Public status pages have risen to become an essential requirement for all publicly facing web services. A well-constructed status page is a hallmark of a customer-centric organization. Status pages provide transparency and help reduce customer support requests during an inevitable outage. With sufficient component details, they can serve as useful information hubs for customers experiencing issues. There are numerous services to make setting up a status page simple and inexpensive. But should you host your status page on a subdomain of your hosting provider, your own domain, or should your status page domain be its own unique one?
The answer is unequivocal: a status page is best hosted on its own, dedicated domain, separate from your own domain. Above all other public pages, your status page must be publicly available even when other parts of your infrastructure are disrupted, including your primary domain name. Instead of status.yourcompany.com, acquire a different domain entirely like yourcompanystatus.com.
As best as possible, your status page should be hosted on infrastructure distinct from that of your website, service, or application. By avoiding shared infrastructure, you can increase the likelihood that your page will remain up, should your site go down. That means using separate providers for all the pieces required to host:
- Use a different cloud provider. How about Linode or Digital Ocean instead of Azure or AWS?
- If using Cloudfront as your CDN, try Cloudflare for your status page instead.
- Resolve your domain name with a different DNS provider, in case of outage at the DNS level.
- Finally, put your status page on a different domain, purchased through a different registrar.
Why Bother with a Separate Domain?
There are several common failure points for your service centered around your domain name:
- The registration itself
- Access to the registrar account
- Your domain’s DNS hosting
- Certificate and SSL/TLS issues
If the domain registration for your website expires, your subdomains like status.yourcompany.com, will go down right along with it. Needless to say, forgetting to renew your domain is a big mistake but not an uncommon one. From Microsoft to Regions Bank to the Dallas Cowboys — many companies have had expired domains cause outages. If the domain where you host your status page is a separate one, you can still post public messages to your clients during this outage.
Domain Registrar Account
Your domain registrar account, likely home to a number of domains, is another weak point when shared between between your status page and your primary site. The history books are full of companies, including banks, whose domain names were hijacked when an attacker gained registrar access. Domain theft is a real problem, and by using a different registration account, you limit the chance that a hacker can take down both your site and your status page at the same time.
Similarly, if your DNS hosting service has issues serving your domain, it’s very likely the same issues will exist for status.yourservice.com. You can mitigate this by having a backup DNS provider using a different DNS hosting company. Some DNS providers, like DNSimple, make setting up secondary DNS very simple. But you can’t use two completely different DNS providers for your status page and your primary page unless you are using a distinct domain.
The struggling of dealing with secure certificates has largely been eliminated thanks to the tremendous efforts of Let’s Encrypt. Certificates are now free and automated. In the past, a failure point could be a shared certificate, perhaps a wild card cert for *.yourcompany.com used by your site and your status page. By using Let’s Encrypt, you eliminate this risk. But there still are edge cases around certificates that can bite you, should you share a domain name with your status page. For example, imagine you’ve forgotten to host your status page with a certificate. Or you are using a provider that shamefully does not support SSL. If you enable HSTS on your website, your status page will suddenly be unavailable. If the status page is hosted on its own domain, this failure point is not possible.
Use a Separate Domain for your Status Page
A resilient, accessible, well-maintained status page is the hallmark of a transparent software provider. You can improve this transparency and resiliency by ensuring your status page is hosted on its own domain. Register something obvious like yourcompanystatus.com. And when you do, be sure to let us know so we can add it to StatusGator.
StatusGator is our service that monitors status pages and sends you notifications when the services you care about go down. You can receive notifications in Slack or by email, SMS, or even web hook. Customers love our Slack slash command which allows querying the status of any service on demand right from where your team hangs out.
Try a 30 day free trial of StatusGator and let us know what you think.