Saturday, 13 June 2026, 10:45 PM
Created by: Ruvenss G. Wilches
Use a dedicated API token. Create an API token specifically for NIZU at your registrar so you can revoke it without affecting anything else.
Your token is write-once. When you save a registrant, the API token is stored securely and never shown again. To change it, enter a new one; leave it blank to keep the existing token.
Limit who has Settings access. Only the Settings/Registrants permission lets a staff member view or edit registrar connections — keep that to administrators.
Test before you trust. Always use Test Connection after adding or updating credentials, so a typo doesn't silently break syncing later.
If you're experimenting or training staff, connect a Sandbox registrant first. You can try syncing and DNS changes without touching live domains.
Switch to a Production connection only once you're comfortable with the workflow.
Edit live, verify live. DNS changes are pushed to your registrar and only saved in NIZU when the provider accepts them — so trust NIZU as your source of truth, not a stale copy elsewhere.
Use Test Record after changes. Confirm A, CNAME, MX and TXT records resolve as expected before telling a client "it's done."
Mind the TTL. Lower the TTL before a planned change so it propagates quickly; raise it back afterwards for stability. The default is 3600 seconds (1 hour).
Don't orphan a service. Before deleting or repointing a record (especially MX and CNAME), confirm nothing depends on it.
Use @ for the root. Enter @ as the host for the root domain rather than retyping the domain name.
Keep at least two. Domain Manager enforces a minimum of two nameservers — never try to operate on one.
Fetch before you edit. The nameserver list is pulled from the registrar on load, so you're always editing the real, current set.
Changing nameservers moves DNS hosting. Repointing nameservers hands DNS control to another provider — make sure the new provider already has your zone configured, or you'll cause an outage.
Assign a client to every managed domain. This is what powers the client portal view and per-client sharing.
Add the project too when a domain belongs to specific work — it keeps everything discoverable from one place.
Record cost and dates. Filling in expiry date and cost makes the dashboard and expiry warnings genuinely useful.
Grant the least access needed. Start clients with view-only DNS, and add edit/delete only for those who truly need it.
Share specific records, not everything. Use Shared with Client on individual DNS records to expose only what's relevant (e.g. a verification TXT record), rather than the whole zone.
Route transfer requests through tickets. Keep the Request Transfer Code flow enabled so client requests become trackable support tickets instead of ad-hoc emails. Set the right ticket type in Settings.
Turn on expiry notifications in Settings and set a sensible notice window (30 days is a good default; use 60 for domains with long renewal lead times).
Watch the badges. Red = expired, yellow = expiring soon, green = healthy. Treat yellow as a to-do, not a maybe.
Enable auto-renew at the registrar for domains you intend to keep, and reflect that on the domain record.
Let auto-sync do the heavy lifting. Open the Domains list to refresh from your registrar; open a domain's DNS to refresh its records. Avoid manually duplicating what the sync already maintains.
Be cautious with local-only entries. Domains or records not tied to an API-capable registrant won't sync — label them clearly in Notes so the team knows they're maintained by hand.
Review the audit log when something looks off. Every registrar API call is logged (without your secret token), which makes it easy to see what changed and when.