Last Updated: 2013-09-26 12:51:40 UTC
by Johannes Ullrich (Version: 1)
Personally, my "DNS Monitoring System" is a bunch of croned shell scripts and nagios, in desperate need of an overhaul. While working on a nice (maybe soon published) script to do this, I was wondering: What is everybody else using?
The script is supposed to detect DNS outages and unauthorized changes to my domains. Here are some of the parameters I am monitoring now:
- changes to the zone's serial number
- changes to the NS records (using the TLD's name servers, not mine)
- changes to MX records
- monitoring a couple critical A and AAAA records (like 'www').
In addition, for zones with DNSSEC enabled:
- does the signature expire soon?
- do all key signing keys have valid DS records with the parent zone?
- did the DS record change?
What else are you monitoring? What scripts / tools do you use to accomplish this?