You are probably calm thinking that the DNS (domain name system) provider that hosts your domain names is happily redirecting traffic to your servers.

Well, I don’t want to spoil that calmness, but you shouldn’t relax too much and blindly rely on your DNS provider since there are risks that threaten it and performance issues that could negatively affect the experience of your website visitors.

Just an example: about a year ago, a global hacking campaign was launched to attack DNS servers that presented a certain vulnerability. The attacks left many DNS servers directing traffic to malicious websites. Eventually, the problems were solved, but the attack served as a wake-up call for all network admins and website owners to start monitoring their DNS infrastructure.

Therefore, DNS monitoring tasks became a fundamental part of maintaining any IT infrastructure, regardless of its purpose or topology. But before we get deeper into DNS monitoring, let’s see what it means to put a domain name in the hands of a DNS provider.

DNS records are files that map domain names to specific IP addresses. These files are stored on nameservers. Root nameservers are distributed around the world, storing the locations of top-level domains (TLDs) –.com, .org, .edu, and so on.

Each TLD lists a set of servers that store records that indicate where the DNS records of each specific domain are stored –commonly DNS providers or registrars, like GoDaddy, Namecheap. These are the authoritative servers of each domain name. When you add a domain name to the servers of a DNS provider, those servers become authoritative for any query that points to the added domain.

After this explanation, it is easy to understand that DNS is a crucial aspect of network performance and the cradle of potential vulnerabilities. Being the first point of contact between end-users and their services, you must guarantee the availability and performance of the DNS. And to ensure these two aspects, a good DNS monitoring service is needed.

What does DNS monitoring do?

You need to monitor the DNS provider that holds the records of your domain names to regularly check the reliability of the DNS servers and stay informed about possible changes in the DNS configuration. By doing this, you will know when the overall performance of your site is being affected by an intermittent or faulty DNS, or you will be warned of possible attack attempts to your site.

DNS monitoring tools test the connectivity between the authoritative name servers of your domain names and the recursive name servers, which somehow work as cache memory to speed up the name lookup process. This testing can be done on-demand manually or automatically with a given frequency. If done automatically, the testing tool should keep you informed about the results. These tools are also useful to validate the service level agreement (SLA) of your DNS service provider, or even to compare the services of different providers.

A DNS monitoring service must test that the DNS service returns the correct set of IP addresses all along the way to the root DNS server. This way, it can detect DNS hijacking or DNS spoofing attacks. Another form of attack is a DNS flood: to detect this type of attack, and the DNS monitoring tool should sense DNS slowdowns, alerting a network admin when a flood attack may be taking place. These are common tasks that every DNS monitoring service should carry out, but the many options available offer diverse combinations of other features that need to be analyzed to pick the best options.

Let’s take a look at some of the best DNS monitoring services available.

Sucuri

As part of its website security platform, Sucuri offers DNS monitoring services. These services are activated simply by enabling website malware scanning on the Sucuri dashboard. When changes in the DNS records occur, the monitoring service triggers alerts to notify you about the changes that occurred.

The Sucuri monitoring solution alerts you when your DNS becomes unavailable, when unintended alterations have been made, or when hackers have changed your DNS with malicious intent. The scanning frequency can be adjusted from the Sucuri dashboard in order to suit your needs. You can opt for receiving alerts via email, SMS, Slack, or RSS. Also, the email reports offer abundant data to do forensic analysis.

Uptrends

We all know that just watching your IP address is not enough to catch all possible DNS issues. That is why Uptrends offers External DNS Monitoring, which allows you to track all the key DNS records from a worldwide network of checkpoints.

Besides DNS A records (IPv4) and AAAA records (IPv6), Uptrends service also monitors DNS zone delegates, watches SMTP mail server mappings, checks aliases and verifies SOA numbers, among other tasks.

Alerts are sent through different channels at the very moment a DNS problem occurs, allowing you and your team to act fast in order to avoid downtime. Uptrends also let you access reports with vital statistics and performance numbers of your DNS servers captured from all over the world.

Site24x7

Site24x7 offers a complete monitoring solution from a single console for servers, public or private clouds, websites, and applications. The website monitoring solution includes not only inspection of the DNS service, but also of the FTP, SSL, SMTP, POP, URL, API, and HTTPS protocols. It offers second checking from different locations, alerts, and extensive reports with screen capture.

The services can be monitored through the internet, intranet, Wi-Fi, and 3G / 4G networks. In particular, the DNS monitoring offers extensive interruption and performance reports, and also checks the end-user experience, classifying it as satisfied, indifferent and dissatisfied. The alerts and notifications can be sent via voice calls, SMS, email, Twitter, RSS, or push mobile notifications.

DNS Spy

DNS Spy was created, especially for those who are paranoid about their DNS security. As its name implies, its focus is only on DNS monitoring. To try the service, you just add your domain and wait for the results. The system will automatically find all the relevant DNS records and give you an extensive report detailing connectivity, performance, security, resilience, and coverage issues, with warnings and advice for every reported item.

The full monitoring service provides alerts for every time a record changes, keeping a detailed history of the changes and backing up your DNS records in case you need to restore them. It also verifies that all your nameservers are in sync and notifies you of invalid or RFC-violating configurations. The pricing plans offer three options, each covering a different amount of domains.

DNS Check

DNS Check offers a DNS-only monitoring service. It regularly checks DNS records and name servers for lookup failures or changes and notifies you if it detects a change. You can import an entire zone file to the system, or just enter the DNS records you need to monitor.

Whenever there’s a need to update a DNS record, DNS Check lets you share a link that shows which records need correction. You’ll get notified when updates are detected. For troubleshooting purposes, DNS Check helps you determine whether there’s a DNS issue and tells you what needs to be fixed.

You can start using DNS Check for free if you need to monitor no more than ten domains, and opt for a paid plan when the domain count grows beyond that number.

ZoneWatcher

ZoneWatcher aims to automate monitoring, reporting, and backing up DNS systems. With this tool, you will always have a backup copy of your DNS records in case you need to recover from an unwanted update or if something goes wrong. It offers a powerful changelog that lets you review the whole history of changes for an entire zone.

Since it is intended mostly for professional use, ZoneWatcher lets you monitor domains from multiple providers, in case you work with many clients. It also lets you create teams to segment the monitoring staff by the managed entity. The alerts can be sent by email, and the data can be exported as zone files or informed through a REST API that lets you use your own application to interact with the data.

DNS monitor

As a subscription-based monitoring service, the DNS monitor specializes in checking the availability and data integrity of DNS servers and domains. The service assists you in detecting unauthorized changes to key DNS records, in avoiding DNS downtime and in checking all types of DNS-related issues. It is designed to free you of routine monitoring tasks, letting you put your focus on your core business.

The main routine tasks that DNS monitor carries out include verifying the connectivity of DNS servers, validating server responsiveness, checking zone content consistency across all servers, verifying that the data originates from the same source, detecting name servers timeouts and tracking their response times, and checking for configuration errors on DNS servers that might leak sensitive information.

AppNeta

Although designed to adapt to any network architecture, AppNeta‘s approach to DNS monitoring is especially suitable for organizations in the process of migrating to the cloud. It works with a comprehensive monitoring engine that covers diverse servers, both internal and external, and runs across an array of ISPs and DNS providers.

AppNeta keeps the data it collects for one year, with no additional charges. Analyzing that data, you can visualize the impact of DNS resolution on the user experience of your application. You can also detect degrading trends in performance, or view patterns in performance spikes. The monitoring service adds the application context to its reports in order to help IT staff identify DNS resolution issues related to application problems.

DNS monitoring is tightly integrated with AppNeta’s suite of network overall performance monitoring solution.

Monitis

A simple, straightforward application capable of monitoring all internet protocols, besides DNS. The DNS monitoring function allows you to test regularly that your DNS resolves your URLs correctly to the expected IPs. The setup procedure and operation is really simple; once you add a DNS monitor, Monitis checks if your URL resolves correctly by sending requests to the DNS server at regular intervals and reporting to a given set of contacts.

Monitis will return a failure status if it fails to connect to the server if it fails to resolve to the expected IPs, if it gets a permission error, or if it gets no response from the server within a given period of time. You can opt to check the authoritative name server and specify all the expected DNS query result IP addresses. Also, you can add more uptime monitors to the same URL and IPs in order to check other protocols within its monitoring routine.

Paessler PRTG

Created by Paessler AG, PRTG is a network monitoring software available in multiple languages that provides unified monitoring of bandwidth, servers, applications, network devices, virtual environments, IoT, remote systems, and more. In particular, the DNS monitoring function checks the performance and availability of your DNS servers, providing comprehensive statistics regularly and immediately notifying you in the event of malfunctions or downtime.

The company offers six pricing plans, which vary in the number of sensors (from 500 to unlimited) and the number of servers where it can be installed. In PRTG, a sensor is one aspect that you can monitor on a device. For example, the CPU load on a machine, a specific URL, a port on a switch, or the traffic load over a network connection. By licensing on the number of sensors instead of the number of devices, users can freely customize the solution to monitor whatever they need.

Dotcom-monitor

With the aid of a global monitoring network, Dotcom-monitor offers a complete set of website monitoring and testing solutions designed to ensure uptime, performance, and functionality not only of websites but also of servers, web applications, and APIs. DNS monitoring is part of the Dotcom-Monitor’s Infrastructure Monitoring solution, which offers total visibility into IT infrastructure health.

The record types supported by the DNS monitor include A (IPv4), AAAA (IPv6), CNAME, MX, NS, PTR, SOA, SPF, and TXT.

If the DNS monitor detects any issue when resolving names, an instant DNS trace is taken to show the full path of propagation. It also sends an instant alert, showing the type of the issue and extent of the error. The solution provides regular performance reports that show global resolution speeds. The pricing options offer four different monthly fees with varying sets of features and functionality.

Nagios

DNS monitoring is part of the Nagios XI and Nagios Core tools, both renowned monitoring tools used by millions of users and thousands of companies, from Fortune 500 to small business owners. With Nagios, you can monitor DNS servers, protocols, and queries, obtaining increased availability on servers, services and applications, fast detection of network outages and protocol failures, and fast detection of DNS hijacking and spoofing.

Nagios monitoring solution can be extended with third-party components listed on Nagios Exchange, such as wizards and plugins. These components add a lot of cool stuff to the basic solution, such as more reporting power, mobile access to logs, in-depth analysis, and so on. Besides DNS, Nagios offers monitoring over other protocols, including SNMP, HTTP, SSH, FTP, and SMTP.

Catchpoint

The DNS monitoring solution from Catchpoint offers a true picture of DNS performance by accessing hundreds of vantage points across all types of providers –backbone, cloud, last mile, broadband, and wireless. This way, it can show true DNS speed, reliability, reachability, and availability, helping to debug and isolate issues by querying each server in the DNS route to identify the source of failure.

Catchpoint helps you discover misconfigured nameservers in your resolution chain, allowing you to check DNS cache and performance from popular DNS resolvers. By identifying response time anomalies and monitoring DNS servers directly, the solution provides for the early detection of potential attacks. The performance monitor not only checks your DNS provider, but it also lets you compare between providers to choose the best solution when planning a migration.

A healthy paranoia

It is not bad to be a little paranoid when it comes to keeping your website active and in good health. Here we offered you an extensive list of DNS monitoring solutions in which you will surely find the one that best calms your paranoia. Now it’s just a matter of making a decision, balancing costs and benefits.

One final piece of advice: take into account that the cost is not just what you pay when you buy the product or when you pay the monthly fee, but also the time it takes for you or your staff to stay informed about your DNS services, to correct issues and (hope not) to recover from a disaster.