DNS Tutorial part 1 - DNS basics

DNS Tutorial part 2 - DNS advanced (coming soon)

DNS Tutorial part 3 (coming soon)

Q & A


Depending on how high an organization rates their Internet presence, exposure and availability, the more likely they are to benefit from our service. Since monitoring an external service like the DNS can be quite difficult, there is much to gain by simply knowing the status on the DNS service.

As stated in the Availability description we rate availability (as well as zone data integrity) between 0 and 100%. Here is an explanation:

The DNS protocol doesn't have a heartbeat feature to secure which servers are available or not. The parent and the child have no means of exchanging this kind of information other than manual changes, which can take quite a while until the information is thoroughly propagated. Instead this is left for the resolvers to figure out, which they eventually do and a non-responsive name server is marked as lame and will receive no further queries (from that resolver).

As an example, lets say you have four DNS servers and suddenly one of them becomes unavailable. Now only three out of four DNS server will respond to queries. Since the resolver is unaware that one of the DNS servers is down there is a 25% chance that the resolver will send its query to the server that is down. The resolver will keep on sending query packets to that server until it reaches the UDP retransmission limit 31 seconds later. Only after that will the resolver direct its query to the next DNS server in line which responds right away.

This can be quite a big deal when serving interactive user sessions. Would you wait quietly for 31 seconds or will you click the link below and end up at a competitor?

If any DNS server is unresponsive it will affect the overall availability of the service.

Why monitor DNS

By using DNS monitor you will get an independent view of your DNS servers and your domains availability and other data. This can be a valuable tool when measuring the compliance to the SLA you have in place with your DNS service provider. Remember that even if you have outsourced the DNS service you are still very much responsible for your domains availability.

Just because you have never experienced any DNS problems doesn't mean they don't exist. DNS is far from flawless! The problem with most DNS failures is that they affect a single server which will degrade the DNS service capability to respond to queries. These kind of errors is very hard to detect if you don't use a monitoring system capable of detecting such errors.

The terms of agreement between you and your registrar will probably not hold them responsible for the availability of your domain. There are certainly not any penalty clauses that would provide you with enough money to compensate for lost income. Most registrars provide a DNS service as best effort or as is.

Unless you have a registrar that provide you with a high SLA and a generous penalty clause, you are probably way better off monitoring your own domains even if they are located on the registrars DNS servers. At least you will be able to alert them when something happens.

There are no short answers to your question. To get an idea, please read our excellent DNS Tutorials!

This is very much up to you and how you rate your domains Internet presence.

A DNS server can serve a lot of domains. Each domain is configured and loaded separately. If the DNS server software finds a configuration flaw or a zone data error for one of your domains it might refuse to load and serve it. The rest of the domains with correct configurations and zone data will be running as intended and the server runs as normal (the service or daemon is loaded and active).

A monitoring system that only monitors the DNS service for available will probably not pick up that a domain is missing.


No, our service only monitors public domains and DNS servers. There are numerous reasons for that. A few of them are listed blow:

  1. If your internal name servers fail you will probably hear about it from your users before your internal monitoring system  alerts you about it.
  2. Our focus are the public DNS servers. They are harder to monitor from inside your networks and a "customer view" is always a good idea.
  3. There are very few organizations who enjoys the idea of introducing unknown software on their internal networks, especially if the software need to communicate with outside devices.
  4. Even if we would be allowed to place one or more monitoring nodes inside your network, the configuration has to be done manually since the normal configuration process wouldn't generate a correct configuration.

You will not be able to use the SSO features by using a Google/Facebook account. Other than that you are free to use any valid email address to create an account for our service.

That is not necessary. Our service uses the ports defined in the standard DNS protocol (53/udp and 53/tcp). If your DNS service works as expected that will be sufficient.

No. Our monitoring service uses standard DNS queries on the standard DNS ports to monitor your domains and name servers.

Not in this release. We have plans to support DNSSEC in the future.

Not at the moment. We have plans to extend the range of options on how to escalate alerts, but those features are not in place yet.

But we still encourage you to try out PagerDuty, their service is really great!

The ASN check read which Autonomous System Number each DNS IP address belongs to. The ASN is used to identify each network on the Internet and is used in the BGP protocol to route traffic. The network in this meaning is a collection of IP networks under the control of an entity like an ISP or a large corporation.

If you have all your name servers inside the same ASN you may be at risk of losing Internet connectivity if that ISP would be targeted for a massive DDoS attack, even if you weren’t the intended target. It is a good practice to spread your DNS servers across multiple ASN.

The warning message is to alert you about this but it will not affect your availability rating.

Payment & subscription

We use Stripe as our payment provider.

Simply remove your credit card information from the Profile menu. At the end of your selected term your account will be set on hold and eventually deactivated.

Your account can be reactivated if you chose to reactivate it within 3 months of deactivation. We will continue monitoring your domains for three additional months for this purpose. If you chose to reactivate your account you will still be charged for the period you were absent. If not you have to create a new account.

That may be possible. Use the contact form to describe your situation, list the number of domains and request a quote.

We have two different partner programs: Reseller and NOC partner.

A Reseller is a company that sell our service under a reseller license and gain a reseller payback.

A NOC partner provides monitoring for its customer from their own Operation Center. The NOC partner get a discount when purchasing domains in bulk from DNSmonitor.

In your case, the NOC partner program would be the best choice.