Skip to main content
All CollectionsExternal Monitoring (Beta)DNS Security
Is your DNS secure?
Is your DNS secure?
Dan McKenzie avatar
Written by Dan McKenzie
Updated over a month ago

What is DNS?

The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like google.com or riskledger.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.

Each device connected to the Internet has a unique IP address which other machines use to find the device. DNS servers eliminate the need for humans to memorize IP addresses such as 192.168.1.1

Why it Matters

  • Without working DNS, your services become invisible to users, can directly impact you availability

  • Attackers can redirect your users to fake websites through DNS hijacking

  • Compromised DNS can expose your users' data to attackers

  • Email security depends on proper DNS configuration

  • Security breaches through DNS can damage customer trust

Security Checks

We monitor these critical aspects of your DNS configuration:

Is the Domain expired?

When your domain registration expires, two major problems can occur: Your website and services become unreachable - it's like your business vanishing and anyone can buy your expired domain name, gaining control of your web address and potentially damaging your reputation. To avoid these risks, always renew your domain registration several months before it expires.

Is domain registry lock enabled?

The domain lacks registry lock protection, allowing unauthorized transfers between DNS providers. This makes your domain vulnerable to hijacking attempts.

Are zone transfers properly restricted?

The DNS server allows zone transfers to unauthorized hosts. This exposes your DNS configuration to potential theft and manipulation by malicious actors.

Is the Start of Authority (SOA) record valid?

The domain's SOA record is missing or invalid. This critical record contains essential administrative information, and without it, your domain may become unreachable.

Are WHOIS records properly configured?

The domain has malformed or missing WHOIS records. This suggests your domain registration isn't properly recognized, potentially putting your ownership at risk.

Are email verification records (PTR) configured?

Your domain lacks reverse lookup records (PTR) for its mail servers. Without these records, other email providers may mark your emails as spam or reject them entirely, since they can't verify your mail server's identity.

Are recursive queries properly restricted?

The DNS servers allow recursive queries from any source. This configuration can be exploited by attackers to amplify DDoS attacks against other targets.

Does your nameserver support modern internet addressing (IPv6)?

Your nameserver lacks IPv6 addressing configuration. While most clients still use IPv4, the growing adoption of IPv6-only networks means some users may have trouble accessing your domain without proper IPv6 support.

Is your nameserver protected against recursion attacks?

Your nameserver accepts recursive queries from any source. This allows attackers to use your DNS server to amplify denial-of-service attacks against other targets, potentially making you an unwitting participant in network attacks.

Learn More

Related Articles
Is DKIM protecting the domain's emails from tampering?
Is DMARC enforcing the domain's email security policies?
Is HSTS enforcing secure connections to your domain?
Is TLS configured securely on the domain?
Did this answer your question?