πŸŽ‰ You asked, we listened. The DNSimple CLI now lets you log in and authorize your account straight from your browser, with no API token to generate or paste. πŸ‘‰ Read the full post.
Always Beyond customer story

How Always Beyond Manages Multi-Client DNS at Scale with DNSimple

Shawn Freeman avatar

Shawn Freeman, CEO at Always Beyond

The company

Always Beyond is a Calgary based managed IT services provider (MSP) helping small and mid-sized businesses. They deliver IT support, cybersecurity, cloud management, and technology strategy in one all-inclusive package with no long-term contracts, sub-90-second response times, and a dedicated Account Manager and Technical Lead for every client.

The company was built on a simple idea: growing businesses shouldn't have to live with unresponsive IT, security gaps, surprise bills, or providers who only show up after something breaks. Today they serve SMBs across Calgary and Alberta, including professional services, marketing and advertising, travel, commercial cleaning, real estate, and non-profit organizations typically ranging from 10 to 150 users. Some operate in compliance-sensitive environments, which shapes how Always Beyond approaches security configuration, access controls, and documentation.

The all-inclusive package they offer covers unlimited remote and on-site IT support, cybersecurity (24/7 SOC monitoring, MFA enforcement, endpoint protection, phishing simulation), cloud services (Microsoft 365, Google Workspace, cloud migrations), and technology strategy consulting including 18–24-month roadmaps and quarterly business reviews.

Domain and DNS management is built into Always Beyond's onboarding process from day one. Every new client engagement starts with a full audit of their domain registrars, DNS records, and certificate configurations. From there, it's folded into ongoing managed IT service, with Always Beyond handling domain registration and renewals on clients' behalf so nothing lapses.

The challenge before DNSimple

Before DNSimple, domain and DNS management was fragmented. Clients arrived with domains scattered across multiple registrars: GoDaddy, Google Domains, Namecheap, and others often with credentials documented only in spreadsheets or held by a former employee or previous IT provider. Always Beyond found itself managing logins for dozens of separate registrar accounts with no single view across its client base.

The pain points were the ones most MSPs know well: no centralized visibility into client domains and their status, security exposure from credentials held by departing clients or previous providers, time-consuming and error-prone onboarding migrations, renewal risk spread across multiple registrars, and slow DNS changes during cutovers.

The tipping point was a client onboarding where we discovered their primary domain was registered through an email address at the previous IT provider's company β€” meaning access to the registrar account was effectively outside the client's control. Recovering that domain took weeks.

β€” Shawn Freeman CEO at Always Beyond

That incident made the need clear: a proper multi-client DNS platform where Always Beyond could own the structure and access controls on behalf of its clients.

Choosing DNSimple

Always Beyond went looking for a registrar with built-in fast DNS infrastructure, multi-tenant capability, and an API. They evaluated several options, including DNS Made Easy and Cloudflare for Teams. Cloudflare was strong on CDN and security but felt better suited to individual technical users than to MSP workflows managing many client accounts. Always Beyond needed something purpose-built for the way MSPs operate, with real client separation and account-level controls.

The multi-account architecture was the deciding factor. DNSimple's model of separate accounts per client with isolated billing, scoped API tokens, and clean visibility matched exactly how we needed to operate. The API was well-documented and clearly built for automation, and transparent pricing made budgeting across our client base straightforward.

β€” Shawn Freeman CEO at Always Beyond

The API and provider tooling gave them a path to automate DNS changes within their existing workflows. Vanity name servers let them present a branded DNS experience to clients rather than surfacing the underlying provider. DNSSEC support mattered for clients in security-conscious environments, and transparent Enterprise pricing kept costs predictable as they scaled.

Implementation and automation

Onboarding went more smoothly than expected. The DNSimple team was responsive during setup, and the platform was intuitive enough that Always Beyond's technical team came up to speed quickly. They migrated client domains in batches, starting with new clients and lower-risk domains, then moving to more critical infrastructure.

The sandbox proved especially valuable. Always Beyond used it to test automation scripts and zone-record templates before running them against live client zones particularly when building Microsoft 365 DNS configuration templates, where validating logic without risking a live client's mail flow gave them confidence before rollout.

When onboarding a new client, we use API calls to create zone records and configure MX, SPF, and DKIM entries for Microsoft 365. We've also used the API to sync DNS changes triggered by infrastructure updates in our PSA and documentation tools.

β€” Shawn Freeman CEO at Always Beyond

For other MSPs, Shawn's advice on migration is concrete: start with new client onboarding rather than migrating your entire base at once, build your DNS record templates in the sandbox first, document naming conventions for accounts and tokens before you scale, and use scoped API tokens that grant the minimum permissions each integration needs.

How Always Beyond uses DNSimple day to day

Client separation is foundational. Each client is kept isolated, with API tokens issued per account and scoped to only the required permissions. The result is clean billing isolation and clean offboarding when a client transitions away, there's no entanglement with other accounts. Least privilege access carries through the team: technicians handling day-to-day changes get Zone Operator access on the accounts they work, while senior engineers and account managers have broader access, and access is audited as roles change.

Vanity name servers have become a meaningful differentiator. Rather than DNS resolution surfacing a third-party provider, clients see the Always Beyond brand in the name server records reinforcing that Always Beyond manages their infrastructure end to end, and simplifying any future backend migration without per-domain name server changes at each registrar.

On security and resilience, DNSSEC supports a strong DNS-integrity story for clients in security conscious sectors, the global anycast network matters where resolution latency affects application performance, and SSO/MFA via Google or Microsoft Entra means DNSimple fits into existing identity controls rather than requiring a separate credential silo.

The API is now embedded in our provisioning workflows, we wouldn't want to do Microsoft 365 onboarding without it. The multi-account structure is fundamental to how we operate, and the audit trail within each account has proven valuable when reviewing what changed during an incident investigation.

β€” Shawn Freeman CEO at Always Beyond

Results and outcomes

The single biggest impact has been eliminating credential risk and gaining visibility across the entire client portfolio. Always Beyond now has a single, structured view of every client domain it manages, with proper access controls and audit trails. That shift from scattered and improvised to structured and auditable has reduced operational risk significantly and made onboarding far more repeatable.

We manage all of our clients' domains with DNSimple. It saves us at least 5–10 hours per month, and DNS changes are fast and simple.

β€” Shawn Freeman CEO at Always Beyond

DNS management has gone from something requiring careful manual coordination with occasional anxiety around expiry dates and credential access to a reliable, automated part of the workflow. Technicians spend less time firefighting DNS and more on higher-value work, and the DNS onboarding step for new clients is now templated and fast rather than bespoke and stressful.

Our initial impression was that DNSimple was built for technically sophisticated individual developers. Using it at scale across a managed services operation, we've found it genuinely MSP-ready, the multi-account architecture, API quality, and account management experience have all exceeded our early expectations.

β€” Shawn Freeman CEO at Always Beyond

Advice to other MSPs

Get your account structure and naming conventions right before you scale. The investment in proper client separation, scoped access tokens, and DNS record templates pays back quickly. And don't underestimate the credential risk in your existing client base auditing who actually has access to client domain registrar accounts is worth doing before something goes wrong.

β€” Shawn Freeman CEO at Always Beyond

Would Always Beyond recommend DNSimple to other managed service providers? Without hesitation.

For MSPs managing domains across multiple clients, DNSimple's multi-account architecture, API, and access controls are the right foundation. The combination of a professional platform, transparent pricing, and responsive support makes it easy to recommend to peers.

β€” Shawn Freeman CEO at Always Beyond

If you're ready to stop managing client domains from spreadsheets and scattered registrar accounts or have more questions about what DNSimple can do for your MSP? Drop us a line, we'd love to chat.

Ready to get started?

We'll answer in less than 24 hours.

More customer stories