When monitoring your own DNS server, there are several critical things to keep an eye on:
- IP Address or Addresses. As mentioned above, the IP address is what your browser converts a website’s domain name to in order to properly display the site to the user. A DNS query to ensure the IP address in the system matches the IP address you provide can help to quickly notify you of a possible spoof or error.
- SOA Record. Your SOA (Start of Authority) Record contains a serial number that is updated whenever a change within your DNS occurs. Knowing a change has been made can help you prevent a possible attack.
- MX and SRV Records. Your company’s MX and SRV records are responsible for handling your emails and communications. Monitoring these are critical to avoiding any loss of email/communication records and could help prevent attacks such as rerouting messages.
- NS Records. Monitoring your NS (nameserver) records will help catch any tampering with your primary or backup records. Directly testing these nameservers will also help to ensure they are responding correctly for users.
Once you know what to look for and have regular checks in place for critical aspects of your DNS server, it’s important to also be testing your DNS from everywhere. There are many third-party services that can be used to test from a large network of locations, allowing you to identify any non-localized issues that could be affecting a large portion of your users.