DNS Monitoring
DNS monitoring automatically tracks changes to your domain's DNS records, helping you catch unauthorized modifications, misconfigurations, or potential DNS hijacking attacks. When enabled, the system discovers your current DNS records, stores them as a baseline, and alerts you whenever changes are detected.
Monitored Record Types
All record types are monitored automatically when DNS monitoring is enabled:
- A Records - IPv4 addresses
- AAAA Records - IPv6 addresses
- CNAME Records - Canonical names
- MX Records - Mail exchange servers
- NS Records - Nameservers
- TXT Records - Text records (SPF, DKIM, etc.)
- SOA Records - Start of Authority (primary nameserver and admin contact)
Key Features
- Automatic baseline discovery - No manual configuration needed
- Change detection - Detects additions, removals, and modifications
- Auto-resolution - Incidents automatically resolve when DNS returns to normal
- Recovery notifications - Get notified when issues are fixed
- False positive prevention - TTL changes and SOA serial numbers are excluded
Getting Started
- Enable DNS monitoring when creating or editing a monitor
- The system automatically discovers all DNS records for your domain
- Current records are stored as your baseline
- Every 5 minutes, DNS is checked and compared against the baseline
- You'll be notified via email or Slack if any changes are detected
How It Works
During each check interval (every 5 minutes), the system:
- Queries all DNS record types for your domain
- Compares current records against your stored baseline
- Creates an incident if changes are detected (records added, removed, or modified)
- Sends notifications to your configured channels (email, Slack)
- Auto-resolves the incident when DNS returns to baseline
Managing Your Baseline
- Automatic creation: Baseline is created on the first DNS check
- Discover Records: Manually refresh DNS records from the monitor settings
- Set as Baseline: Accept current records as the new baseline (resolves open incidents)
- Clear Records: Remove all DNS snapshots to start fresh
Auto-Resolution
DNS incidents automatically resolve based on the type:
- DNS errors (query failures) - Resolve immediately when DNS works normally
- DNS changes - Resolve after 24 hours of stability, or immediately when you set a new baseline
What's Excluded from Detection
To prevent false positives, the following are intentionally excluded from change detection:
- TTL values - These change frequently and are operational, not security-critical
- SOA serial numbers - These increment with every DNS zone update
Use Cases
- Security: Detect DNS hijacking or unauthorized changes to A/AAAA records
- Mail security: Monitor MX records to prevent mail redirection attacks
- Infrastructure: Track NS record changes that could affect your domain
- Compliance: Audit trail of all DNS modifications with timestamps