Back to Details

domain-strategy

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Domain Strategy

域名策略

Decide how domains, subdomains, and DNS work across a portfolio. Stack-agnostic. Works for one site or one hundred.
确定域名、子域名和DNS在整个域名组合中的协作方式。与技术栈无关,适用于单个站点或上百个站点。

When to use

适用场景

  • Setting up DNS for a new site (apex vs www, primary vs aliases)
  • Choosing or switching registrars
  • Planning redirects across multiple domains (parked, retired, consolidated)
  • Deciding subdomain vs subfolder vs separate domain for a new product line
  • Consolidating multiple sites into one
  • Splitting one site into multiple
  • Setting up DNS for email, security records, third-party services
  • 为新站点配置DNS(根域名vs www域名、主域名vs别名)
  • 选择或更换域名注册商
  • 规划多域名间的重定向(停放域名、停用域名、合并域名)
  • 为新产品线决定使用子域名、子目录还是独立域名
  • 将多个站点合并为一个
  • 将单个站点拆分为多个
  • 为邮件、安全记录、第三方服务配置DNS

When NOT to use

不适用场景

  • Migrating content between platforms with URL changes (use 
    content-migration
    )
  • Email authentication setup specifically (use 
    email-deliverability
    )
  • Security headers or HTTPS config (use 
    security-baseline
    )
  • Internationalization domain choices (use 
    internationalization
    )
  • 跨平台迁移内容并修改URL(使用
    content-migration
  • 专门配置邮件认证(使用
    email-deliverability
  • 安全标头或HTTPS配置(使用
    security-baseline
  • 国际化域名选择(使用
    internationalization

Required inputs

必填输入信息

  • Current domain inventory (every domain you own or operate)
  • Status of each (live, parked, redirected, retired)
  • Strategic role of each (primary brand, sub-brand, defensive registration, campaign)
  • Current DNS provider and registrar for each
  • Email and third-party service dependencies
  • 当前域名清单(所有拥有或运营的域名)
  • 每个域名的状态(活跃、停放、重定向、停用)
  • 每个域名的战略角色(主品牌、子品牌、防御性注册、营销活动)
  • 每个域名当前的DNS服务商和注册商
  • 邮件及第三方服务依赖关系

The framework: 5 decisions

框架:5项核心决策

Every domain decision falls into one of these buckets. Address them in order.
所有域名决策都可归为以下类别,请按顺序处理。

Decision 1: Apex vs www as canonical

决策1:选择根域名或www域名作为规范域名

Pick one. Redirect the other to it. Pick before launch. Changing later is painful.
  • Apex (example.com): cleaner, more memorable, the modern default.
  • www (www.example.com): historically standard, easier to add CDN-level CNAME records (apex CNAME is technically forbidden but most providers offer ALIAS or ANAME).
Whichever you pick, the other must 301 to it. Both serving content is duplicate content and a soft signal of poor setup.
二选一,将另一个重定向到所选域名。请在上线前确定,后续更改成本极高。
  • 根域名(example.com): 更简洁、易记,是当前的主流选择。
  • www域名(www.example.com): 历史标准,更易添加CDN级别的CNAME记录(根域名CNAME在技术上被禁止,但多数服务商提供ALIAS或ANAME替代方案)。
无论选择哪一个,另一个必须通过301重定向到它。若两者同时提供内容会造成重复内容,属于配置不当的软信号。

Decision 2: Subdomain vs subfolder vs separate domain

决策2:子域名、子目录还是独立域名

For a new product, blog, or content section:
PatternUse when
Subfolder (
example.com/blog
)		Same brand, want SEO equity to flow, default choice
Subdomain (
blog.example.com
)		Different stack or platform, organizationally separate but related
Separate domain (
exampleblog.com
)		Different brand, different audience, intentional separation
Default to subfolder. The case for subdomain or separate domain has to be made.
针对新产品、博客或内容板块:
模式适用场景
子目录(
example.com/blog
同一品牌,希望SEO权重流转,默认选择
子域名(
blog.example.com
技术栈或平台不同,组织上独立但相关
独立域名(
exampleblog.com
不同品牌,不同受众,需要明确分离
默认选择子目录。选择子域名或独立域名需具备充分理由。

Decision 3: Registrar strategy

决策3:注册商策略

The registrar is where the domain is registered. The DNS provider is where DNS records live. They can be the same or different.
Decisions:
  • Single registrar vs multiple: single is simpler. Multiple makes sense for redundancy at scale.
  • Lock and 2FA: non-negotiable. Domain hijacking is real and costly.
  • Auto-renew: on for everything you care about. Off only for intentional drops.
  • WHOIS privacy: on by default. Free at most modern registrars.
  • Transfer lock: on except during planned transfers.
注册商是域名注册的平台,DNS服务商是DNS记录托管的平台,两者可以相同或不同。
决策要点:
  • 单一注册商vs多个注册商: 单一会更简单,大规模场景下多个注册商可实现冗余备份。
  • 锁定与双因素认证(2FA): 必不可少。域名劫持真实存在且代价高昂。
  • 自动续费: 对所有需要保留的域名开启,仅对计划弃用的域名关闭。
  • WHOIS隐私保护: 默认开启,多数现代注册商提供免费服务。
  • 转移锁定: 除计划转移期间外,始终开启。

Decision 4: DNS provider

决策4:DNS服务商选择

The DNS provider controls how domains resolve. Critical for performance, reliability, and security.
Pick a provider that gives you:
  • Fast global resolution (anycast network)
  • DNSSEC support
  • API access for automation
  • Reasonable record limits
  • Good audit logs
Default DNS records every domain needs:
  • A or AAAA records (or CNAME) for the apex and www
  • MX records (even just nullified if no email)
  • TXT for domain verification, SPF
  • CAA records (locks down which certificate authorities can issue certs for the domain)
DNS服务商控制域名解析,对性能、可靠性和安全性至关重要。
选择具备以下特性的服务商:
  • 快速的全球解析能力(任播网络)
  • 支持DNSSEC
  • 提供API用于自动化操作
  • 合理的记录数量限制
  • 完善的审计日志
每个域名必备的默认DNS记录:
  • 根域名和www域名的A或AAAA记录(或CNAME)
  • MX记录(即使无邮件服务也可设置为空)
  • 用于域名验证、SPF的TXT记录
  • CAA记录(限制可为域名颁发证书的证书机构)

Decision 5: Parked domain strategy

决策5:停放域名策略

Domains you own but aren't actively using. Three valid strategies:
  1. Redirect to a primary site. Best for defensively registered domains close to your main brand. 301 every path to the primary's homepage or matching path.
  2. Hold blank. A simple page or DNS NXDOMAIN. Acceptable for domains you may use later.
  3. Park with a landing page. Generic "coming soon" page. Lowest value. Avoid registrar default parking pages (often serve ads against your brand).
Anti-pattern: letting parked domains serve duplicate or near-duplicate content from your main site. This is an SEO liability.
拥有但未主动使用的域名,有三种合理策略:
  1. 重定向到主站点。 最适合与主品牌相近的防御性注册域名。将所有路径通过301重定向到主站点首页或对应路径。
  2. 空白保留。 设置简单页面或DNS NXDOMAIN记录,适用于未来可能使用的域名。
  3. 配置着陆页停放。 通用的“即将上线”页面。价值最低,避免使用注册商默认停放页面(通常会展示与品牌相关的广告)。
反模式:让停放域名提供与主站点重复或近似的内容,这会带来SEO风险。

Workflow

工作流程

Step 1: Inventory

步骤1:整理域名清单

Pull every domain you own from every registrar. Build a single sheet:
DomainRegistrarDNS providerStatusRoleRenewal dateNotes
If you can't account for every domain, the strategy can't be accurate.
从所有注册商处导出所有拥有的域名,制作统一表格:
域名注册商DNS服务商状态角色续费日期备注
若无法统计所有域名,策略将无法准确制定。

Step 2: Classify by role

步骤2:按角色分类

Each domain gets one role:
  • Primary (the main site for a brand)
  • Alias (redirects to a primary)
  • Defensive (registered to prevent others from getting it; usually parked)
  • Campaign (short-term, specific use)
  • Retired (no longer active; either drop at expiry or redirect permanently)
The classification drives the configuration.
每个域名对应一个角色:
  • 主域名(品牌的核心站点)
  • 别名(重定向到主域名)
  • 防御性域名(注册用于防止他人抢占,通常为停放状态)
  • 营销活动域名(短期、特定用途)
  • 停用域名(不再活跃,到期后弃用或永久重定向)
分类结果将指导配置操作。

Step 3: Audit current configuration

步骤3:审计当前配置

For each domain check:
  • Is the canonical (apex vs www) consistent with the strategy?
  • Are redirects 301 (permanent) where intended?
  • Is HTTPS enforced on every variant?
  • Are DNS records minimal and intentional?
  • Is the registrar locked?
  • Is auto-renew on?
  • Is 2FA on the registrar account?
Document gaps. Each gap is a ticket.
针对每个域名检查:
  • 规范域名(根域名vs www)是否与策略一致?
  • 重定向是否按预期设置为301(永久)?
  • 是否对所有域名变体强制启用HTTPS?
  • DNS记录是否精简且符合预期?
  • 注册商是否已锁定?
  • 是否开启自动续费?
  • 注册商账户是否启用双因素认证?
记录存在的问题,每个问题对应一个任务工单。

Step 4: Set the canonical pattern

步骤4:设置规范域名模式

For new domains and any that need fixing:
  • Pick apex or www as canonical
  • Configure 301 redirect for the non-canonical
  • Force HTTPS for both
  • Verify with curl: 
    curl -I http://example.com
    , 
    curl -I http://www.example.com
    , 
    curl -I https://www.example.com
    . All should chain to a single 200 on the canonical.
针对新域名和需要修复的域名:
  • 选择根域名或www域名作为规范域名
  • 为非规范域名配置301重定向
  • 对两者强制启用HTTPS
  • 使用curl命令验证:
    curl -I http://example.com
    curl -I http://www.example.com
    curl -I https://www.example.com
    。所有请求最终应指向规范域名并返回200状态码。

Step 5: Document the redirect map

步骤5:记录重定向映射表

Across the portfolio, document every redirect:
SourceDestinationTypeReasonDate set
This is invaluable when something breaks or when planning consolidations.
记录整个域名组合中的所有重定向:
源地址目标地址类型原因设置日期
当出现故障或规划合并时,此表将极具价值。

Step 6: Set up monitoring

步骤6:设置监控

Monitor:
  • DNS resolution (alert on NXDOMAIN or wrong IP)
  • HTTPS certificate expiration (alert at 30, 14, 7 days out)
  • Redirect chains (alert if a 301 starts returning 200 or 404)
  • Renewal dates (alert at 90, 30, 7 days out)
This is the bridge between domain strategy and 
monitoring-and-alerting
.
监控以下内容:
  • DNS解析(出现NXDOMAIN或错误IP时触发警报)
  • HTTPS证书过期(提前30、14、7天触发警报)
  • 重定向链(若301重定向返回200或404时触发警报)
  • 续费日期(提前90、30、7天触发警报)
这是连接域名策略与
monitoring-and-alerting
的桥梁。

Step 7: Document and revisit

步骤7:文档记录与定期回顾

Domain strategy is a quarterly review topic. Renewals, consolidations, and new launches change the picture. Without scheduled review, the portfolio drifts.
域名策略应每季度回顾一次。续费、合并和新站点上线都会改变现状。若无定期回顾,域名组合会逐渐偏离预期。

Failure patterns

常见失误模式

Both apex and www serve content. Duplicate content. Pick one, redirect the other.
302 redirects where 301 was intended. 302 is temporary. 301 is permanent. SEO equity passes through 301, not (reliably) through 302.
HTTPS not enforced. HTTP variant serving content alongside HTTPS. Force HTTPS at the edge or the load balancer.
Registrar default parking pages. Parked domains serving registrar ads. Free for the registrar, bad for you. Replace with a redirect or your own page.
Domains in multiple registrars by accident. Migrations that didn't fully complete. Consolidate.
No CAA records. Anyone with a misconfigured ACME client can issue a cert for your domain. CAA limits which CAs can issue. Add it.
Auto-renew off "to save money." Domain accidentally drops, gets snapped up, costs ten times more (or is unrecoverable). Auto-renew is cheap insurance.
Subdomains used where subfolders would have been better. SEO equity gets fragmented across hostnames. The case for a subdomain has to be made; the default is subfolder.
Parked domains with thin content "for SEO." Search engines don't reward this. They penalize doorway pages. Either redirect or leave blank.
根域名和www域名同时提供内容。 造成重复内容。二选一,将另一个重定向到所选域名。
应使用301重定向却使用了302。 302是临时重定向,301是永久重定向。SEO权重可通过301传递,但无法(可靠地)通过302传递。
未强制启用HTTPS。 HTTP版本与HTTPS版本同时提供内容。在边缘节点或负载均衡器处强制启用HTTPS。
使用注册商默认停放页面。 停放域名展示注册商广告,对注册商免费,但对品牌有害。替换为重定向或自定义页面。
域名意外分布在多个注册商处。 迁移未完全完成,应进行合并。
未设置CAA记录。 任何配置错误的ACME客户端都可为你的域名颁发证书。CAA记录可限制允许颁发证书的机构,请添加该记录。
为“省钱”关闭自动续费。 域名意外过期被他人抢注,后续赎回成本是续费的十倍(甚至无法赎回)。自动续费是低成本的保障措施。
应使用子目录却使用了子域名。 SEO权重分散到不同主机名。选择子域名需具备充分理由,默认应选择子目录。
停放域名设置薄内容“用于SEO”。 搜索引擎不会为此加分,反而会惩罚门户型页面。要么重定向,要么空白保留。

Output format

输出格式

A domain strategy document includes:
  • Inventory: the spreadsheet of every domain
  • Classification: the role of each
  • Canonical decisions: apex vs www, locked
  • Redirect map: every redirect in the portfolio
  • DNS standards: the default record set
  • Registrar standards: locked, 2FA, auto-renew
  • Monitoring: what's watched, where alerts go
  • Renewal calendar: the next 12 months
  • Review cadence: when this gets revisited
域名策略文档应包含:
  • 域名清单: 所有域名的表格
  • 角色分类: 每个域名的角色
  • 规范域名决策: 根域名vs www域名,已锁定
  • 重定向映射表: 域名组合中的所有重定向
  • DNS标准: 默认记录集
  • 注册商标准: 锁定、双因素认证、自动续费
  • 监控配置: 监控内容及警报接收方
  • 续费日历: 未来12个月的续费计划
  • 回顾周期: 策略回顾的时间安排

Reference files

参考文件

  • references/dns-record-reference.md
    : Common DNS records explained, with the syntax for the most useful ones (A, AAAA, CNAME, MX, TXT, CAA, SRV, etc.) and when each is needed.
  • references/dns-record-reference.md
    :常见DNS记录说明,包含最实用记录(A、AAAA、CNAME、MX、TXT、CAA、SRV等)的语法及适用场景。