1. Knowledge
  2. DNS Monitors

DNS Monitors 0 0

Last updated on Aug 04, 2025 00:36 in Uptime Cloud Monitor
Posted ByPixel Cloud Media

DNS Monitors

What are DNS Monitors?

DNS monitors continuously check DNS (Domain Name System) records for changes, ensuring your domain configurations remain correct and detecting unauthorized modifications. They track specific DNS record types and alert you when records are added, modified, or removed unexpectedly.

Why DNS Monitoring Matters

Security Protection

  • DNS hijacking detection: Catch unauthorized changes to your domain records
  • Subdomain takeover prevention: Monitor for malicious subdomain configurations
  • Certificate authority monitoring: Track CAA records to prevent unauthorized SSL certificates

Service Continuity

  • Email delivery: Ensure MX records remain correct for email flow
  • Website availability: Monitor A and AAAA records for IP changes
  • Service routing: Track CNAME records that direct traffic to services

Compliance and Auditing

  • Change tracking: Maintain records of all DNS modifications
  • Compliance requirements: Meet security and regulatory monitoring needs
  • Infrastructure oversight: Track DNS changes across your organization

How to Access DNS Monitors

Access your DNS monitors through:

  • Main dashboard → DNS Monitors section
  • Sidebar navigation → DNS Monitors
  • Direct URL: /dns-monitors

Supported DNS Record Types

A Records

  • Purpose: Maps domain names to IPv4 addresses
  • Example: example.com → 192.168.1.1
  • Use case: Monitor main website IP addresses

AAAA Records

  • Purpose: Maps domain names to IPv6 addresses
  • Example: example.com → 2001:db8::1
  • Use case: Monitor IPv6 configurations

CNAME Records

  • Purpose: Creates aliases pointing to other domain names
  • Example: www.example.com → example.com
  • Use case: Monitor subdomain redirections and CDN configurations

MX Records

  • Purpose: Specifies mail servers for email delivery
  • Example: example.com → mail.example.com (priority 10)
  • Use case: Critical for email delivery monitoring

TXT Records

  • Purpose: Stores text information for various purposes
  • Examples: SPF, DKIM, DMARC, domain verification
  • Use case: Monitor email authentication and security records

NS Records

  • Purpose: Specifies authoritative name servers for a domain
  • Example: example.com → ns1.nameserver.com
  • Use case: Monitor name server changes

SOA Records

  • Purpose: Contains administrative information about the domain zone
  • Information: Primary name server, admin email, serial number, timers
  • Use case: Monitor zone configuration and change tracking

CAA Records

  • Purpose: Specifies which Certificate Authorities can issue SSL certificates
  • Example: example.com → 0 issue "letsencrypt.org"
  • Use case: Security monitoring for SSL certificate issuance

Creating a DNS Monitor

Step 1: Navigate to DNS Monitor Creation

  1. Go to your DNS Monitors page
  2. Click the "Create DNS Monitor" button
  3. Complete the DNS monitor creation form

Step 2: Basic Configuration

Monitor Details

  • Name: Descriptive name (e.g., "Example.com A Records", "Mail Server MX Monitoring")
  • Target: Domain or subdomain to monitor (e.g., example.com, mail.example.com)
  • Record Type: Select the DNS record type to monitor

Check Frequency

How often to check DNS records:

  • 5 minutes: High-frequency monitoring for critical domains
  • 15 minutes: Standard monitoring frequency
  • 30 minutes: Regular monitoring for stable configurations
  • 1 hour: Low-frequency monitoring for rarely-changing records
  • 6-24 hours: Periodic monitoring for stable infrastructure

Step 3: Advanced Settings

Expected Values (Optional)

  • Purpose: Alert when DNS records don't match expected values
  • Use case: Monitor for specific IP addresses or configurations
  • Example: Ensure A record always points to 192.168.1.1

Project Assignment

  • Organize DNS monitors by grouping them into projects
  • Useful for client-specific or service-specific monitoring
  • Helps with team organization and access control

Step 4: Notification Settings

Configure alerts for DNS changes:

  • Change notifications: Alert when any DNS record changes
  • Value mismatch: Alert when records don't match expected values
  • Resolution failure: Alert when DNS queries fail
  • Multiple handlers: Use different notification methods for different team members

Understanding DNS Monitor Results

Monitor Status

  • 🟢 Up: DNS records are resolving correctly and match expectations
  • 🔴 Down: DNS resolution failed or records changed unexpectedly
  • 🟡 Changed: DNS records changed but are still resolving
  • ⚪ Paused: Monitor is temporarily disabled

DNS Change Detection

The system tracks:

  • Record additions: New DNS records that appear
  • Record modifications: Changes to existing record values
  • Record deletions: DNS records that are removed
  • TTL changes: Modifications to Time-To-Live values

Historical Data

  • Change history: Complete timeline of all DNS modifications
  • Previous values: What the records were before changes
  • Change timestamps: Exact timing of modifications
  • Change frequency: How often records are modified

Managing DNS Monitors

Viewing Monitor Details

  1. Click on any DNS monitor name from your list
  2. View current DNS record values
  3. See change history and timeline
  4. Access configuration and notification settings

Understanding Change Logs

Each change log entry contains:

  • Timestamp: When the change was detected
  • Record type: Which type of DNS record changed
  • Old value: Previous record content
  • New value: Current record content
  • Change type: Added, modified, or deleted

Editing DNS Monitors

  1. Go to the DNS monitor details page
  2. Click the "Edit" button
  3. Modify check frequency, notifications, or expected values
  4. Save your changes

Pausing and Resuming

  • Pause during changes: Temporarily disable monitoring during planned DNS updates
  • Maintenance windows: Pause during DNS infrastructure maintenance
  • Resume monitoring: Restart monitoring after changes are complete

Common Use Cases and Examples

Website Security Monitoring

Scenario: Monitor your main website's A records for unauthorized changes

  • Target: example.com
  • Record Type: A
  • Expected Value: 192.168.1.100
  • Check Frequency: 5 minutes
  • Alert when: A record points to any IP other than expected

Email Infrastructure Monitoring

Scenario: Ensure email delivery by monitoring MX records

  • Target: company.com
  • Record Type: MX
  • Expected Values: mail.company.com (priority 10), backup-mail.company.com (priority 20)
  • Check Frequency: 15 minutes
  • Alert when: MX records change or point to unexpected servers

SSL Certificate Security

Scenario: Monitor CAA records to prevent unauthorized SSL certificates

  • Target: secure-app.com
  • Record Type: CAA
  • Expected Value: 0 issue "letsencrypt.org"
  • Check Frequency: 1 hour
  • Alert when: CAA records allow unauthorized certificate authorities

Subdomain Monitoring

Scenario: Monitor critical subdomains for configuration changes

  • Target: api.service.com
  • Record Type: CNAME
  • Expected Value: api-servers.amazonaws.com
  • Check Frequency: 30 minutes
  • Alert when: CNAME points to unexpected destinations

SPF Record Monitoring

Scenario: Monitor email authentication records

  • Target: company.com
  • Record Type: TXT
  • Expected Value: "v=spf1 include:_spf.google.com ~all"
  • Check Frequency: 1 hour
  • Alert when: SPF record is modified or removed

What to Expect

Initial Setup

  • New DNS monitors perform their first check within minutes
  • Initial check establishes baseline DNS record values
  • Subsequent checks compare against this baseline
  • You'll be notified of any differences from the baseline

Ongoing Monitoring

  • Regular checks occur according to your configured frequency
  • Changes are detected immediately during checks
  • Notifications are sent for any detected modifications
  • Historical data is stored for trend analysis

Change Notifications

  • Immediate alerts: Sent as soon as changes are detected
  • Change details: Include old and new values
  • Context information: Record type, domain, and timestamp
  • Resolution guidance: Information about investigating changes

Common Issues and Troubleshooting

False Positives from DNS Propagation

  • Issue: Alerts triggered during legitimate DNS changes
  • Solution: Pause monitoring temporarily during planned DNS updates
  • Prevention: Coordinate DNS changes with monitoring schedule

Multiple Alerts for Same Change

  • Issue: DNS changes detected from multiple monitoring locations
  • Cause: DNS propagation delays between different DNS servers
  • Solution: Normal behavior - changes propagate at different rates

Missing Change Notifications

  • Check notification handlers: Ensure they're configured and enabled
  • Test notifications: Use the test feature to verify delivery
  • Review monitor settings: Confirm notifications are enabled for the monitor
  • Check monitoring frequency: Changes might be detected between checks

DNS Resolution Failures

  • DNS server issues: Temporary DNS server problems
  • Network connectivity: Monitoring system network issues
  • Domain configuration: Actual DNS configuration problems
  • Nameserver changes: Authoritative nameserver modifications

Best Practices

Monitor Configuration

  • Descriptive naming: Use clear, specific names for each monitor
  • Appropriate frequency: Balance detection speed with resource usage
  • Critical records first: Start with your most important DNS records
  • Expected values: Define expected values for security-critical records

Security-Focused Monitoring

  • A and AAAA records: Monitor primary domain IP addresses
  • MX records: Critical for email security and delivery
  • CAA records: Essential for SSL certificate security
  • NS records: Monitor for nameserver hijacking

Notification Strategy

  • Immediate notifications: For security-critical records
  • Team notifications: Include relevant team members for different record types
  • Escalation procedures: Define who to contact for different types of changes
  • Documentation: Keep records of legitimate DNS changes

Organizational Approach

  • Project organization: Group monitors by domain, client, or service
  • Naming conventions: Use consistent naming for easy identification
  • Regular reviews: Periodically review and update monitoring configurations
  • Change coordination: Inform monitoring team of planned DNS changes

Advanced Monitoring Strategies

Comprehensive Domain Coverage

  • Main domain: Monitor all critical record types for your primary domain
  • Subdomains: Include important subdomains (www, mail, api, etc.)
  • Service domains: Monitor domains used for specific services
  • Backup domains: Include disaster recovery and backup domains

Security-First Approach

  • Baseline establishment: Document legitimate DNS configurations
  • Change approval process: Require approval for DNS modifications
  • Incident response: Define procedures for unauthorized changes
  • Forensic capability: Maintain detailed change logs for investigation

Integration with Security Tools

  • SIEM integration: Feed DNS change data into security systems
  • Threat intelligence: Correlate changes with known threat indicators
  • Automated response: Trigger automated responses for certain changes
  • Compliance reporting: Generate reports for audit and compliance needs

Understanding DNS Propagation

How DNS Propagation Works

  • Authoritative servers: Your DNS changes start here
  • Recursive resolvers: ISP and public DNS servers cache records
  • TTL values: Control how long records are cached
  • Global propagation: Changes spread worldwide over time

Monitoring During Propagation

  • Expected behavior: Different monitoring checks may see different values
  • Propagation timing: Can take minutes to hours depending on TTL
  • Temporary inconsistencies: Normal during legitimate changes
  • Stabilization: Values become consistent once propagation completes

Compliance and Auditing

Change Documentation

  • Complete records: All DNS changes are logged with timestamps
  • Before and after values: Full context of what changed
  • Change frequency: Track how often records are modified
  • Export capability: Generate reports for compliance needs

Security Compliance

  • Change detection: Meet requirements for infrastructure monitoring
  • Incident response: Provide data for security incident investigation
  • Audit trails: Maintain detailed logs for auditor review
  • Reporting: Generate compliance reports as needed

Tips for Success

  • Start with critical domains: Begin monitoring your most important domains first
  • Document baselines: Keep records of legitimate DNS configurations
  • Plan for changes: Pause monitoring during planned DNS updates
  • Regular review: Periodically verify that monitoring is still relevant
  • Team coordination: Ensure DNS change procedures include monitoring considerations
  • Security focus: Prioritize monitoring of security-critical record types
  • Response planning: Have procedures ready for investigating unexpected changes
  • Change validation: Use monitoring data to verify that DNS changes were successful
Is it helpfull?
Views:107
Categories
Popular Knowledge
** The time is base on America/New_York timezone