Question 1

What is DNS record monitoring?

Accepted Answer

DNS record monitoring continuously checks the DNS records associated with your domains and alerts you when any record changes. PulseStack™ queries authoritative nameservers for A, AAAA, MX, NS, CNAME, TXT, and SOA records at configurable intervals. When a record value differs from the previous check, you receive an alert with the old and new values. This catches unauthorised changes, misconfigurations, and DNS hijacking attempts before they affect your users.

Question 2

Why do DNS records change unexpectedly?

Accepted Answer

Unexpected DNS changes happen for several reasons. A compromised registrar account allows an attacker to modify records directly. Misconfigured infrastructure-as-code deployments can overwrite production records during a staging push. Shared hosting panels sometimes allow one tenant to affect another's DNS. CDN or load balancer migrations that do not update all records leave orphaned entries. Third-party services that you granted DNS access to may modify records during their own updates. Each scenario produces different symptoms but the same outcome: broken services.

Question 3

Which DNS records should I monitor?

Accepted Answer

At minimum, monitor A records (they point your domain to your server), MX records (they route your email), and NS records (they control who is authoritative for your zone). For comprehensive coverage, also monitor CNAME records used for subdomains and CDN routing, TXT records that contain SPF, DKIM, and DMARC policies for email authentication, and SOA records that indicate zone transfer and refresh settings. PulseStack monitors all record types by default.

Question 4

How does DNS monitoring protect email deliverability?

Accepted Answer

Email depends on three DNS record types: MX records that tell sending servers where to deliver mail, SPF records in TXT entries that define which servers are authorised to send on your behalf, and DKIM records that provide cryptographic signatures for message verification. If any of these records are deleted, modified, or misconfigured, your outbound email gets rejected or flagged as spam by receiving servers. PulseStack detects changes to all email-related DNS records and alerts you before deliverability degrades.

Question 5

What is DNS hijacking and how does monitoring detect it?

Accepted Answer

DNS hijacking occurs when an attacker modifies your DNS records to redirect traffic to servers they control. This can happen through compromised registrar accounts, exploited DNS management APIs, or BGP route hijacking that intercepts queries to your authoritative nameservers. PulseStack detects hijacking by comparing current DNS responses against known-good baselines. If your A record suddenly points to an IP address that is not yours, or your NS records change to nameservers you do not control, alerts fire immediately.

Question 6

How quickly does PulseStack detect DNS changes?

Accepted Answer

Detection speed depends on your configured check interval. The free plan supports 3-minute intervals, meaning changes are detected within 3 minutes at most. Paid plans support 30-second intervals for near-real-time detection. Each check queries authoritative nameservers directly, bypassing DNS caches, so PulseStack sees changes as soon as they propagate to the authoritative servers rather than waiting for cached records to expire.

Question 7

Can I monitor DNS records for subdomains?

Accepted Answer

Yes. Each subdomain has its own independent DNS records and can be monitored separately. You can monitor www.example.com, api.example.com, mail.example.com, and staging.example.com as individual monitors. This is important because subdomains often point to different services, CDNs, or third-party platforms that can change independently. A forgotten subdomain pointing to a decommissioned service is a common subdomain takeover vulnerability.

Question 8

What is DNS propagation and why does it matter for monitoring?

Accepted Answer

DNS propagation is the process of DNS changes spreading across the global network of recursive resolvers. When you update a DNS record, the change appears on your authoritative nameserver immediately but cached copies at ISP resolvers worldwide continue serving the old record until their TTL expires. This means different users see different DNS responses during propagation. PulseStack queries authoritative nameservers directly to detect changes at the source, regardless of propagation state.

Question 9

Does DNS monitoring work with Cloudflare, Route 53, and other DNS providers?

Accepted Answer

Yes. PulseStack monitors DNS records regardless of which DNS provider hosts your zone. Cloudflare, AWS Route 53, Google Cloud DNS, Azure DNS, DigitalOcean DNS, Namecheap, GoDaddy, and any standards-compliant nameserver are supported. PulseStack queries the authoritative nameservers listed in your domain's NS records, so it works with any provider without requiring API access or account credentials.

Question 10

Can I use the free DNS lookup tool without signing up?

Accepted Answer

Yes. The DNS lookup tool on this page is completely free with no account required. Enter any domain to see all A, AAAA, MX, NS, CNAME, TXT, and SOA records resolved via Google and Cloudflare DNS servers. For continuous monitoring with automated change detection and alerts, sign up for a free account with 50 monitors included.

Question 11

How does DNS monitoring differ from uptime monitoring?

Accepted Answer

Uptime monitoring checks whether your website or API responds to HTTP requests. DNS monitoring checks whether your domain's DNS records contain the correct values. You can have correct DNS records but a crashed web server, or a healthy web server but misconfigured DNS. Both failure modes produce the same symptom to users, but they require different diagnostic approaches. Running both DNS and HTTP monitoring gives you complete visibility into whether the problem is at the DNS layer or the application layer.

Question 12

What happens if my authoritative nameserver goes down?

Accepted Answer

If your authoritative nameservers become unreachable, DNS resolvers worldwide will continue serving cached records until their TTL expires. After that, resolution fails entirely and your domain becomes unreachable for all services including web, email, and API. PulseStack detects nameserver unavailability during its regular checks and alerts you before cached records expire. This gives you a window to restore the nameserver or switch to backup nameservers before users are affected.

Someone changed
your DNS records

Every record type, monitored

Look up any domain's DNS records

Protect your DNS in 30 seconds

DNS threats that monitoring catches

DNS Hijacking

Cache Poisoning

Subdomain Takeover

Email Interception

SPF/DKIM Stripping

Zone Transfer Leak

Your email lives in your DNS records

Email DNS records

Simple pricing. Start free.

Free

Pro

Enterprise

Related monitoring tools

Domain Expiry Monitoring

SSL Certificate Monitoring

HTTP Uptime Monitoring

API Health Monitoring

Port & TCP Monitoring

Cron Job Monitoring

Frequently asked questions

Would you know if someone
changed your DNS records?

Someone changedyour DNS records