How do DNS monitors work?
Verify DNS records resolve correctly with support for A, AAAA, CNAME, MX, TXT, NS, and SOA record types.
DNS monitors verify that your domain names resolve to the correct values. They’re useful for catching DNS misconfigurations, detecting hijacking, verifying propagation after changes, and ensuring email infrastructure is in place.
How DNS Checks Work
When a DNS check runs, UpCanary performs a DNS lookup for the specified host and record type - optionally against a specific nameserver. If an Expected Value is configured, the resolved value must match for the check to pass.
A check fails if:
- The DNS lookup returns no results (NXDOMAIN or empty response)
- The resolved value doesn’t match the expected value
- The query times out
Configuration Options
Host
The domain name to query.
yoursite.com
api.yourapp.com
mail.yourcompany.comRecord Type
The type of DNS record to query:
| Type | Purpose | Example Value |
|---|---|---|
| A | IPv4 address for a hostname | 203.0.113.42 |
| AAAA | IPv6 address for a hostname | 2001:db8::1 |
| CNAME | Canonical name (alias) | yourapp.netlify.app |
| MX | Mail exchange server | 10 mail.yourcompany.com |
| TXT | Arbitrary text (SPF, DKIM, verification) | v=spf1 include:sendgrid.net ~all |
| NS | Authoritative nameservers | ns1.yourregistrar.com |
| SOA | Start of authority record | Zone serial and administrative info |
Custom Nameserver (Optional)
By default, UpCanary queries the authoritative nameserver for the domain. To query a specific nameserver instead - useful for checking propagation or verifying a new DNS provider before cutting over - enter the nameserver address:
8.8.8.8
1.1.1.1
ns1.yourprovider.comExpected Value (Optional)
The value the DNS record must resolve to. If the resolved value doesn’t match, the check fails.
For A records:
203.0.113.42For MX records, include the priority:
10 mail.yourcompany.comFor TXT records (SPF example):
v=spf1 include:sendgrid.net ~allLeave blank to check only that the record exists and resolves to something.
Common Use Cases
Monitor Primary Domain Resolution
Verify your domain always resolves to the correct IP, catching accidental DNS changes or hijacking:
Host: yoursite.com
Record Type: A
Expected Value: 203.0.113.42
Interval: 10 minutesVerify DNS Propagation After a Change
After updating a DNS record, monitor it against a public resolver to confirm propagation:
Host: yoursite.com
Record Type: A
Expected Value: 198.51.100.10 (new IP)
Nameserver: 8.8.8.8
Interval: 5 minutesCheck MX Records for Email Delivery
Ensure your mail exchange records are correct and email will route properly:
Host: yourcompany.com
Record Type: MX
Expected Value: 10 mail.yourcompany.com
Interval: 1 hourVerify SPF Record
Confirm your SPF record is in place to prevent email spoofing:
Host: yourcompany.com
Record Type: TXT
Expected Value: v=spf1 include:sendgrid.net ~all
Interval: 1 hourMonitor CNAME for CDN or SaaS
Check that a subdomain still points to your CDN or third-party service:
Host: app.yourcompany.com
Record Type: CNAME
Expected Value: yourapp.netlify.app
Interval: 30 minutesDNS Monitoring and Security
DNS hijacking - where an attacker changes your DNS records to redirect traffic - is a real attack vector, especially for high-value domains. An A record monitor with an expected value check will alert you within minutes if your domain starts resolving to an unexpected IP address.
For critical domains, consider running DNS monitors at short intervals (5–10 minutes) alongside your HTTP monitors.
Related Documentation
- Monitor Overview - All monitor types and how they work
- HTTP / HTTPS Monitors - Monitor web services alongside DNS records
- SSL & Domain Expiry - Monitor certificate and domain registration expiry
- Monitoring Regions - Where DNS checks run from
- Alerts & Notifications - Get notified when DNS records change unexpectedly