It’s all about domains with… Abe Storey

Setting up a domain shouldn’t feel like defusing a bomb—but for many people, it still does. Connecting a custom URL to a website, product, or email involves juggling DNS records (A, AAAA, CNAME, TXT), provider quirks, TTLs, and painful propagation delays. Most users aren’t DNS or IT specialists, yet a working domain is table stakes for anyone going online today. One typo or conflicting record can stall a launch, dent conversion, and burn support time.

The clean way out is automation. Instead of asking customers to copy-paste records across registrars and dashboards, modern, domain APIs handle the heavy lifting behind the scenes—running pre-flight checks, applying provider-specific patterns, verifying reachability, and surfacing real-time status. That’s exactly the problem space Abe Storey has been obsessing over.

Abe Storey is the Founder and CEO of Entri, where he splits his time between running the business, working with partners, and jumping in with the engineering team to tackle internet-scale challenges.Entri is the leading provider of domain APIs. Through its flagship product, Entri Connect, the company helps SaaS platforms, website builders, and developers deliver instant, error-proof DNS setup to their customers.

Thanks to a new partnership, IONOS Group clients—including InterNetX customers—will be able to put their domains to work faster than ever: they’ll instantly configure domains across hundreds of SaaS solutions, and keep those domains secure, compliant, and connected—supporting the use of each and every domain.

In this interview, we dig into how automation can turn fragile, manual DNS steps into reliable, one-click domain experiences—and why that matters for activation, retention, and growth with Abe Storey of Entri.

1What are some of the most common challenges users face when setting up a new domain for their website, and how can domain APIs help simplify this process?

The biggest challenge users face is the complexity of DNS itself. Today’s SaaS users have a varied technical skillset, and most aren’t going to be an expert in setting up DNS; most aren’t going to know what an A/AAAA record or TXT record is.

That process is manual, error-prone, and often leaves the user waiting hours for changes to propagate, without clarity on whether they did it right. API-driven solutions like Entri simplify this by abstracting all of that complexity into a seamless flow.

Instead of leaving the product to update records somewhere else, users can connect a domain with a couple of clicks directly in the app, which dramatically improves onboarding and user activation.

Common pitfalls include trying to use a CNAME at the root (apex) of a zone, leaving conflicting records in place, or setting long TTLs that slow iteration. Strong APIs run pre-flight checks, suggest provider-specific patterns (e.g., ALIAS/ANAME or CNAME flattening), and verify changes end-to-end—including HTTP reachability and TLS readiness. They can also automate domain ownership verification (via TXT challenges), provision certificates, and actively poll for propagation so users see real-time status instead of guessing. For teams managing many domains, an API enables bulk, idempotent updates with safe rollbacks and audit trails, turning a fragile setup into a repeatable workflow.

Domain APIs and workflows replace fragile, per-dashboard edits with repeatable, validated, and verifiable changes—reducing human error, improving accuracy, and making DNS management predictable at any scale.

2Misconfigured DNS records often lead to costly downtime or errors for end users. What best practices should SaaS platforms adopt to ensure correct DNS configuration, and what tools or frameworks can help reduce these risks?

The best way SaaS platforms can reduce DNS errors is by creating clear, distinct setup paths for different use cases, like landing pages versus email authentication. When users know exactly what they’re configuring and why, the risk of mistakes drops significantly. Companies can either support this with robust, step-by-step documentation, or go further with an API-driven UX tool like Entri that automates DNS setup directly inside the product.

Common DNS setting risks & how to prevent them

3Misconfigured or conflicting DNS records can cause costly downtime and errors. What best practices, tools, or automation techniques can SaaS companies use to ensure correct DNS configuration and efficiently detect and resolve potential conflicts?

DNS conflicts usually come from duplicate entries, or overlapping values.

For example, imagine you set shop.example.com to point at a SaaS provider using a CNAME (an alias), but you also left an A record for the same name from an old setup. Resolvers aren’t supposed to serve both—some will ignore one, others behave unpredictably—so traffic “flaps” between targets. Another common case: you add a new email sender and paste their SPF record as a second TXT line, leaving two separate “v=spf1 …” records. The SPF spec expects one combined record, so receivers may fail email checks or treat the policy as invalid. Conflicts also crop up when a catch-all wildcard (like *.example.com) accidentally overrides a specific host you meant to treat differently.

The most effective way to address them is to automate record setup, and add opinionated guardrails. That means your product (or a domain API tool like Entri) should do the checking and fixing for the user instead of asking them to copy/paste raw DNS values.

Monitor using APIs against a source of truth

Think of a source of truth as your master recipe for DNS—one clean list that describes exactly which records should exist. Your system keeps that recipe in code or a config file. Then, using DNS and provider APIs, it:

1. Checks the live DNS (what the internet sees) and the provider’s dashboard (what’s configured) against your recipe.
2. Flags drift (differences) like duplicates, missing records, or wrong values.
3. Auto-fixes safe issues (e.g., merge SPF lines) or opens a guided “one-click fix” for the user.
4. Watches continuously, so if a record changes or expires later, you get an alert or an automatic rollback.

4The role of automation in domain management is growing. How can automation technologies (like APIs or workflows) reduce human errors and improve accuracy when managing DNS records at scale?

Automation eliminates the copy-and-paste errors that cause so many DNS issues.

In this context, “automation” means using domain APIs (from DNS providers/registrars) plus workflows (scripts/CI jobs/background workers) to declare, apply, and verify DNS changes consistently—no manual dashboards, no drift.

A single source of truth (a config or repo) drives all providers, while pre-flight checks block bad combos (e.g., CNAME + A at the same name), provider-aware templates normalize quirks (ALIAS/flattening at the apex, TXT quoting), and idempotent applies ensure retries never create duplicates. After changes are pushed, bots run DNS/HTTP/TLS and email (SPF/DKIM/DMARC) probes from multiple regions, only promoting the change (and lengthening TTLs) when everything’s actually reachable. Every step is logged and reversible, with least-privilege API tokens to reduce blast radius.

APIs handle domain management programmatically and at scale. That means changes propagate consistently across all providers, which reduces risk and saves time. Automation also allows DNS updates to be triggered automatically as part of application workflows—for example, when a user creates a new site or a developer deploys a new service.

​​Manual vs automated domain management at a glance

5Monitoring domains for issues such as expiration, unauthorized changes, or security vulnerabilities can be daunting. What strategies and tools can be used to implement effective domain monitoring?

At a minimum, companies should track TLS/SSL expiration dates, and watch for unauthorized changes that could indicate domain hijacking, and enforce compliance with security records like DMARC and SPF to protect domain reputation and ensure emails are getting delivered. Domain APIs make it possible to monitor all of these things in real time, with alerts triggered the moment something drifts from the expected configuration.

Effective domain monitoring spans three layers—registration/ownership, DNS health & integrity, and transport/app (TLS, email). The winning pattern is: keep a single source of truth, deploy automated sensors (APIs + probes), and wire alerts + auto-remediation where it’s safe.

6What are the most important developments in DNS security standards, and how can SaaS companies strengthen their users’ defenses against increasingly sophisticated forms of online fraud and cybercrime?

The biggest advances in DNS have been around authentication standards like DMARC, SPF, DKIM, and CAA, which directly protect against phishing, spoofing, and certificate misuse. A clear example of their importance is the bulk sender guidelines first rolled out by Google and Yahoo, and later adopted by Microsoft, which make proper DNS security records mandatory for high-volume email senders.

To stay ahead of these threats, SaaS companies should treat these standards as defaults on every domain and use automation to enforce them consistently. Domain APIs make this practical at scale by applying policies automatically and monitoring for misconfigurations before they can be exploited.

How SaaS companies can strengthen customer defenses

• Make auth mandatory by design: Auto-provision SPF, DKIM and DMARC on every sending domain; start at p=none, then graduate to quarantine/reject as alignment stabilizes. Surface DMARC RUA stats in-product.
• Bundle cert safety into domain connect: Add CAA automatically for your chosen CA and verify ACME issuance; alert on CT log surprises.
• Harden mail transport: If you control MX, publish MTA-STS and enable TLS-RPT; support ARC to preserve trust across mailing lists/forwarders.
• Adopt DNSSEC (where supported) & consider DANE: Turn on DNSSEC at the zone and registrar; if you operate SMTP, publish TLSA for DANE to resist active MITM.
• Automate everything via APIs: Use a source-of-truth (code/JSON) → pre-flight lint (SPF lookups ≤10; no CNAME+A collisions) → apply idempotently → multi-region DNS/HTTP/TLS checks → drift monitoring and auto-rollback.

7What are the ways SaaS companies can think about monetization and ROI around domains?

Domains are not just infrastructure—they’re also a growth lever. SaaS companies can earn direct revenue by selling domains inside their product and taking a commission, or they can bundle domains into premium plans as a value-add. Just as importantly, connected domains drive retention.

Once a user connects a domain, they rarely disconnect it, which makes the product stickier and improves free-to-paid conversion. The ROI is twofold: direct revenue from domain sales, and long-term revenue from higher activation and lower churn.