DNS is one of the most crucial internet services. It’s the communicator and concierge of online experiences. Everything, from the web content you browse and the email and chat services you use to social platforms like Facebook and Instagram, depends on DNS functioning on a round-the-clock basis. Given its importance, it’s no surprise this fundamental service is targeted by hackers and cyber criminals.
Employing a robust DNS monitoring strategy is crucial to safeguarding your DNS server. By tracking your DNS performance, you can confirm it routes traffic appropriately, and continuously, to your services and websites. DNS monitoring tools like SolarWinds Server & Application Monitor can keep track of DNS records and notify you of any unusual activity, changes, or localized outages. DNS records can be an easy way in for hackers, because they’re often subject to human errors. These errors create vulnerabilities, which could have been avoided with comprehensive and ongoing monitoring processes.
In this guide, I’ll provide an in-depth explanation of everything you need to know about DNS, including what it is, how it works, common threats, and how to monitor with the help of my top picks of best DNS monitoring tools on the market today.
What Is DNS?
DNS stands for Domain Name System. It’s essentially the utility responsible for converting simple domain names into IP addresses. For example, Google.com is a user-friendly domain name, being both simple and easy to remember. A computer-compatible IP address, however, might look something like this: 188.8.131.52. This isn’t especially user-friendly, which is why we need a DNS to convert it. The IP address allows the browser to access the appropriate server with the content requested by the user.
DNS is a formidable utility with a hierarchical, distributed structure. Each DNS database stores a mere portion of the data leading to a certain site or piece of hardware. DNS functions in collaboration with the TCP/IP network protocol, and the result of their combined efforts is a streamlined and user-friendly end-user experience.
The DNS server’s database is extremely busy, because it handles billions of requests from billions of devices and people. To give you an idea of how colossal the DNS server is, one-page request is likely to result in more than 50 DNS requests. This means you could potentially create thousands of DNS requests in one session of browsing. Take into account the billions of people submitting thousands of requests every time they surf the web, and the total number of DNS queries is overwhelming. And yet the DNS can resolve domain names in less than a second, proving how powerful it is.
How Does DNS Work?
The process of “resolving” refers to the conversion of domain name to IP address. The user doesn’t have visibility into the resolving process, which goes on behind the scenes. When the hostname is typed into the browser search bar, there’s a moment—usually less than a second—during which the request is resolved. This process happens in a matter of microseconds, but it involves four different types of DNS server: the DNS recursor, the root name server, the TLD name server, and the authoritative name server. Each of these serves a different purpose, and they work together to give users access to the content they’re requesting.
- DNS recursor: The DNS recursor—also called the recursive DNS server—is usually supplied by the internet service provider. This server is responsible for receiving user queries, resolving them, and responding with the IP address. Think of it as being the middleman. It serves as the liaison between the other servers, and undertakes all the communicating, organizing, and transferring of information. It visits the cache initially, to see if the IP address requested already exists there and contacts the root name server if not.
- Root name server: The root name server, or root server, gets involved when the DNS recursor can’t find what it needs in its cache. The root server exists at the top of the DNS hierarchy, in a position called the root zone—this is the point at which requests are redirected to the appropriate zone. There are 13 root zone servers, which are run by a dozen independent organizations. At this stage, the 13 servers respond to the recursor with the IP address for the TLD name server.
- TLD name server: Next, the request goes through the TLD (Top Level Domain) name server. This server retains the information for hostnames sharing common extensions—for example, .com, .net, .gov, .edu, or .co.uk. The TLD server then points the recursor server to the authoritative name server IP address.
- Authoritative name server: The authoritative name server is the last step before the request is resolved. This server contains all the data for specific domains (e.g., google.com). The authoritative server resolves the hostname to the correct IP address, then sends this back to the recursor to be cached. It’s then returned to the user’s browser, so the requested site can be accessed via the IP address.
All of this happens practically instantly. It occurs in the time between when a user presses Enter on their search and when the content appears. Bear in mind, the host response usually features other links to extra content. This creates a knock-on effect of required DNS resolutions, so loading one web page could require dozens of resolutions.
There is also round-robin DNS, a technique in which load balancing is undertaken by the authoritative name server. Numerous entries are queued for an individual domain name, so when a query arrives, round-robin DNS will identify the first DNS entry and respond with the relevant IP address. This DNS record is then pushed to the end of the queue, and the next time a domain name needs to be resolved, the next entry in the queue is sent.
Round robin is a distinct DNS server methodology used to supply load balancing to a website with numerous redundant servers. The issue with this approach is it doesn’t necessarily recognize when a server is offline and may continue to deliver queries to it. This problem could be resolved by ensuring the name server features built-in fail-safes, which check IP address status.
So, that’s how DNS works. It’s complicated, but rapid. There are many components, which is why DNS server monitoring is so important. When a DNS server is working correctly, it’s extremely powerful and can process requests in a matter of microseconds. But when it’s not working correctly, you’ll find yourself dealing with a lot of complicated elements, so it’s important to have the right tools supporting you.
Common Threats to DNS Servers
DNS monitoring is so important, in part, because it helps you identify vulnerabilities before they are exploited. There are numerous types of DNS attacks. These include:
- DNS cache poisoning
- Denial-of-service (DoS) attacks
- Distributed denial-of-service (DDos) attacks
- Domain hijacking
- Distributed reflection denial-of-service (DRDoS) attacks
- DNS flood attacks
- DNS tunneling
- DNS spoofing
- Random subdomain attacks
- NXDOMAIN attacks
- Phantom domain attacks
DNS poisoning, DoS attacks, and DDoS attacks are the most common DNS attacks. These methods, if successful, have the potential to bring down a site.
DNS poisoning involves false data being inputted into the DNS cache. When the server with the poisoned entry replies to a query via its cache, other routers and servers also cache the poisoned entry. This means the poison spreads. The usual result of such an attack is site users are redirected to a fake site where their private information is collected by the hackers. This might even include credit card information. It’s worth noting, not all DNS poisoning situations are the result of hackers; sometimes they’re caused by basic human error.
DoS stands for Denial of Service, and DDoS stands for Distributed Denial of Service. These kinds of attacks entail one (DoS) or more than one (DDoS) sources attacking the DNS and a website in rapid succession. The aim is to cripple the infrastructure supporting the website, by overwhelming it with an excessive number of queries.
How to Monitor DNS Server
By staying on top of your DNS entries and monitoring for any changes, you can quickly identify issues capable of posing a risk to your system. To monitor DNS effectively, you should focus on the following components: IP addresses, SOA records, MX and SRV records, and NS records and root servers.
- IP addresses: Your monitoring system should be equipped to inform you if there is a mismatch between IP addresses. Remember, when a DNS query is received, the IP address in the system is compared to the one provided. You need to be notified if the addresses don’t match. If your system supports both IPv4 and IPv6, then you should be monitoring the A record for IPv4 and the AAAA record for IPv6. One could fail while the other does not, so it’s important you monitor both.
- SOA records: The SOA record needs to be monitored because the serial number is altered whenever there is a change in your DNS entry. By keeping an eye on the serial number, you’ll know when something has changed, which could prove useful in preventing an imminent attack.
- MX and SRV records: By monitoring these records, you can prevent the loss of any crucial communication routes. This is key to keeping email systems from being hacked.
- NS records and root servers: Lastly, you should be testing your NS records to ensure the primary and backup records for the name server aren’t being meddled with. You may also want to conduct tests on name servers, to certify they’re delivering the correct data. Name server monitoring and testing can ensure your records are secure and responsive.
Best DNS Monitoring Tools
Hopefully you now have a better understanding of what DNS is, how it works, and how to monitor it effectively. As you have likely gathered, monitoring DNS can be a complicated process. There are many components to stay on top of, which is why having access to effective DNS server management software and DNS troubleshooting tools is so crucial. These tools can give you in-depth insights you wouldn’t otherwise have, protecting your DNS from attacks and poor performance.
To help you choose among the range of offerings on the market, I’ve put together a list of my favorite DNS monitoring tools. I’ve taken into account user-friendliness, how feature-rich the products are, the sophistication of their utilities, and the overall design.
SolarWinds Server & Application Monitor (SAM) stands out as the best DNS monitoring solution on the market due to its feature-rich, easy-to-interpret graphical representations of data and an intuitively designed dashboard. With SAM, you can monitor DNS user experience, track server hardware health, and automatically record requests received by the DNS server.
SAM enables you to identify when the DNS server is lagging before it becomes a problem affecting the experience of your end users. By delivering a consistent and dependable experience, the tool protects your brand from being perceived as unreliable by your customers. SAM proactively monitors the DNS server’s capacity to reply to a query, comparing the response to a list of IP addresses, and records the response time rate.
When it comes to monitoring server hardware health, SAM affords you a comprehensive view of the performance and health status of all your server hardware, no matter the vendor. SolarWinds SAM is also a replacement for Nagios, with a built-in script processer capable of easily converting your existing Nagios scripts.
The console is dynamic and cleverly designed, divided into clear sections like Hardware Details, Current Hardware Health, Average CPU Load and Memory Utilization, Network Latency and Packet Loss, and Management. You’ll be notified on the status of all your critical components, including power supply, CPU, battery, hard drive, fan speed, and temperature. These server hardware health monitoring utilities extend to Dell PowerEdge, HP ProLiant, IBM eServer, Microsoft Windows Server, and VMware vSphere hypervisors. This is an extremely versatile offering.
SAM’s alerts system keeps you in the loop if your DNS server ever receives an unusual number of requests. This could flag a potential DNS attack. Notifications also give you the opportunity to increase your DNS server capacity, so no end users are affected.
The representation of data is one of my favorite things about SAM. Built-in capacity forecast charts, metric dials, graphs, and tables make reading data easy. These visualizations are particularly helpful for managing server capacity and forecasting resource utilization. You’re alerted whenever server resources reach a certain level—determined by you—and can map peaks and averages over time to create reliable capacity forecasts.
Even with all these capabilities, SAM is far more than a DNS server monitoring tool. If you’re looking for DNS troubleshooting tools, it covers asset inventory, operating systems, hardware, virtualization, and applications. This means you can unify all your server and application monitoring processes, consolidating them into a single dashboard.
If you want to familiarize yourself with SAM before committing, download the fully functional 30-day free trial.
Nagios XI is a server and network monitoring tool incorporating DNS server monitoring. One of the best things about Nagios XI is it’s super easy to set up, with the option to deploy it through either remote assistance or quickstart. This will save you time and assure you everything has been set up correctly.
If you want a versatile IT infrastructure monitoring solution, then Nagios XI is worth considering. It provides coverage of all critical components, including services, operating systems, applications, network protocols, network infrastructure, and system metrics. You can boost Nagios XI by choosing from hundreds of independent add-ons, which ensures you can monitor almost every in-house app, service, and system. The option of using these third-party add-ons makes Nagios XI a flexible tool, which is an obvious benefit. You can also customize layout, preferences, and design for specific users, affording you maximum flexibility within your team.
The Nagios XI worker processes are highly efficient, meaning this tool has practically unlimited scalability. You’ll gain insight into all your operatives via a centralized dashboard, which gives you at-a-glance visibility of internal and third-party data. You can easily drill into data to gain more detail.
Ultimately, this is an easy tool to use. It employs an integrated, web-based configuration console letting administrators easily distribute control to team members. It also features a configuration wizard, which leads users through the monitoring process, guiding them in adding new services, devices, and applications. With the configuration wizard, you won’t need to be trained in complicated monitoring tech and tools, which will save you both time and resources.
While I like the functionality of the Nagios XI dashboard, it could be more appealingly designed. It’s a little cluttered for my taste, and I would prefer a cleaner aesthetic. You can schedule an online demo and a quickstart.
ManageEngine Applications Manager is a fine example of what the company can do. This program can be used for DNS server availability and performance monitoring. It covers a range of key metrics, including search time and response time, search value status, record availability, and search field. These metrics, among others, give you detailed and comprehensive insight into how your DNS server is functioning.
I like that Applications Manager allows you to view data in the form of graphs, charts, and dials, giving you an immediate overview of what is going on within the DNS server. This is particularly valuable because DNS servers can produce a huge volume of information, and graphical representations can help you identify trends and patterns rapidly. These patterns can assist in recognizing and resolving any issues or abnormalities.
The ManageEngine alerts system is another impressive feature. It takes a threshold-based approach allowing you to customize at which point you are notified. If a defined parameter is reached, then you’ll be alerted instantly.
ManageEngine offers two paid versions of Applications Manager: Professional and Enterprise. The simple setup process means you can be up and running in less than 10 minutes, so you won’t waste time by giving this tool a shot. A free version of Applications Manager, which allows you to monitor up to five servers or apps, is also available.
Dotcom-Monitor is a tool you’re bound to like if you appreciate simplicity. This is perhaps one of the simplest programs on the market for DNS monitoring. Dotcom-Monitor offers website monitoring and performance testing, covering websites, web services, web applications, and web APIs. It’s used by many internationally recognized businesses, including Volvo, Dell, Xerox, and Comcast.
Dotcom-Monitor can perform checks on DNS query resolution accuracy and performance across the globe. If it finds an issue, it sends an instant DNS trace and notifies you. The trace will then be used to map out the route of the connection, and will display the following information: duration, start time, addresses, resolving host, and aliases. The alert you receive will outline the type of issue and the extent of the fault, so you know whether it’s critical or not.
Dotcom-Monitor supports an array of record types, including A, AAAA, NS, CNAME, SOA, TXT, MX, PTR, and SPF. This diversity is helpful when troubleshooting because it gives you access to a lot of data.
The drawback of this tool is also its primary advantage: though its simplicity can be appealing, it lacks the sophistication of other programs.
Though primarily known as a network monitoring tool, Paessler PRTG can also serve as a powerful DNS monitor. It specializes in DNS server availability and performance and delivers information to you in an intuitive and attractive way. The dashboards are clean and uncluttered, and the graphs, dials, and charts are colorful and easy to read, making data interpretation faster and more accurate.
PRTG Network Monitor includes a DNS sensor, and DNS monitoring is an automated process happening behind the scenes, giving you one less thing to think about. You can, however, still interact with the DNS monitoring capacities. You’re able to dive into the DNS sensor to view live and historical data, with DNS query response time displayed on a color-coded dial. The historical data view is flexible, letting you choose between seeing a full year, a month, or a couple of days of data.
One of the main reasons I like PRTG is it doesn’t overwhelm you with useless information—it perfectly balances what you need to know against what you don’t. The alerts system is effective, allowing you to be notified via text message, email, or push notifications. It keeps you in the loop but doesn’t flood you with meaningless alerts.
The only thing I don’t like about PRTG is the sensor-based pricing model. This system could mean you end up paying for sensors you don’t necessarily need.
UpTrends is a free DNS lookup tool for monitoring DNS health on a round-the-clock basis. It has made this list purely because it boasts generous functionalities for a free tool. With UpTrends you can monitor all your key DNS records, including A, AAAA, SOA, TXT, and MX. You’re also able to monitor your root server, so you know when your DNS has been meddled with. This gives you the opportunity to halt DNS poisoning before it has an impact on server health and performance. UpTrend also tracks SOA serial numbers, ensuring no changes have gone unnoticed.
A great thing about this tool is you can check your DNS server on a worldwide basis. A regional issue can spread to the rest of the DNS network, and UpTrends is good at identifying and resolving those problems before they become widespread.
This program incorporates reporting and alerting functionalities. You can get daily reports on the status of your DNS server, and you can choose to receive notifications if an issue arises. Again, for a free tool, UpTrends has a surprising amount on offer, and may be a good starting point for DNS monitoring. Ultimately, you’ll likely need a paid tool with more features and support.
DNS Check is another great tool if you value simplicity. It keeps you in the loop by monitoring any differences or lookup failures for name servers and DNS entries. This isn’t a comprehensive tool by any means; if you want alerting and incident response utilities, you’ll have to combine DNS Check with other products. However, it’s nonetheless useful.
With DNS Check, you can set up automatic scans to identify incorrect IP addresses, missing DNS records, duplicate DNS records, removed IP addresses, unresponsive name servers, unsynchronized name servers, and more. You can get updates on your DNS records, with visibility into which are functioning correctly, and which are faulty.
A benefit of DNS Check is you can choose whether to import your entire zone into it, or to specify individual records you want to monitor. DNS is also a great tool for collaboration, because it lets you share links showing which records have been posted properly and which haven’t. When an update is identified, you’ll be alerted instantly.
I like this tool for its simplicity, but it doesn’t offer the same range of functionalities as the more sophisticated tools on this list.
The Best DNS Monitoring Tool: SolarWinds SAM
Although all of the tools reviewed here have their advantages, SolarWinds Server & Application Monitor is my top pick overall. It combines advanced utilities with ease of use, and you’ll gain access to top-of-range features without the need for extensive training. Its intelligent design is impressive and dynamic, making DNS monitoring both more engaging and less stressful. If you’re looking for a market-leading DNS monitoring tool, SolarWinds SAM is well worth trying out.