Host name integrity checks

The ability to monitor DNS resource records to detect unauthorised changes is paramount.
This new feature provide the ability to detect possible and ongoing DNS hijacking as well as unintentional mistakes.

Integrity validation of the NS resource records and their IP addresses are performed by default and is automatically configured when the domain is first set up by the system. If present at configuration time the MX resource records are also configured for validation. We do this since NS resource records are always present and it is easy to check if MX records are present. We have now expanded our monitoring capability to let domain owners set up their own unique set of host records to monitor.

A host resource record is usually a domain name pointing to ether one or more IP addresses or to another domain name. In DNS lingo these are known as A/AAAA and CNAME records. These records are unique for every domain and require manual configuration by an administrator if they are to be monitored.

The configuration of a host resource record only require the name of the record (must be inside the same domain you monitor). When submitted the name will be resolved at each configured location and the result is stored in the configuration database. This takes into consideration possible response policy practices configured on the DNS servers. A host resource record will be checked for its integrity at each check interval.

When a hostname if found altered by the check it will trigger an ERROR event.