Core Concepts

DNS Monitoring

DNS Monitoring

DNS monitoring automatically tracks changes to your domain's DNS records, helping you catch unauthorized modifications, misconfigurations, or potential DNS hijacking attacks. When enabled, the system discovers your current DNS records, stores them as a baseline, and alerts you whenever changes are detected.

Monitored Record Types

All record types are monitored automatically when DNS monitoring is enabled:

  • A Records - IPv4 addresses
  • AAAA Records - IPv6 addresses
  • CNAME Records - Canonical names
  • MX Records - Mail exchange servers
  • NS Records - Nameservers
  • TXT Records - Text records (SPF, DKIM, etc.)
  • SOA Records - Start of Authority (primary nameserver and admin contact)

Key Features

  • Automatic baseline discovery - No manual configuration needed
  • Change detection - Detects additions, removals, and modifications
  • Auto-resolution - Incidents automatically resolve when DNS returns to normal
  • Recovery notifications - Get notified when issues are fixed
  • False positive prevention - TTL changes and SOA serial numbers are excluded

Getting Started

  1. Enable DNS monitoring when creating or editing a monitor
  2. The system automatically discovers all DNS records for your domain
  3. Current records are stored as your baseline
  4. Every 5 minutes, DNS is checked and compared against the baseline
  5. You'll be notified via email or Slack if any changes are detected

How It Works

During each check interval (every 5 minutes), the system:

  1. Queries all DNS record types for your domain
  2. Compares current records against your stored baseline
  3. Creates an incident if changes are detected (records added, removed, or modified)
  4. Sends notifications to your configured channels (email, Slack)
  5. Auto-resolves the incident when DNS returns to baseline

Managing Your Baseline

  • Automatic creation: Baseline is created on the first DNS check
  • Discover Records: Manually refresh DNS records from the monitor settings
  • Set as Baseline: Accept current records as the new baseline (resolves open incidents)
  • Clear Records: Remove all DNS snapshots to start fresh

Auto-Resolution

DNS incidents automatically resolve based on the type:

  • DNS errors (query failures) - Resolve immediately when DNS works normally
  • DNS changes - Resolve after 24 hours of stability, or immediately when you set a new baseline

What's Excluded from Detection

To prevent false positives, the following are intentionally excluded from change detection:

  • TTL values - These change frequently and are operational, not security-critical
  • SOA serial numbers - These increment with every DNS zone update

Use Cases

  • Security: Detect DNS hijacking or unauthorized changes to A/AAAA records
  • Mail security: Monitor MX records to prevent mail redirection attacks
  • Infrastructure: Track NS record changes that could affect your domain
  • Compliance: Audit trail of all DNS modifications with timestamps