Skip to main content

Overview

DNS monitoring verifies that your domain names resolve correctly to the expected IP addresses or values. This is critical for detecting DNS hijacking, configuration errors, propagation issues, and DNS server failures.
DNS monitors query DNS servers and validate the responses match your expected values. They don’t check if the resolved IP addresses are actually reachable.

Use Cases

Domain Resolution

Ensure domains resolve to correct IP addresses

DNS Hijacking Detection

Alert if DNS records are changed maliciously

Configuration Validation

Verify DNS changes have propagated

Mail Server Monitoring

Check MX records point to correct servers

Creating a DNS Monitor

1

Basic Configuration

Name: Main Website DNS
Domain: example.com
Type: DNS
Check Interval: 5 minutes
Timeout: 10 seconds
2

Configure DNS Settings

Record Type: A
Expected Values:
  - 93.184.216.34
DNS Server: 8.8.8.8 (Optional)
Validate All Records: Yes
3

Select Monitoring Regions

Choose regions to test DNS resolution from different geographic locations.

DNS Record Types

UptimeIO supports monitoring all common DNS record types:
IPv4 Address RecordMaps domain name to IPv4 address.
Domain: example.com
Record Type: A
Expected Values:
  - 93.184.216.34
Use for: Website domains, server hostnames

Expected Values

Configure which values indicate successful DNS resolution:

Single Value

Record Type: A
Expected Values:
  - 93.184.216.34
Incident created if domain resolves to any other value.

Multiple Values

Record Type: A
Expected Values:
  - 93.184.216.34
  - 93.184.216.35
Validate All Records: No - Success if ANY expected value is returned Validate All Records: Yes - Success only if ALL expected values are returned
Use multiple values for load-balanced services or when DNS returns multiple IPs.

Wildcard Matching

For dynamic values, use partial matching: 
Record Type: TXT
Expected Values:
  - "v=spf1*" # Matches any SPF record starting with v=spf1

DNS Server Selection

Choose which DNS server to query: 
DNS Server: (empty)
Uses UptimeIO’s default DNS resolvers.Pros: Tests real-world DNS resolution Cons: May be cached
Leave DNS server empty for most scenarios. Specify a server only when you need to test specific DNS infrastructure.

Validation Options

Validate All Records

Controls how multiple DNS responses are validated:
SettingBehaviorUse Case
YesALL expected values must be presentEnsure complete DNS configuration
NoANY expected value is sufficientLoad-balanced services with multiple IPs

Resolution Timeout

Maximum time to wait for DNS response: 
Resolution Timeout: 10000ms (10 seconds)
  • Fast networks: 5 seconds
  • Standard: 10 seconds (default)
  • Slow/distant: 15-30 seconds

Additional Record Types

Monitor multiple DNS record types simultaneously: 
Primary Record Type: A
Additional Record Types:
  - AAAA
  - MX
  - TXT
Fail on Additional Record Errors: No
UptimeIO queries all specified record types in parallel with the primary type.Primary record: Must succeed for check to pass Additional records: Captured for reference, failures logged as warnings
Fail on Additional Record Errors: Yes
When enabled, failures in additional record types will cause the entire check to fail.Use when: All record types are critical Don’t use when: Additional records are informational only
Use additional record types to monitor your complete DNS configuration in a single check.

DNS Response Data

Each DNS check captures detailed information: 
{
  "query_type": "A",
  "resolved_ips": ["93.184.216.34"],
  "authoritative": true,
  "resolution_time_ms": 45,
  "nameserver_used": "8.8.8.8",
  "records": [
    {
      "type": "A",
      "value": "93.184.216.34",
      "ttl": 3600
    }
  ]
}

Key Metrics

The IP addresses or values returned by DNS query.Compared against your expected values to determine success/failure.
Whether the response came from an authoritative nameserver.
  • True: Direct from authoritative server
  • False: From recursive resolver or cache
Time taken to resolve DNS query in milliseconds.
  • < 50ms: Excellent (cached or local)
  • 50-200ms: Good
  • > 200ms: Slow, investigate
How long the DNS record can be cached.Lower TTL = More frequent updates, higher DNS load Higher TTL = Less frequent updates, lower DNS load

Example Configurations

Name: Main Website DNS
Domain: example.com
Record Type: A
Expected Values:
  - 93.184.216.34
Validate All Records: Yes
Resolution Timeout: 10000ms

Best Practices

Always monitor:
  • Main domain A/AAAA records
  • www subdomain
  • MX records for email
  • Critical subdomains (api, cdn, etc.)
DNS resolution can vary by geographic location. Monitor from multiple regions to ensure global accessibility.
  • Critical domains: 5 minutes
  • Standard domains: 15 minutes
  • Rarely changed: 1 hour
DNS changes slowly, so frequent checks aren’t usually necessary.
Create separate monitors using different DNS servers:
  • One using default (system DNS)
  • One using Google DNS (8.8.8.8)
  • One using your authoritative nameserver
This helps identify where DNS issues originate.

DNS Hijacking Detection

DNS hijacking is when attackers change your DNS records to redirect traffic:
1

Set up monitoring

Domain: example.com
Record Type: A
Expected Values:
  - 93.184.216.34 # Your legitimate IP
2

Incident on change

If DNS resolves to any other IP address, an incident is created immediately.
3

Immediate alert

Configure critical notifications (SMS, phone) for DNS monitors to respond quickly to hijacking attempts.
DNS hijacking can redirect your users to malicious sites. Always monitor critical domains and set up immediate alerts.

Troubleshooting

Possible causes:
  • Domain not registered
  • DNS not configured
  • Typo in domain name
  • DNS propagation not complete
Steps to diagnose:
  1. Verify domain is registered
  2. Check nameserver configuration
  3. Test with dig or nslookup
  4. Wait for propagation (up to 48 hours)
Possible causes:
  • DNS configuration changed
  • DNS hijacking
  • CDN or load balancer changes
  • DNS cache poisoning
Steps to diagnose:
  1. Verify expected IPs are correct
  2. Check DNS configuration in registrar
  3. Query authoritative nameservers directly
  4. Review recent DNS changes
Possible causes:
  • DNS server not responding
  • Network issues
  • Firewall blocking DNS queries
  • DNS server overloaded
Steps to diagnose:
  1. Increase timeout value
  2. Try different DNS server
  3. Check DNS server status
  4. Verify network connectivity
Possible causes:
  • DNS propagation in progress
  • GeoDNS configuration
  • Regional DNS servers have different cache
  • Anycast DNS routing
Steps to diagnose:
  1. Wait for full propagation (up to 48 hours)
  2. Check if GeoDNS is configured
  3. Verify TTL values
  4. Test from multiple locations manually

DNS Propagation

After changing DNS records, propagation takes time:
TTL ValuePropagation Time
60 seconds1-5 minutes
300 seconds (5 min)5-15 minutes
3600 seconds (1 hour)1-4 hours
86400 seconds (24 hours)24-48 hours
Before making DNS changes, lower the TTL to 300 seconds (5 minutes) 24-48 hours in advance. This allows faster propagation when you make the actual change.

Advanced: GeoDNS Monitoring

For GeoDNS setups that return different IPs based on location:
1

Create region-specific monitors

Monitor 1 (US):
  Domain: example.com
  Expected Values: [10.0.1.10]
  Regions: us-east, us-west

Monitor 2 (EU):
  Domain: example.com
  Expected Values: [10.0.2.10]
  Regions: europe
2

Validate regional routing

Each monitor checks that the correct regional IP is returned from its location.

Next Steps

Heartbeat Monitoring

Monitor cron jobs and scheduled tasks

HTTP Monitoring

Monitor web services

Notifications

Configure DNS change alerts

API Reference

Create DNS monitors via API