News headline
The ability to monitor DNS resource records to detect unauthorised changes is paramount. This new feature provide the ability to detect possible and ongoing DNS hijacking as well as unintentional mistakes.

Host name integrity checks

The ability to monitor DNS resource records to detect unauthorised changes is paramount.
This new feature provide the ability to detect possible and ongoing DNS hijacking as well as unintentional mistakes.

Background

Integrity validation of the NS resource records and their IP addresses are performed by default and is automatically configured when the domain is first set up by the system. If present at configuration time the MX resource records are also configured for validation. We do this since NS resource records are always present and it is easy to check if MX records are present. We have now expanded our monitoring capability to let domain owners set up their own unique set of host records to monitor.

Host resource records

A host resource record is usually a domain name pointing to ether one or more IP addresses or to another domain name. In DNS lingo these are known as A/AAAA and CNAME records. These records are unique for every domain and require manual configuration by an administrator if they are to be monitored.

The configuration of a host resource record only require the name of the record (must be inside the same domain you monitor). When submitted the name will be resolved at each configured location and the result is stored in the configuration database. This takes into consideration possible response policy practices configured on the DNS servers. A host resource record will be checked for its integrity at each check interval.

When a hostname if found altered by the check it will trigger an ERROR event.

An important note

The host name integrity check is designed to relieve domain operators of the tedious task of repeatedly validate DNS resource records. To be able to fully trust the consecutive monitoring results, the operator should perform initial validation once a check is configured. The resulting IP addresses/CNAMEs are found under each location in the dashboard view.