DNS provides, have excellent security measures to protect your DNS and deliver outstanding performance. The paid plans include DNS Failover & Monitoring, DNSSEC, many nameservers, and even more Anycast DNS locations. With so many safety measures should you be monitoring your DNS or should you just leave it without supervision?
The three elements of the DNS chain
Where can something occur?
One DNS query goes a long way until it gets the final result, but we can group 3 main types of devices on the road.
Client devices (your visitors’ PCs and mobiles) recursive servers and authoritative servers. There is a potential threat in each step – client device to a recursive server, a recursive to another recursive and a recursive to an authoritative server.
The threats of leaving your DNS without monitoring
The zone file has the DNS records like A and or AAAA record that has IP information and MX records for emails. The attacker can change or directly add records.
If the attacker changes the MX records, it can redirect the incoming emails and see valuable information that you would like to be private. This is used for industrial espionage to steal data for new products and services or get the contacts of your clients.
The change in the MX records can also be used to spam from your name. It can send fake messages and even phish for personal data. Not good for your customers and even worse for you.
A and AAAA records
Changing the A and or AAAA records can redirect your visitors from your website to a fake one, that the cybercriminals use for phishing. The site can look identical or very similar to yours, but it will steal all the data that your visitors provide such as personal data and bank data. This can severely damage your reputation and the trust in your brand.
The hackers can hijack your domain name and change the data in the register. After that, it might be tough for you to take back your domain name.
Monitoring, how to do it?
You should do frequent monitoring of your DNS. If you become our client, you can take advantage of the DNS Failover & Monitoring feature (a part of all paid plans). We provide an automatic DNS monitoring every single minute that will give you information for your servers. You can also set up different actions, depending on the statistic from the monitoring.
The types of monitoring we provide are:
ICMP Ping. This sends packets with different sizes – 64 bytes, 512 bytes, and 1024 bytes and checks if some of the packets fail.
Web checks. HTTP(S) requests to a specific IP address. You can customize the hostname, port, and path.
TCP. You can choose the port for the TCP request.
UDP. Same as the TCP, you can choose the port for the request.
DNS. You can make different query types to a specific IP address.
All the DNS Failover checks are performed from various locations around the globe such as Miami (USA), Barcelona (Spain), Johannesburg (South Africa), Singapore, Sydney (Australia), Sao Paulo (Brazil) and more.
You can see more information about our DNS Failover & Monitoring HERE.
For the rest of the people who read this article and are not our clients, we would like to show a free manual alternative.
You can use DNS.Computer tool to test different DNS records. It will still give you important results about response times, nameservers and start of authority. The tool will let you download a PDF report with the findings.
It is not automatic. You will have to check it by yourself when you have time.
You can also check “8 DNS tools for checking your servers“. They can be very useful for monitoring your DNS performance.
No matter how brilliant the service you have is, it never hurts to be extra careful. Monitoring your DNS can prevent many problems for you and your clients. If you find the problem in time, you can resolve it fast and without long-term consequences.
With so much at stake, it really pays off to be extra careful.