Features & benefits

Easy configuration

The configuration interface allows for easy set up of new domains. Only the domain name is necessary and the configuration utility will take care of the rest.

There is also no need to install any additional software or change any firewall configuration. The service is based on the protocol and port the DNS use.

User-friendly dashboard

The dashboard is where all monitoring results are published. A distinct dashboard layout displays the results of each monitored domain with the possibility for a drill-down view of every monitored detail.

Configurable alerts

For a non-interactive approach to monitoring, alerts can be configured and sent through our integration with PagerDuty.

Each domain can individually be set up to send alerts on different severity levels for both Availability and Integrity.

Searchable historic events

Every result from the monitoring runs are searchable on the history page. The search can be refined to single locations and on all severities.

Screenshots

Availability

To verify system availability is central in every monitoring system.

DNSmonitors approach to availability is to look at the DNS servers ability to respond to queries for each domain. A DNS server has to be able to respond to queries over both UDP and TCP. The DNS server should be stable and powerful enough not to drop any packets, which will lead to time outs. During each check cycle, DNSmonitor tests for all of these metrics.

Presentationwise, the availability metric is calculated using the result from all the connectivity tests above, collectively for all listed DNS servers.

UI availability metric

Zone data integrity

UI integrity metric

It is crucial that all visible DNS servers contains identical zone data.

DNS slave servers synchronise each zone file with its designated master name server. If this synchronisation fails, there is a great risk is that the failing name server will respond to queries with inaccurate data.
The DNS monitoring service runs a number of checks to collect key variables of the zone content for each name server and then compares these against one another.
These tests, together with a few other tests of the zone data, is compiled and calculated into a data integrity metric, which is presented in the UI.

Performance

Variations in response times can indicate potential problems.

Each check run, DNSmonitor records all name servers response times. The response times may vary depending from which location they are monitored, mainly due to network latency.

A response time indicates both network and system health. A rapid increase in the average response time indicates that the DNS system or network is lacking resources.

Security

DNS servers are potential targets for hacker attacks.

To run a system that is reachable from the Internet, like a DNS server, requires special care! The DNS software can (and will) contain vulnerabilities. Poor configuration leads to security vulnerabilities and information leakage. Ill considered infrastructure design can be problematic in case of denial-of-service attacks, even if the DNS is not the intended target.

DNSmonitor run a set of checks that are designed to locate potential configuration and infrastructure issues, that has been known in the past to cause problems. These checks does not affect the availability or integrity metrics but is a good help making your DNS infrastructure less vulnerable.

Locations

To optimise monitoring results and enable our customers to make informed decisions, DNSmonitor is run from a minimum of three locations.

Much like the GPS, which require three satellites to triangulate a position, our monitoring service is based on the same principal. With three or more locations from where the service is running, our customers are able to find out if any discovered problem is local or global. After the initial setup, where three default locations automatically are assigned, you can chose to customise from which locations you monitor your domain. This is intended to let you design how the monitoring system better reflect your customer demography.

Our monitoring nodes are, at this point, distributed over three continents: North America, Europe and Asia.

8

Locations

7

Countries

3

Continents

RFC compliance

Our DNS monitoring service complies with the existing DNS RFC's.

The service expects a strict set of responses for certain queries. This is especially true when testing for security configurations, but applies to other tests as well. This can sometimes result in false positives or an unknown result.

IPv6

We support both IPv4 and IPv6.

The implementation base for IPv6 is growing steadily. Our infrastructure and our monitoring software have full support for both IPv4 and IPv6.