What is Domain Name Monitoring?

Domain name monitoring is the process of constantly tracking changes made to the world’s Domain Name System (DNS) to spot signs of malicious activity. Organizations can use the tactic on the domain names they own to determine if threat actors could be attempting to compromise their network. They can also employ the technique on clients’ domain names to perform the same checks.

You can liken domain name monitoring to tracking anomalous activity related to your physical properties. Regularly checking security camera videos to see if anyone has attempted to enter your home while you were away on vacation, for instance, could fall under such a check.

Other interesting terms…

• What is DNS Latency?
• What is Passive DNS?

Read More about “Domain Name Monitoring”

Domain name monitoring is one of the many ways companies protect their Internet properties. And much like your real properties, like the land your house is built on or your home itself, several records prove that you own specific web properties, including your organization’s domain names.

What Records Can You Use to Perform Domain Name Monitoring?

Here’s a list of records that you can check to conduct domain name monitoring:

• WHOIS records: Show who owns a domain name and relevant contact details. Keeping an eye on your web properties means constantly ensuring your domain name registration is up-to-date. Failing to renew them before they expire could make it easy for malicious actors to take control of them. You not only stand to lose your website’s home but also damage your reputation if the new owners use it to instigate phishing and other cybercriminal campaigns.

• DNS records: These include address (A), AAAA, ALIAS, canonical name (CNAME), mail exchanger (MX), nameserver (NS), pointer (PTR), Start of Authority (SOA), location of service (SRV), and descriptive text (TXT) records. Every active website has to have some of them to work. For instance, your site won’t resolve to an IP address and be accessible without an A or AAAA record. An email domain without an MX record won’t know which server to contact to direct messages meant for your company to. Ensuring that your DNS records are updated and pointing to the correct locations is one way to avoid DNS hijacking or domain spoofing.

What Are the Benefits of Domain Name Monitoring?

Domain name monitoring brings several benefits, including:

• Brand protection: It’s pretty easy to purchase and register a look-alike of any well-known company’s domain to host a fake website. In fact, that’s the primary modus operandi of cybersquatters, as shown by a campaign targeting Microsoft and its brands in June 2020. Constantly monitoring your WHOIS and DNS records to spot unauthorized changes can help keep your good name safe from potential copyright violators, trademark infringers, and typosquatters.

• Anti-domain name spoofing measure: A common form of phishing that happens when attackers mimic a company’s legitimate domain to impersonate it or one of its employees. They can register look-alike domains to send fake emails enticing the recipients to click a link to a fake login page. Once tricked into inputting their username-and-password combinations, these get logged or collected for later use in financially motivated theft or fraud campaigns. Regular checks for domains containing your company or brand name and copyrighted or trademarked terms can prevent domain spoofing.

• Anti-domain hijacking technique: Act of making unauthorized changes to the DNS records of a domain name to take control of it. Attackers can, for instance, modify your domain’s A record to replace your IP address with theirs. That would allow them to intercept communications, leading to financial, reputational, and regulatory damages. Domain name monitoring through constant checks of DNS records, especially dangling or forgotten ones (belong to domains that are no longer used yet their records still exist), can help you avoid becoming a domain hijacking victim.

—

Domain name monitoring is, as you’ve seen, critical for organizations that want to avoid costly mistakes due to phishing and other cybercrime, maintain a good reputation, and comply with regulations.