News

14 day trial period

14 day trial period

14 day trial period

Try out our service during a 14 day trial period. This article will shed some light what happens during and after the trial.

Signing up

To start our 14 day trial period there are three simple steps to pass.

Step 1: Register an account.

This is really simple, follow this link and enter a valid email address, a password and a password confirmation in the appropriate text boxes. Then click on the Register button.

Step 2: Confirm your email address

You will be sent an email to the email address you entered with a confirmation link. Klick on the link in that mail to confirm your email address.

Note: If you haven't received a confirmation email, check that your email address is correct, check also your spam folder. You might need to add support@dnsmonitor.com to your list of trusted senders.

Step 3: Sign in and configure a domain

 The final step is to sign in to your new account and configure your first domain by enter the domain name in the domain field and press the Apply button. Our configuration engine take care of the rest.

During the trial

During the 14 day trial period you are free to try the different subscription types to find out which suit your need the best.

During trial we have limited the number of domains to 3, but beside that it works like the real thing.

You can anytime during the trial period add a credit card and select payment frequency in the Manage Subscription and your settings will remain unchanged as the credit card is charged for the selected number of domains and period. It's pretty straight forward...

End of trial

If you don't add a credit card on the Manage Subscription page (don't worry, we'll remind you) and the trial period ends, the following will happen:

  • Your account will still be available, but the account will be transformed into a FREE account with the limitations that follows.
  • The first domain you added will remain but is converted into a FREE subscription domain. This will result in removal of additional host resource records and a removal of any additional locations.
  • Any other configured domains will be removed.

We will still consider you as a valued customer and we hope that you will soon upgrade to BASIC or PREMIUM status.

Posted by Henrik Dahlberg in Monitoring, News
FREE subscription

FREE subscription

FREE subscription

Introducing our FREE of charge subscription.
Limitations? Yes, but still a very good service!

Summary

Our free subscription is like it says, completely free, without ads, commercials or commitments!

This subscription is based on our BASIC subscription with a few limitations:

  • FREE domains are checked once every hour in opposite to the BASIC and PREMIUM subscriptions which are run every 5 minutes.
  • You are limited to only one (1) domain per account.
  • You can't configure any hostname integrity checks.
  • You can't add additional monitoring locations.
  • The monitoring data is retained for only 2 weeks.

Upgrades

A FREE subscription can be upgraded to either BASIC or PREMIUM. No data will be lost and you unlock more monitoring options.

Posted by Henrik Dahlberg in News
PREMIUM subscription

PREMIUM subscription

PREMIUM subscription

With the addition of the BASIC subscription type we have rebranded our original only subscription type to PREMIUM. No changes have been made to the original subscription but the name.

Summary

We're serious. The PREMIUM subscription is our flagship! This is where we focus our efforts to continue building the absolute best in DNS monitoring. Every addition we make in the future will automatically be included in a PREMIUM subscription free of charge.

With a PREMIUM subscription you get the output of the equivalence of a full-blown DNS forensic. Every five minutes. If the PREMIUM subscription picks up anything out of the ordinary it will show.

The detailed matrix view from every location show you every detail there is to know about how your DNS servers fair. You can turn on and off specific checks on specific servers or even all checks for a specific server (convenient when you perform service and upgrades).

In short, the PREMIUM subscription contains every part of our DNS monitoring know-how.

Posted by Henrik Dahlberg in Monitoring, News
BASIC subscription

BASIC subscription

BASIC subscription

Without compromising with our core services, Integrity and Availability, but with a little less details our new BASIC subscription is a lightweight alternative to the comprehensive PREMIUM subscription.

The BASIC subscription is a complement to be used for your less important domains or as an entry-level subscription.

Summary

Many organisations rarely host a single domain. By adding country code domain names, marketing and brand domain names, the domains keep adding up. While some domains have their own separate infrastructure other domains are merely used to redirect traffic to the main site. With this in mind, although all domains need monitoring, some may require a little bit less attention than others. By using the BASIC subscription for the domains that require that little less attention you can make sure no domain is left behind and you are on top of all your domains. By mixing PREMIUM and BASIC subscription types depending on domain use you can now tailor the monitoring needs for your range of domains.

A BASIC subscription provide the same level of precise monitoring regarding zone data integrity and zone availability (our two main metrics) as our now rebranded PREMIUM subscription does. While the PREMIUM subscription allows for the in-depth details and expert drill-down levels you need to keep your all-important domains in mint condition, the BASIC subscription keep you on top of things but without the intricate details.

BASIC and PREMIUM subscriptions can coexist on the same monitoring account. You can also configure the BASIC subscribed domains with additional Hostname integrity checks and add additional monitoring locations just as the PREMIUM subscribed domain can.

Posted by Henrik Dahlberg in Monitoring, News
Read-only user access (Operators only)

Read-only user access (Operators only)

Read-only user access (Operators only)

Operator customers can now configure read-only user accounts to allow their clients access to the monitor dashboard.

Summary

As an operator sometimes it can be valuable to allow customers a view of what you monitor. Obviously you don't want to allow the customer access to other customers and you certainly not want to grant him read/write access.

Read-Only user accounts

The operator can now create read-only accounts to be used by organisational sub-divisions, executives and customers allowing access to portions of your monitoring landscape.

To set up an account require very little effort. Add the users email address and select which domains the user is allowed to view. A verification link is emailed to the user which must verify the email address and set a password to complete the process. That's all.

Posted by Henrik Dahlberg in Monitoring, News
Hostname integrity checks

Hostname integrity checks

Host name integrity checks

The ability to monitor DNS resource records to detect unauthorised changes is paramount.
This new feature provide the ability to detect possible and ongoing DNS hijacking as well as unintentional mistakes.

Background

Integrity validation of the NS resource records and their IP addresses are performed by default and is automatically configured when the domain is first set up by the system. If present at configuration time the MX resource records are also configured for validation. We do this since NS resource records are always present and it is easy to check if MX records are present. We have now expanded our monitoring capability to let domain owners set up their own unique set of host records to monitor.

Host resource records

A host resource record is usually a domain name pointing to ether one or more IP addresses or to another domain name. In DNS lingo these are known as A/AAAA and CNAME records. These records are unique for every domain and require manual configuration by an administrator if they are to be monitored.

The configuration of a host resource record only require the name of the record (must be inside the same domain you monitor). When submitted the name will be resolved at each configured location and the result is stored in the configuration database. This takes into consideration possible response policy practices configured on the DNS servers. A host resource record will be checked for its integrity at each check interval.

When a hostname if found altered by the check it will trigger an ERROR event.

An important note

The host name integrity check is designed to relieve domain operators of the tedious task of repeatedly validate DNS resource records. To be able to fully trust the consecutive monitoring results, the operator should perform initial validation once a check is configured. The resulting IP addresses/CNAMEs are found under each location in the dashboard view.

Posted by Henrik Dahlberg in Monitoring, News
DNS Hijacking Campaign

DNS Hijacking Campaign

DNS Hijacking campaign

In late January 2019 the DHS CISA issued its first ever Emergency Directive (ED 2019-01) concerning attacks targeting DNS servers and their content in a globally widespread DNS Infrastructure Hijacking campaign. Every major national CERT organisation were put on red alert and helped spread the bad news.

12 days before, on the 9th of January, the security firm FireEye posted the article Global DNS Hijacking Campaign: DNS Record Manipulation at Scale on their Threat Research blog describing their findings! FireEye’s research team discovered that these types of attacks had been ongoing since (at least) 2017 but had escalated over the last few months. The phrase “This campaign has targeted victims across the globe on an almost unprecedented scale, with a high degree of success” is quoted from the article and brings chills down the spine.

As the research article from FireEye indicates, the news here are the sheer scale and that the targets are DNS servers. My personal guess is that the majority of the breaches were made on accounts for managed DNS services. Managed DNS services have becoming increasingly popular over the past years (if you have a problem, outsource it and the problem goes away, right?), and why not? I can relate to why organisations select managed DNS services over in-house management. A managed DNS service don't require skilled and expensive staff to manage and features like DNSSEC are readily available. But it comes with a price!

DNSSEC is great for detecting man-in-the-middle attacks, so why is it obviously ineffective with these new kind of attacks? The answer is very simple. Man-in-the-middle attacks like the popular Cache poisoning attack some years back were targeted to intercept ongoing DNS traffic to and from DNS resolvers and inject phony IP addresses into the resolver cache redirecting traffic through the attacker controlled sites. If you read the articles, these attacks are quite similar, but very different. They inject the phony IP addresses at the source. Before the DNS resource record is signed! And hence, when a validating resolver performs validation on the record it will show up as legit and the end users will never be aware that their communication is routed through the attackers servers! With that in mind these attacks are quite devious in its way of "hiding in plain sight". At a quick glance you won't make out if an IP address have been changed, especially if you are not looking for it!

FireEye discovered that there are three types of records that are most likely targeted to be used to carry out the different traffic redirections: NS, MX and A (AAAA). The NS records are used to identify which name servers (DNS) that are authoritative for a domain/zone. By altering these records an attacker can redirect all DNS queries through his own DNS infrastructure. The MX records will tell the MTA to where an email will be sent. By altering these records, all incoming mail traffic will be redirected, read and forwarded to the originally intended mail servers. And finally the A and AAAA records, which will redirect traffic through IP addresses the attacker controls.

The only way to detect these types of attacks is by constantly monitoring key DNS records!

DNS monitor can make a difference!

We provide continuous monitoring of your DNS resource records, and will give you a heads up whenever it is modified.
Our DNS monitoring system provide an Internet view of your DNS infrastructure and the domains you monitor for its data integrity and availability.

Posted by hd-admin in Cyber Crime, News