site and customer support. The option to hire live agents through the platform for just $1 an hour may also be appealing to companies that want to provide a higher level of personalized support.

How to keep your domain secure

How to keep your domain secure

The short guide to domain security

  1. Keep all of your web accounts secure with hard-to-guess passwords. Add 2-step authentication where possible and never give out your domain account information to anyone.
  2. Employ anti-virus and spyware measures to prevent keylogging software capturing your login details and secure your domain and data from malware.
  3. Keep your domain contact information up-to-date with your registrar; it’s the best way to ensure you can be contacted if any suspicious activity occurs on your account.
  4. Keep track of when your domains need to be renewed and make yourself aware of the renewal process. Set a reminder to avoid your registration expiring and being snapped up by someone else.
  5. Add domain privacy to keep your contact information out of the public domain. Thieves can use this information to impersonate you or fool you into accessing your domain.
  6. Provide an extra level of security to your domain with a registry lock service. This prevents anyone transferring your domain without your permission.
  7. Be vigilant with your emails to avoid a phishing attack. Hackers can email claiming to be your registrar and such an email could contain a link to a replicate site where you enter your information for them to capture.
  8. Secure your site with SSL certification, enable DNSSEC for extra protection and add a firewall to prevent unauthorized access. Choose a reliable host, practice good server security, such as regular updates, and use a VPS to be extra safe.

Imagine the scenario, it’s midday, and the volume of visitors to your successful e-commerce site has dropped to zero. Typically, you’re making sales, but since business has come to a standstill, you’re losing hundreds, if not thousands of dollars an hour.

Admittedly, domain name security isn’t the most exciting consideration for website owners. However, given the rise in web-based attacks, domain security is more important now than ever before. Cyber crimes occur in increasingly clever forms because people don’t make basic security provisions to protect their domains. The internet is an attractive place for individuals who know how to exploit easily avoidable security gaps.

Although securing your website might sound difficult, a step-by step approach can shore up your defenses and deter hackers. If you’re wondering how to keep your domain secure and how to deter hackers, stick with us. We’ll guide you through tactics that your site visitors will recognize and improve your site’s standing with the search engines. Take proactive action by following our nine steps to keep your domain protected and appeal to your site’s visitors.


Security for Domains

Domain security is as important for your own protection as well as that of your site’s visitors. Internet users are increasingly aware of the pitfalls of cyber theft. They are concerned for their safety and privacy, and want to know how to spot an unsafe website. In the current climate, terms like “identity theft”, “hack”, and “spam” get thrown about routinely. There is nothing worse for a website’s reputation than a security breach which leaves not only the domain owner, but all related logins vulnerable.

Many domain owners overlook the security of their domain name when they are developing their general website security policies. But consider the aftermath of losing your domain, either through poor domain management or via hijacking. Aside from the damage to your business and reputation, the process of recovery can be painfully slow and expensive. Fortunately, there are several measures you, as the domain name holder can take to protect your domain name against theft and loss.

Know Your Enemy

Before learning prevention methods, it’s important to be familiar with the sort of threats your domain name is susceptible to. Anyone who successfully accesses the account you hold with your domain name registrar has the power to hijack your domain name. They may use it to divert your website visitors to their own site, or to access your email. There are a few methods that can be used to hijack a domain.

Domain hijacking, also referred to as pharming, is a form of online fraud similar to phishing, where a fraudster seeks to obtain information by redirecting a website’s traffic to another site. The alternative site was developed to steal information from users without knowing it. Hijacking in this way is a serious problem because it puts sensitive private information at risk.

Phishing tricks domain owners into thinking an email is from their legitimate domain registrar. They click on a link in the email which opens a replica site of their registrar, and they are asked to log in. Users enter their username and password into what looks like a legitimate website. This information is captured by the attacker.


9 Steps to Keep a Secure Domain

Securing your domain name is crucial to safeguarding your domain name’s settings and control panel. Anyone with bad intentions who accesses this area can change your email and website accessibility settings.
It’s not only illegal access you need to be vigilant of; you don’t have to be the latest victim of cybercrime to lose control of your website. It could be snapped up and in the hands of a new owner perfectly legally if you simply forget to renew it.

Follow these nine steps to shield your domain from unauthorized changes to your domain name settings or from unintentionally slipping out of your hands.

Step 1. Keep Your Accounts Secure

  1. Use strong passwords – A strong password isn’t necessarily a complex series of numbers, letters and symbols as we were lead to believe. This advice has been deprecated by the guy who came up with it. Instead, consider using a password manager such as Dashlane or Lastpass to create a random password that is harder to predict. Avoid using common names, birthdays, anniversaries, etc,. and, when you hire someone to work on your domain account, make sure to change the password when they leave.
  2. Be your own firewall – Anyone with access to your domain can potentially hijack it. Never give your account information to anyone, including your webmaster. If someone needs access to your hosting account login details, use the Account Administrator feature to grant access levels to anyone who needs to manage domain names in your account.
  3. 2 step authentication – Using two-factor authentication on your account involves a two-step login process. It adds another layer of security when you need to access your account, using a password as well as another step, such as SMS authentication. Yes, it might be irritating for yourself and your domain users, but without this type of safeguard, a hacker can easily transfer your domain into their control.
  4. Log in to your registrar account regularly – Check your account details are correct, or save yourself the hassle by purchasing Domain Monitoring. This service alerts your administrative email if any changes are made to your domain name’s settings.
  5. Secure Email – Keeping the email linked to your domain safe is key to keeping your domain secure. Ensure your password is complex and change it frequently. Make sure to use a secure email solution and not free services that come from your broadband or telecoms provider, that might expire with lack of use or when you change provider.

    If your email expires, someone else could snap it up. This leaves this person free to impersonate you in correspondence with your registrar. They might even use the forgotten password feature to have the password emailed to them.

Step 2. Employ Anti Virus/ Spyware Measures

  1. Prevent key-logging – Install good antivirus/spyware software on your home computer, such as Bitdefender, to prevent key-logging software from capturing your usernames and passwords. Keep this software updated periodically to ensure your information isn’t handed to unauthorized persons.
  2. Keep applications up to date – To secure yourself from hackers you have to keep up to date with security updates. This will deter viruses and malware. Out-of-date security is the most targeted way to break your security and steal data. Bitdefender or Cybersmart will help with this also, as they scan your system for vulnerabilities and out of date software.

    Keep all the applications on your web account — for example, your domain account and your CMS, such as WordPress, etc —up-to-date with the latest security patches so hackers can’t exploit it. Any MySQL database used by those applications must also be kept updated to the latest version.

Step 3. Keep Your Registration Records Up-to-date

Keep your domain contact information accurate with your registrar. If you move, update your information immediately. It’s not only a legal requirement from ICANN, but keeping up-to-date records is also the best way to ensure your registrar has a way of contacting you if any suspicious activity occurs.

Make sure you are available to receive notifications so that your registrar will be able to immediately alert you if there are any changes made to your account. This forewarning gives you the chance to halt a pending transfer.

  • Whenever there are any changes to the contact details that you have been using for domain name transfer communications, let your registrar know.
  • Keep your emergency and business contact information up to date.

Step 4. Keep Track of Domain Renewals

The easiest way to lose a domain is by failing to renew it. After going through the process of buying a domain and creating a website, you will want to avoid your registration expiring. This is why you must make yourself fully aware of the renewal process for your domain. The most common arrangement is yearly renewal conducted automatically; however, it can vary from one registrar to another.

A simple way to avoid your domain being snapped up by someone else is by setting up a reminder. Many registrars allow you to renew domains for up to ten years in advance. The problem with anything you don’t regularly do is it is more likely to slip your mind. Consider setting a recurring reminder on your desktop annually. Another helpful tip is to synchronize domains, so they expire on the same date. Many domain registrars allow this, which makes things easier when you manage more than one.

Step 5. Add Domain Privacy

WHOIS is a public database the supplies its users with information regarding domain name ownership. All website owners are obliged to provide correct contact information to their registrar. The information provided with your domain registration is associated with the domain name, and a WHOIS record is created.

Anyone using the WHOIS search used to be able to access your contact information by searching the WHOIS database, however this is no longer legally allowed since the implementation of GDPR, but not all registrars follow the rules.

Thieves are after this information in particular because they can use your contact details to impersonate you and attempt to transfer your domain to a new owner. Alternatively, they might contact you to try fool you into revealing your account password.

If you don’t want this contact information available, opt for private domain registration. Domain privacy is a valuable add-on service most domain registrars provide for site owners who don’t want their contact information available publicly. The domain registrar will simply swap their contact details with yours. For example, if you are using Namecheap’s WhoisGuard, anyone wanting to contact you will have to talk to Namecheap first.

Step 6. Lock Up Your Domain

  • Permission to make changes – Most registrars offer a registry lock service to provide an extra level of security for domain name holders and their customers. Setting up a registrar lock (also known as domain lock and transfer lock) prevents anyone transferring your domain without your permission.Consider the worse case scenario: someone with bad intentions accesses the control panel used to activate your domain.

    This area includes information about your domain’s nameservers, information which helps the DNS located your domain. If someone was to edit this information, they could drive traffic trying to reach your site somewhere else.For a small fee, your registrar can apply a registry lock. Using a registry lock is similar to identity theft protections that block anyone using your credit card, without the special authorization of the card owner.

    Similarly, registrars are unable to make changes to your site’s DNS information without manual authorization from the registry.
  • Use a domain authorization code – An Extensible Provisioning Protocol, known as EPP, provides an extra layer of security at the time of domain name registration.
    A unique Authorization Information Code (AIC) is assigned by the registrar to the new domain owner. This code is needed to transfer the domain from one registrar to another. Keep your AICs secure and confidential for effective protection from unwanted domain transfers.

Step 7. Be Vigilant with Emails

People will use creative tactics to get your to disclose your domain account details. A popular method adopted by hackers is to send an email which looks just like one you would get from your domain registrar. The e-mail will ask your to click on a link that takes you to a close replica of your registrar’s website. Once you enter your information, it can be captured. If you log in through a phishing link, you might lose access to your account.

Avoid this by being vigilant about the following:

  • Be suspicious of emails claiming to be from your registrar
  • Don’t access your domain account directly from your email
  • Always enter the registrar’s address manually in your browser before logging in.

Step 8. Secure Your Site

  • SSL certification – SSL protection is one of the best-known security features you can get. Protect your customers against identity theft with an SSL Certificate. A customer’s sensitive information, such as their name, bank account information and billing address is encrypted during transmission from their computer to your domain web server.

    This process ensures that their information can’t be stolen. TLS, the less well-known acronym, is a similar security protocol which succeeded SSL.Customers will see they have accessed a secure website as they will see https:// at the beginning of its URL. If you’re conducting ane-commerce business or have access to any sensitive customer information, SSL technology is a must.

    Even casual internet users recognize it. You don’t need advanced computer knowledge to set this up, your host will likely provide shopping cart functionality to conduct secure transactions, for example. Another perk of SSL or TLS certificates installed on your computer is that it is a positive factor in how your site is viewed by Google.
  • Enable DNSSEC – DNSSEC is a complicated topic that relates to the domain name system used to translate domain names into numeric internet addresses.

    When the DNS was first implemented, it wasn’t secure, and several vulnerabilities were discovered. The threat of name spoofing is an example. Name spoofing is when someone can intercept communication between you and a customer, and comes between the two parties hoping to victimize the customer.Domain name system security extensions (DNSSEC) were created to tackle this problem.

    They are a set of protocols that add an extra layer of protection to the domain name system to prevent against unauthorized DNS hosts.
  • Reliable hosting – Hosting should be at the forefront of your battle against cyber crime. Check that your host is doing enough to ensure your site is secure from their side of things.
  • VPS – To be extra safe, use a VPS. Your domain exists on a slice of a much more powerful server in a secure data center. Unlike shared hosting, your domain is allotted a guaranteed amount of system resources.
  • Practice good server security habits – Performs regular updates on your CMS, disable unused services, plugins, widgets, etc., and control remote access.
  • Firewalls – Firewall the server so you can only access it from known safe locations/networks.

Step 9. Choose the Right Registrar

Don’t register your domain with the first registrar you come across. Be sure the registrar is authorized to sell domains, has a good reputation, and is trustworthy. When choosing a registrar, look beyond the price point alone; you need a quality service with good support.

Make sure your registrar provides additional security measures such as:

  • 2-factor authorization.
  • Notification of account changes, such as a pending domain transfer, which gives you time to respond before a domain is moved.
  • Readily available, knowledgeable technical support to assist implementing your domain name security.
  • Trained customer service agents who screen callers so no one can impersonate anyone in order to access an account.

7 Great Disaster Recovery Solutions

7 Great Disaster Recovery Solutions

Organizations can face disruption due to unexpected events: human-made and natural disasters, cyberattacks, or unexpected system failures. It is imperative to strategize and implement disaster recovery before disaster can impact operations and lead to significant revenue losses and customer attrition as a result of bad experiences.

Organizations should continually test their disaster recovery plans and procedures so they know they can reliably bring back mission-critical applications and data during recovery. This helps them recover from disasters early on and bring back mission-critical services and applications to mitigate the operational impact quickly after a downtime event. 

In disaster recovery, backup processes and technologies play a vital role in enabling organizations to recover. Accordingly, some organizations rely on continuous backup solutions to achieve better recovery point objectives—which is amount of acceptable data loss measured in time units like hours or minutes—using machine or application snapshots for recovery before disruption occurred. This can especially become complicated for managed services providers (MSP) with hundreds of clients to support. They should choose backup and disaster recovery solutions that are scalable and encapsulated better from disasters.

This article discusses 7 Great Disaster Recovery Solutions that help businesses to become disaster-ready.

BackBlaze

Backblaze isn’t shy about promoting its popularity: right on its homepage it says it’s now storing more than an exabyte for customers (that’s a million terabytes by the way, or eight million Galaxy S20 phones), and has recovered more than 50 billion files since it started business in 2007. In other words, it knows what it’s doing when it comes to cloud backup.

That’s all very reassuring when it comes to signing up for Backblaze, which offers a variety of paid-for packages for personal and business users – if you’ve got data that needs backing up, Backblaze will do it for you. It also offers unlimited cloud storage, so your cloud locker can keep growing indefinitely as the amount of data you’ve got keeps on growing.

Backblaze features

Backblaze takes the position that you don’t need to know the details of your backup plan, just that it is occurring: when you install the desktop client for the first time, it doesn’t ask you to pick out files and folders, but just grabs all the files and folders it considers important and starts transferring them to your Backblaze cloud storage.

By default, Backblaze copies everything that isn’t an ISO, DMG (Mac disk image), a virtual drive, system files or executables. You can exclude other file types if you wish, but unless exclusively told to ignore them all other file types will be included. It’s all very simple and straightforward, and you get peace of mind straight away that your entire computer can be recovered if needed.

This is very much a set-it-and-forget-it solution: Backblaze is there to help you recover data if your hard drive suddenly fails or your laptop falls in the bath. It’s not for syncing files between computers or getting at your music and video files in the cloud. You can include external hard drives and (on a business plan) servers in your backups, but networked drives can’t be included.

Backups can be continuous, once a day, or initiated manually. Some extra variety with those timescales would be nice, but we expect the majority of users will leave it set to continuous backup mode. It’s worth noting that while you can backup an unlimited amount of data, you are restricted to one computer for each Backblaze account, and mobile devices aren’t included.

Backblaze interface

The desktop client you get with Backblaze isn’t particularly innovative or intuitive – but then again, it doesn’t have to be. There are a limited number of options with a Backblaze package, so the software doesn’t have to do much except make sure that your files are getting continuously backed up in the background.

You can exclude certain files and folders from a Backblaze backup, but it’s not particularly straightforward to do. Considering you get an unlimited amount of space in the cloud, it’s easier to just let Backblaze back up everything, just in case. Transferring data from an entire computer to the web can take some time, but we were impressed with the speeds Backblaze managed (you can choose to pause or throttle the upload process if you think Backblaze is taking up too much bandwidth).

Like the desktop client, the web interface is also cut down and minimal, letting you review backed up files and restore them if needed. There’s also a mechanism for sharing stored files to others that are exclusive to the web interface. Dropbox, Google Drive or iCloud this certainly isn’t in terms of web functionality.

In the advent of a system failure or loss files can be downloaded in a zip file for free, or Backblaze will put them on a Flash drive or physical USB hard drive for an extra fee and send them to you. While it may not do much beyond suck up all the files on a computer and let you restore them, Backblaze does these core jobs very well.

Backblaze security

Backblaze scores highly from a security perspective: not only can you enable two-step authentication on your account, you can also rely on AES 128-bit encryption and an SSL connection to avoid your data being intercepted as it passes over the internet. It’s not full end-to-end encryption but it’s certainly going to be safe enough for most users.

You can, if you want, set up a private encryption key, known only to you, which adds an extra layer of protection to your data (if you’re worried about Backblaze staff prying into your affairs). However, if you set this up, Backblaze can’t help you if you forget the key, and you need to tell Backblaze what it is if you ever need to restore your data.

Backblaze pricing

You can try Backblaze for free for 15 days without giving up any credit card information, but there’s no free tier (as you would expect as you’re getting unlimited cloud storage). Personal plans cost from $6 a month, though you can sign up for a year for $60 (the equivalent of $5 a month) or for two years for $110 ($4.58 a month).

The pricing is actually the same for business customers, although you can contact Backblaze direct for different quotes on backing up multiple computers and servers, and on putting more of your data in the cloud for long-term storage (replacing tape backups, essentially). It’s good to see this sort of bespoke, flexible pricing, but it does make it more difficult to compare Backblaze against other services of course.

Backblaze verdict

Backblaze has a lot of users and a lot of fans, and it’s easy to see why – if you want to back up everything from one computer and its external drives, simply and securely, without spending too much, then it’s hard to beat. There are no limits on file sizes and no limits on the amount of data you can send to the cloud.

Just be certain you know exactly what Backblaze is before you part with any cash: it’s not for syncing files between computers or getting easy access to your files through a web browser. It’s a comprehensive, set-it-and-forget it backup solution for protecting your data should the worst happen, and at that job it’s very good.

Manage with MSP360

MSP360 Screenshot

Servers are complicated, backing them up doesn’t need to be. MSP360 provides easy-to-use, advanced backup and disaster recovery solutions for businesses.

MSP360™ Managed Backup (MBS) is an easy-to-use backup solution for Managed Service Providers and IT departments that require a centralized license and job management, monitoring, and reporting. MBS allows you to leverage AWS, Microsoft Azure, Backblaze B2, and Wasabi cloud storage to drive more revenue and deliver best-in-class data protection to your customers.

Backblaze Finger Icon

Set it and forget it. Manage multiple servers with granular control from the web-based admin console.

Backblaze Finger Icon

Advanced backup features to protect your data. Flexible scheduling, compression, encryption, and ransomware protection.

Backblaze Cloud Pause Icon

Low-cost and high-performance cloud storage allows you to scale as you need and only pay for what you use. Migrate large data sets using the B2 Fireball with zero impact to your network.

How It Works

 SolarWinds Backup

Best Disaster Recovery Solutions – SolarWinds MSP Backup

SolarWinds MSP Backup is a backup and disaster recovery solution that performs backups using an agent installed on physical or virtual servers.

In addition to backups, it also offers an archiving service for longer term data storage, and it provides granular control over what to archive. Subsequently, this archived data can help in auditing, compliance demonstration, and other data retention purposes.

Besides, it doesn’t require maintaining a secondary data center, as SolarWinds Backup stores and manages data in its private cloud, with 30 data centers across four continents. Moreover, these data centers are either ISO- or SOC-compliant.

SolarWinds Backup uses AES 256-bit data encryption to encrypt data when stored and transferred.  Additionally, SolarWinds Backup offers custom encryption keys that are privately held by the organization or MSP—in other words, it’s built so even SolarWinds MSP can’t unencrypt data.

Moreover, it gives the flexibility of maintaining standby servers with continuous restores, used to offer quick failover and drastically reduce downtime. SolarWinds Backup also allows replicating machines in a chosen local data center or Microsoft Azure.

 Microsoft Azure

Best Disaster Recovery Solutions – Azure

Microsoft Azure offers Azure Site Recovery and Azure Backup that work in tandem to provide disaster recovery and backup. Azure Site Recovery helps to back up on-premises workloads to Azure and Azure workloads to different availability zones. In a disaster, organizations can quickly replicate on-premises workloads on Azure and perform failback procedures when the primary data centers recover.

Azure Site Recovery also helps in performing disaster recovery drills without impacting ongoing replication processes. And it allows running failovers for expected or unexpected disruption without losing any data.

Azure Backup allows organizations to back up files, VMs, and SQL databases, as well as SAP HANA databases running on Azure VMs. It offers storage redundancy in local, geo, and zone levels. Moreover, it can perform application-consistent backups that contain all the required data to restore an application.

 Barracuda Backup

Best Disaster Recovery Solutions – Barracuda

Barracuda Backup can back up data from a wide range of sources, including physical and virtual machines, SaaS applications like OneDrive and SharePoint, and SQL databases. Further, it allows replicating backup data to other data centers, AWS, or Barracuda cloud storage. It supports machine recovery through snapshots and allows you to granularly recover only specific files depending on the situation. Barracuda Backup offers various solutions:

  • Barracuda Backup Appliance, a physical appliance for backups
  • Barracuda Cloud to Cloud that helps to manage Microsoft 365 backups
  • Barracuda Virtual Backup for directly using it on an organization’s hardware
  • Full cloud-based management from one console

 SolarWinds RMM and N-central

Best Disaster Recovery Solutions – SolarWinds RMM

SolarWinds RMM is a comprehensive remote monitoring and management tool that also provides backup and recovery features. It uses TrueDelta technology that only stores changes from the last backup, quickening the backup process. Plus, it can back up individual files, servers, applications, and entire systems in a cloud environment and facilitate rapid recovery in the event of a disaster. Further, it’s built for secure data transfers and encrypts data using AES 256-bit encryption.

Similarly, SolarWinds N-central® is another remote monitoring and management tool that features Backup Manager, which facilitates data protection through backups and provides disaster recovery.

 TierPoint

TierPoint offers fully managed, as well as self-service disaster recovery solutions. It facilitates cloud-to-cloud failover to TierPoint private or multitenant clouds. It also supports failover automation that helps teams recover from incidents in a shorter time. It also helps to perform replication and recovery to Azure and allows recovering physical servers to the cloud. Furthermore, TierPoint helps to perform disaster recovery setup and testing in accordance with regulatory compliances, such as HIPAA and PCI DSS.

 Flexential DRaaS

Flexential DRaaS is a fully managed service for on-premises as well as cloud environments. Its Recovery Cloud aims to achieve low recovery time objectives and recovery point objectives. It also focuses on providing secure and compliance-based solutions and has five different DR locations across the U.S. It allows testing as needed and provides the flexibility of replicating to a Flexential recovery site or any other chosen data center.

Conclusion

Customer experience is the cornerstone of business growth and revenue generation, and disasters are among the most significant threats. A simple look at stats on disaster and cyberattacks reveal how frequent they occur:

As disasters represent severe threats to organizational operations, businesses must prepare for unforeseeable events by continually performing backups and testing disaster recovery strategies. This is even more critical for MSPs having hundreds of clients concentrated in a handful of geographic locations, as any disaster impacting one area can impact their customers adversely if recovery plans are not in place.

Hopefully this 7 Great Disaster Recovery Solutions provided you with some useful insights.

What is the biggest threat to cybersecurity?

What is the biggest threat to cybersecurity?

What is the biggest threat to cybersecurity or IT infrastructure right now? According to one of Canada’s premier cybersecurity experts, if you answered malware or ransomware or crypto, you’d be wrong.

According to Calgary-based cybersecurity leader Sonya Goulet, the most significant risk is the end user. A team of hackers can unleash the most potent cocktail of malware on a system, but if no one opens it up, the attack is rendered useless. Or, another threat, she says, are weak passwords. A hacker may have the intent to deploy the most destructive malware on a system, but if the password is almost impenetrable, then the attack is neutralized.

“All cyber threats evolve quickly and often, yet the end user is still disregarding simple tips to keep an enterprise safe, for example, using proper passwords,” Goulet points out. Smarter MSP caught up with her to ask her about the most significant threats today and what MSPs can do to mitigate them.

Goulet advises that MSPs and CISOs should be focusing on proper password hygiene. She says a good password should follow guidelines set by the National Institute of Standards and Technology (NIST).

“I also recommend making a password a meaningful passphrase, at least ten complex characters long. My second piece of advice is to use a Password Manager, like LastPass,” Goulet says. But having an enterprise get to a point where everyone is on board takes time and training, she adds.

She goes on to point out that staff can let the password manager create passwords for the sites they visit, so they don’t have to think or remember any of the hundreds of passwords needed in their day-to-day life.

“They feel positive knowing they only have one password to remember going forward, and that password is to access their password manager account,” Goulet offers, adding that most people are relieved by the simplicity of it.

In Goulet’s work with companies to beef up their best practices, she finds that weak passwords are a prolific problem.

“I found that while I work with staff on cybersecurity practices, they all admit to me that they keep the same simple password and use that one password across all of their online websites. They also admit to never changing their passwords,” Goulet states.

This is a big problem

A recent study by ID Agent illustrates the size of the problem:

  • At least 65 percent of people reuse passwords across multiple sites.
  • Around 13 percent of people use the same password for all accounts and devices.
  • About 80 percent of data breaches in 2019 were caused by password compromise.
  • Compromised passwords are responsible for 81 percent of hacking breaches.
  • The average person reuses each password 14 times!
  • An estimated 49 percent of employees only add a digit or change a character in their password when they’re required to update it.
  •  Passwords were leaked in about 65 percent of the breaches that happened in 2019.

In today’s evolving and dynamic threat landscape, carelessness when it comes to passwords is a gaping hole in an organization’s defenses.

Passwords, however, are just one aspect of how an end user can compromise a network. Other problems can occur with improper data hygiene and becoming complacent with clicking links in emails. Such sloppy clicking can lead to the deployment of all sorts of malware. To head off some of these, Goulet recommends MSPs do the following:

Create easy steps to follow

Examples, Goulet says, include teaching staff what data is vital to protect, and showing staff how to look for phishing or vishing attempts, teach or review with staff to scan everything in emails and verify by a phone call if needed (using the old President Reagan phrase of “Trust, but verify”).

“In order for staff to care about what they are protecting, leadership has to guide them,” Goulet advises. That means making workers feel invested in the company or enterprise so that everyone has a stake in its survival. Show staff what the fallout could be from clicking a bad link. Businesses have had to shutter because of malware, and that should make everyone shudder.”

I found that most staff don’t care enough with what link they click, or what password they use, or what data they share with other staff members. All of those issues are an evident need for improved policies and procedures,” Goulet concludes.

What Is DNS? | How DNS Works

What Is DNS? | How DNS Works

What is DNS?

The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.

Each device connected to the Internet has a unique IP address which other machines use to find the device. DNS servers eliminate the need for humans to memorize IP addresses such as 192.168.1.1 (in IPv4), or more complex newer alphanumeric IP addresses such as 2400:cb00:2048:1::c629:d7a2 (in IPv6).

DNS

How does DNS work?

The process of DNS resolution involves converting a hostname (such as www.example.com) into a computer-friendly IP address (such as 192.168.1.1). An IP address is given to each device on the Internet, and that address is necessary to find the appropriate Internet device – like a street address is used to find a particular home. When a user wants to load a webpage, a translation must occur between what a user types into their web browser (example.com) and the machine-friendly address necessary to locate the example.com webpage.

In order to understand the process behind the DNS resolution, it’s important to learn about the different hardware components a DNS query must pass between. For the web browser, the DNS lookup occurs “ behind the scenes” and requires no interaction from the user’s computer apart from the initial request.

There are 4 DNS servers involved in loading a webpage:

  • DNS recursor – The recursor can be thought of as a librarian who is asked to go find a particular book somewhere in a library. The DNS recursor is a server designed to receive queries from client machines through applications such as web browsers. Typically the recursor is then responsible for making additional requests in order to satisfy the client’s DNS query.
  • Root nameserver – The root server is the first step in translating (resolving) human readable host names into IP addresses. It can be thought of like an index in a library that points to different racks of books – typically it serves as a reference to other more specific locations.
  • TLD nameserver – The top level domain server (TLD) can be thought of as a specific rack of books in a library. This nameserver is the next step in the search for a specific IP address, and it hosts the last portion of a hostname (In example.com, the TLD server is “com”).
  • Authoritative nameserver – This final nameserver can be thought of as a dictionary on a rack of books, in which a specific name can be translated into its definition. The authoritative nameserver is the last stop in the nameserver query. If the authoritative name server has access to the requested record, it will return the IP address for the requested hostname back to the DNS Recursor (the librarian) that made the initial request.

What’s the difference between an authoritative DNS server and a recursive DNS resolver?

Both concepts refer to servers (groups of servers) that are integral to the DNS infrastructure, but each performs a different role and lives in different locations inside the pipeline of a DNS query. One way to think about the difference is the recursive resolver is at the beginning of the DNS query and the authoritative nameserver is at the end.

Recursive DNS resolver

The recursive resolver is the computer that responds to a recursive request from a client and takes the time to track down the DNS record. It does this by making a series of requests until it reaches the authoritative DNS nameserver for the requested record (or times out or returns an error if no record is found). Luckily, recursive DNS resolvers do not always need to make multiple requests in order to track down the records needed to respond to a client; caching is a data persistence process that helps short-circuit the necessary requests by serving the requested resource record earlier in the DNS lookup.

How DNS works - the 10 steps in a DNS query

Authoritative DNS server

Put simply, an authoritative DNS server is a server that actually holds, and is responsible for, DNS resource records. This is the server at the bottom of the DNS lookup chain that will respond with the queried resource record, ultimately allowing the web browser making the request to reach the IP address needed to access a website or other web resources. An authoritative nameserver can satisfy queries from its own data without needing to query another source, as it is the final source of truth for certain DNS records.

DNS query diagram

It’s worth mentioning that in instances where the query is for a subdomain such as foo.example.com or blog.cloudflare.com, an additional nameserver will be added to the sequence after the authoritative nameserver, which is responsible for storing the subdomain’s CNAME record.

DNS query diagram

There is a key difference between many DNS services and the one that Cloudflare provides. Different DNS recursive resolvers such as Google DNS, OpenDNS, and providers like Comcast all maintain data center installations of DNS recursive resolvers. These resolvers allow for quick and easy queries through optimized clusters of DNS-optimized computer systems, but they are fundamentally different than the nameservers hosted by Cloudflare.

Cloudflare maintains infrastructure-level nameservers that are integral to the functioning of the Internet. One key example is the f-root server network which Cloudflare is partially responsible for hosting. The F-root is one of the root level DNS nameserver infrastructure components responsible for the billions of Internet requests per day. Our Anycast network puts us in a unique position to handle large volumes of DNS traffic without service interruption.

What are the steps in a DNS lookup?

For most situations, DNS is concerned with a domain name being translated into the appropriate IP address. To learn how this process works, it helps to follow the path of a DNS lookup as it travels from a web browser, through the DNS lookup process, and back again. Let’s take a look at the steps.

Note: Often DNS lookup information will be cached either locally inside the querying computer or remotely in the DNS infrastructure. There are typically 8 steps in a DNS lookup. When DNS information is cached, steps are skipped from the DNS lookup process which makes it quicker. The example below outlines all 8 steps when nothing is cached.

The 8 steps in a DNS lookup:

  1. A user types ‘example.com’ into a web browser and the query travels into the Internet and is received by a DNS recursive resolver.
  2. The resolver then queries a DNS root nameserver (.).
  3. The root server then responds to the resolver with the address of a Top Level Domain (TLD) DNS server (such as .com or .net), which stores the information for its domains. When searching for example.com, our request is pointed toward the .com TLD.
  4. The resolver then makes a request to the .com TLD.
  5. The TLD server then responds with the IP address of the domain’s nameserver, example.com.
  6. Lastly, the recursive resolver sends a query to the domain’s nameserver.
  7. The IP address for example.com is then returned to the resolver from the nameserver.
  8. The DNS resolver then responds to the web browser with the IP address of the domain requested initially.
  9. The browser makes a HTTP request to the IP address.
  10. The server at that IP returns the webpage to be rendered in the browser (step 10).
DNS query diagram

What is a DNS resolver?

The DNS resolver is the first stop in the DNS lookup, and it is responsible for dealing with the client that made the initial request. The resolver starts the sequence of queries that ultimately leads to a URL being translated into the necessary IP address.

Note: A typical uncached DNS lookup will involve both recursive and iterative queries.

It’s important to differentiate between a recursive DNS query and a recursive DNS resolver. The query refers to the request made to a DNS resolver requiring the resolution of the query. A DNS recursive resolver is the computer that accepts a recursive query and processes the response by making the necessary requests.

DNS query diagram

What are the types of DNS Queries?

In a typical DNS lookup three types of queries occur. By using a combination of these queries, an optimized process for DNS resolution can result in a reduction of distance traveled. In an ideal situation cached record data will be available, allowing a DNS name server to return a non-recursive query.

3 types of DNS queries:

  1. Recursive query – In a recursive query, a DNS client requires that a DNS server (typically a DNS recursive resolver) will respond to the client with either the requested resource record or an error message if the resolver can’t find the record.
  2. Iterative query – in this situation the DNS client will allow a DNS server to return the best answer it can. If the queried DNS server does not have a match for the query name, it will return a referral to a DNS server authoritative for a lower level of the domain namespace. The DNS client will then make a query to the referral address. This process continues with additional DNS servers down the query chain until either an error or timeout occurs.
  3. Non-recursive query – typically this will occur when a DNS resolver client queries a DNS server for a record that it has access to either because it’s authoritative for the record or the record exists inside of its cache. Typically, a DNS server will cache DNS records to prevent additional bandwidth consumption and load on upstream servers.

What is DNS caching? Where does DNS caching occur?

The purpose of caching is to temporarily stored data in a location that results in improvements in performance and reliability for data requests. DNS caching involves storing data closer to the requesting client so that the DNS query can be resolved earlier and additional queries further down the DNS lookup chain can be avoided, thereby improving load times and reducing bandwidth/CPU consumption. DNS data can be cached in a variety of locations, each of which will store DNS records for a set amount of time determined by a time-to-live (TTL).

Browser DNS caching

Modern web browsers are designed by default to cache DNS records for a set amount of time. the purpose here is obvious; the closer the DNS caching occurs to the web browser, the fewer processing steps must be taken in order to check the cache and make the correct requests to an IP address. When a request is made for a DNS record, the browser cache is the first location checked for the requested record.

In chrome, you can see the status of your DNS cache by going to chrome://net-internals/#dns.

Operating system (OS) level DNS caching

The operating system level DNS resolver is the second and last local stop before a DNS query leaves your machine. The process inside your operating system that is designed to handle this query is commonly called a “stub resolver” or DNS client. When a stub resolver gets a request from an application, it first checks its own cache to see if it has the record. If it does not, it then sends a DNS query (with a recursive flag set), outside the local network to a DNS recursive resolver inside the Internet service provider (ISP).

When the recursive resolver inside the ISP receives a DNS query, like all previous steps, it will also check to see if the requested host-to-IP-address translation is already stored inside its local persistence layer.

The recursive resolver also has additional functionality depending on the types of records it has in its cache:

  1. If the resolver does not have the A records, but does have the NS records for the authoritative nameservers, it will query those name servers directly, bypassing several steps in the DNS query. This shortcut prevents lookups from the root and .com nameservers (in our search for example.com) and helps the resolution of the DNS query occur more quickly.
  2. If the resolver does not have the NS records, it will send a query to the TLD servers (.com in our case), skipping the root server.
  3. In the unlikely event that the resolver does not have records pointing to the TLD servers, it will then query the root servers. This event typically occurs after a DNS cache has been purged.