Customers are now able to configure host records to monitor in addition to the default host records monitored by the service. The service is called Host name integrity check and is configured in the Manage Domain facility.

This feature continuously monitor the integrity of each configured host records every available name server and will alert when the record is altered.

This new feature will greatly improve the ability to detect if a customer domain is subject to cyber attacks like the 2019 DNS Hijacking Campaign, where host records were altered causing man-in-the-middle attacks for eavesdropping purposes. By default this check is performed on all NS resource records and their host record counterparts as well as the primary MX resource record.

The development and release of this check is largely due to the above mentioned DNS Hijacking Campaign which as far as anybody knows still is ongoing but in different forms and sophistication. DNS is very much a prime target for hackers mainly because almost every session is preceded by a DNS name lookup and they are always accessible from the Internet. Our hope is that every customer take advantage and configure this check on every domain they monitor.


The DNSmonitor Development Team

Leave a Reply