Your Ultimate Guide to 10 Powerful DNS Monitoring Tools

Newsroom -

April 05, 2022

Domain Name System (DNS) plays a crucial, yet often unseen, role in the infrastructure of the internet. It translates the human-readable domain names we type into the numerical IP addresses computers understand, directing us effortlessly to our online destinations. But like any critical infrastructure, DNS servers are vulnerable to a range of threats, from performance hiccups that can slow down browsing to malicious attacks that can redirect users to fake websites or steal sensitive information.

Ensuring the health and performance of your DNS servers is therefore paramount. This is where DNS monitoring tools come in – your vigilant watchdogs in the digital network. They constantly check the availability of your DNS servers, response times, and security settings, alerting you to any issues before they impact your users or compromise your data.

However, with a plethora of options available, choosing the right DNS monitoring tool can be overwhelming. To help you navigate this landscape, we’ve compiled a comprehensive list of 10 popular tools, delving into their features, pros and cons, pricing models, and suitability for different user types. Get ready to dive deep into the world of DNS, understand the threats lurking in the shadows, and discover the perfect tool to keep your online experience smooth, secure, and worry-free.

What is DNS?

Computers connected to the Internet communicate among themselves using the Internet Protocol, or “IP”. Each one has an identifier known as an “IP address”, which is used by one machine (like a client) to establish a connection with another (a server). Just like every phone connected to the telephony network has a phone number associated with it.

The Domain Name System (DNS) acts as a “phone book” for the internet, converting human-readable domain names, like www.google.com, to machine-addressable IP addresses, like 142.251.132.4, in a process named “DNS resolution”.

Users have no insight into that resolution process, which takes place in the background. For example, when a hostname is entered into a browser’s search bar, the browser sends to the DNS server a request for the IP address associated with the domain, a process that ideally takes a fraction of a second. Knowing the IP address, the browser can then establish a connection to the server and start loading the webpage.

The DNS system is organized as a hierarchically distributed database. Each domain has at least one authoritative DNS server associated with it, that publishes information about the domain and associated subdomains. These servers answer to other servers higher in the hierarchy, (like a DNS server responsible for all domains in a country), which in turn answer to higher levels, and ultimately to a root server with information about all domains on the internet.

As you can imagine, the DNS system is a critical part of internet infrastructure. A failure in DNS resolution may make your websites and servers practically inaccessible, leading to service interruptions and even financial loss. Thus, there is a need for tools that can monitor the status and health of your DNS servers.

What is DNS Monitoring, and How Does it Work?

During the DNS monitoring process, automated queries are sent to a desired DNS server and the results are validated for a specific domain name. One of the most common methods is to query the DNS server with a URL and verify the IP address returned in the A record or AAAA record. The appropriate response to these queries is the correct IP address, which corresponds to the URL being used. If the correct IP address is received, no further action is required, and monitoring continues.

However, if a different IP address is returned, the monitoring tool starts a so-called DNS incident and starts notifying. A DNS incident is a period when a Domain Name System is unavailable or returns incorrect records. However, it can also mean that the request sent by the monitoring tool does not receive a response within a defined period, a situation known as a timeout.

What Threats Are DNS Servers Exposed To?

The DNS system is fairly robust, but it was originally designed for reliable operation, not with security in mind. Even after security extensions and protocol revisions were made, there are still many different ways to attack DNS servers.

Many of these attacks are very complex and take advantage of the communication between the clients and the servers. Another common attack technique is to log in to a DNS provider’s website with stolen credentials and redirect DNS records. Typical types of DNS attacks include:

  • Zero-Day-Exploits: Attackers target previously unknown vulnerabilities in the DNS protocol or the DNS software used.
  • Cache Poisoning: In this case, attackers manipulate the DNS system by replacing an IP address in the server’s cache with another address. This allows attackers to redirect web surfers to fake websites, collect data, or perform other types of attacks. It is also known as DNS poisoning.
  • DNS Amplification: The attackers flood a server with more requests than it can handle. Since too many requests cannot be responded to, they are forwarded to other servers. Attackers can use this method to spread their attacks far and wide or to amplify them.
  • DoS (Denial of Service) and DDoS (Distributed Denial of Service): In these attacks, bots are used to send more IP traffic to a DNS server than it can handle in its data buffers. The victim can then no longer respond to legitimate requests, and effectively becomes “offline”.


The difference between DoS and DDoS is that DDoS attacks are distributed, with traffic originating from botnets with bots spread across the globe. This makes it more difficult to stop the flood of requests (since admins cannot simply block traffic from a specific source IP address or range), and the attack becomes much more effective.

Why Should You Invest in DNS Monitoring?

There are many reasons to invest in DNS monitoring. Here are five of them, in no particular order.

  1. Performance optimization: continuous monitoring can help you pinpoint issues and identify opportunities for optimization that will improve the performance of your DNS infrastructure, sometimes without the need for hardware upgrades.
  1. Security: monitoring allows you to spot early signs of uncommon behavior or usage patterns indicative of an intrusion attempt or ongoing attack. This will give you time to react and deploy countermeasures before a data breach occurs.
  1. Resource allocation: find out where resources are being underutilized or overutilized, allowing you to redistribute them according to real needs to ensure the most effective usage of your systems.
  1. Proactive maintenance: monitoring allows you to detect and fix potential issues before they become critical and result in outages that may affect the performance of your applications or even the profitability of your business.
  1. Regulatory compliance: businesses that handle sensitive information, like financial or healthcare data, need to meet strict regulatory standards that specify how this information is stored and handled. Monitoring will allow you to prove compliance with these standards and secure approvals that may be crucial to keeping your business running.

What to Look for When Choosing DNS Monitoring Tools?

Broadly speaking, there are 5 main features you need to look out for when choosing DNS Monitoring tools. Keep in mind that this may vary according to your specific needs.

  • The capability to monitor many aspects of your DNS infrastructure at once.
  • A centralized display of information from many sensors for better observability.
  • Customizable alerts and automated notifications when alerts are triggered.
  • Native and automated reporting features, so you can keep co-workers and management “in the loop”.
  • A free trial period, so you can attest to how the tool works with your network infrastructure.

How to do DNS Monitoring?

There are many DNS monitoring tools, from as many different vendors, which may focus solely on a single aspect of the task or offer this capability as a subset of a broader range of features. We present a few of them below, in no particular order.

What are the best DNS monitoring tools?

Paessler-PRTG, Solarwinds, Nagios, DotCom, ManageEngine, UpTrends, DNSCheck, 24×7, DNSSPY, UpTrend

When it comes to monitoring, there are a few components to keep track of. This is where effective DNS server monitoring software comes into play. These tools provide detailed insights that are usually not possible and protect DNS servers from attacks and inform when performance is poor. Here is an overview of the best DNS monitoring tools available:

Paessler PRTG

Paessler PRTG is one of the best and most popular network monitoring tools and can also be used as a powerful DNS monitor. It specializes in DNS server availability and performance and provides information in an intuitive and attractive way. The dashboards are clean and clear, and the graphs, scales and charts are colorful and easy to read, making data interpretation faster and more accurate.

The DNS v2 sensor on PRTG
The DNS v2 sensor on PRTG

PRTG includes DNS sensors, and DNS monitoring is an automated process that runs behind the scenes, checking the availability and performance of DNS servers. It not only monitors your DNS servers in real-time, but also records all measurement data. This gives you the possibility to always retrieve detailed statistics about your DNS servers.

Monitoring data is presented intuitively and attractively, with clean and concise dashboards. Graphs, scales, and charts are colorful and easy to read, making data interpretation faster and more accurate.

PRTG Network Monitor runs on Windows (Server 2012, 2012 R2, 2016, 2019, 2022, Windows 10 or 11) and is available either with perpetual licenses (starting at US$ 1.899) or subscription licenses (starting at US$ 159 monthly), a flexible and affordable pricing scheme when compared with other tools. A 30-day free trial is available. There is also a free version for personal use that lets you monitor up to 100 sensors at no charge.

ManageEngine Applications Manager

ManageEngine Applications Manager offers comprehensive DNS monitoring with real-time alerts to make sure your DNS server performance is always maximum and no issues that can impact the performance of your business applications go unnoticed.

It helps to make sure critical services are up and running at all times, ensure constant connectivity of websites and servers, and quickly identify DNS issues. With detailed monitoring, intelligent alerts, and reports helping you analyze performance trends, Applications Manager could be a good solution for anyone looking for a DNS monitoring tool.

Graph charting the response time of a DNS server on ManageEngine Applications Manager.
Graph charting the response time of a DNS server on ManageEngine Applications Manager.

This tool is also available as a mobile app for iOS and Android, with features such as an overview of all monitors, groups, and subgroups with availability and health status, notifications for critical and warning alarms and push notifications for health and availability alerts. There is also a mobile web client, suitable for any smartphone with a modern web browser.

ManageEngine Applications Manager is SaaS (Software as a Service), with pricing available by quote. It runs on Windows Server 2012 R2, 2016, 2019, 2022, Windows 10 or Windows 11, and also on Linux distributions like CentOS, Debian, Fedora, openSUSE, Oracle Linux, Red Hat Enterprise Linux (7 and 8), SUSE Linux Enterprise and Ubuntu. There is a 30-day free trial available.

SolarWinds Server & Application Monitor

The SolarWinds® Server & Application Monitor (SAM) is a complete infrastructure monitoring package that can help you monitor DNS server performance and help head off issues that could affect end-user experience.

SAM can be used as a DNS user experience monitor to help Admins check DNS server ability and ensure the server responds to a record query within an acceptable threshold.

It is designed to compare query response times against a list of IP addresses to help ensure your DNS servers are performing at an acceptable baseline. SAM is also built to support DNS server management for different types of servers.

DNS Monitoring on SolarWinds Server & Application Monitor
DNS Monitoring on SolarWinds Server & Application Monitor

Data is presented in an integrated, “single-pane-of-glass” dashboard, providing insights into “systems, applications, and infrastructure performance, regardless of where they reside”. This information can be visualized and correlated across the environment, with dynamic baselining to define what is normal operation and what should trigger an alert.

SolarWinds Server and Application Monitor is offered on a flexible licensing model, with subscription or perpetual licensing, starting at US$ 1,1813. System requirements for a locally hosted server include Microsoft Windows Server 2012, 2012 R2, 2016, 2019, or 2022 and Microsoft SQL Server 2016 or greater. A free, fully functional 30-day trial is available.

Nagios XI

Nagios XI is a complete IT infrastructure monitoring tool that can monitor your DNS servers and much more, including applications, services, operating systems, and network protocols. Its web-based interface is configurable and easy to use, providing at-a-glance access to monitoring information.

DNS monitoring is part of Nagios XI and Nagios Core tools, both renowned monitoring tools used by many users and organizations. Nagios allows you to monitor DNS servers, protocols, and queries; achieve increased availability of servers, services, and applications; quickly detect network failures and protocol errors; and quickly detect attacks and threats such as DNS hijacking and spoofing.

The monitoring dashboard on Nagios XI
The monitoring dashboard on Nagios XI

The Nagios monitoring solution can be extended with third-party components listed in the Nagios Exchange repository, such as wizards and plugins. The tool was created with fast-paced environments in mind, meaning any DNS issues in your network should be detected within seconds or minutes.

Nagios XI is available in two editions, “Standard” and “Enterprise”, starting at US$ 2.495. There is also a free plan for small-scale monitoring (7 Nodes or 100 Services – whichever is reached first), and a fully functional 30-day free trial. The Open Source Nagios Core edition is free to use.

Nagios only runs natively under Linux, more specifically distributions like CentOS, Red Hat Enterprise Linux (RHEL), Ubuntu, or Debian. However, it can be run on Windows servers using virtualization solutions like VMWare, Virtual Box, or Hyper-V.

DNS Spy

DNS Spy is a powerful DNS monitoring tool that can monitor your domains for DNS changes and alert you as soon as a record has changed while keeping a detailed history of each DNS record change.

It can also notify you of invalid or RFC-violating DNS configurations that may cause malfunctions, and rate your configs. One unique feature is the ability to back up your records: it allows for Bind, PowerDNS, and CSV exports for each monitored domain, straight from the monitoring dashboard. This allows you to restore your DNS records to another DNS provider, in case of unavailability of your current one.

Monitoring records on DNSSpy
Monitoring records on DNSSpy

According to the developer, the auto-detect feature on DNS Spy “can find almost any DNS record and will automatically start monitoring it for changes”. It can also resolve CNAME records and alert when they change, and monitor DNS migrations, with “100% coverage with zone transfers”. 

DNS Spy is SaaS available in three plans (Light, Standard, and Premium), with prices starting at 4,99€ (around US$ 5,50) monthly. The website features an offer for a free trial, but the duration is not specified.

Dotcom-Monitor

Dotcom-Monitor provides a simple DNS monitoring tool. It evaluates the request times, responds with a DNS trace, and sends a warning if there are problems. If any issues are detected with resolving DNS names, an instant DNS trace is taken that shows the full path of propagation, as well as an instant alert, showing the type of issue and extent of the error. Performance reports are generated showing resolution speeds.

Monitoring is done with a global network of locations, helping you analyze performance and resolution from all geographic regions, which is crucial when diagnosing localized issues. It can monitor all important metrics, such as response time, query success rate, and resolution accuracy, and also provide detailed insights into the health of the DNS propagation chain.

Simulated DNS alert on dotcom-monitor
Simulated DNS alert on dotcom-monitor

One of the advantages of this monitoring tool is that it supports a variety of records, ranging from AAAA to NS, CNAME, TXT, SPF, and many others. This helps quite a bit with troubleshooting, as you gather much more information than you otherwise would.

Dotcom-Monitor is SaaS available in three plans (Basic, Standard, and Advanced), with monthly or annual billing, starting at US$ 29,99. A 30-day free trial is available.

UpTrends

UpTrends is a free DNS lookup tool for monitoring DNS health 24/7 and offers generous functionalities. UpTrends lets you monitor all the important DNS records, including A, AAAA, SOA, TXT and MX. Additionally, root servers can be monitored so that you know when DNS has been interfered with. This allows DNS poisoning to be stopped before it affects server health and performance. UpTrends also tracks SOA serial numbers to ensure that no changes have gone unnoticed.

Chart showing DNS resolution errors on UpTrends
Chart showing DNS resolution errors on UpTrends

Furthermore, DNS servers can be checked worldwide. A regional problem can spread to the rest of the DNS network, and UpTrends is good at detecting and resolving these problems before they spread.

DNS Check

DNS Check is a simple tool. It monitors any differences or search errors for name servers and DNS records. However, it is by no means a comprehensive tool. If one values alerting and event response utilities, DNS Check must be combined with other products. However, it is a tool that should be considered for monitoring DNS.

DNS Check can automatically set up scans to identify incorrect IP addresses, missing DNS records, duplicate DNS records, remote IP addresses, unresponsive name servers, out-of-sync name servers, and more.

A report generated by DNS Check
A report generated by DNS Check

One advantage of DNS Check is that you can choose whether to import the entire zone or individual records to be monitored. It is also a great tool for collaboration since links can be shared that show which records have been properly published and which have not.

DNS Check is SaaS available in two plans, Professional or Enterprise, with prices starting at US$ 8 per month. There is also a free plan, which allows you to monitor up to 10 DNS records free of charge.

ManageEngine Site24x7

Site24x7 offers a multi-tool for DNS monitoring that alerts operators as soon as an error or misconfiguration occurs. It can check websites from over 120 locations around the globe. The tool not only checks whether a website is visible, but also investigates the reason for the outage, if there is one.

Site24x7 performs continuous DNS checks and issues an alert whenever a DNS error occurs that prevents the end user from reaching a website. The alert system ensures that there is no need to constantly look at a dashboard to find problems. Instead, technicians can perform other tasks and take care of the DNS only after the problems have occurred.

Downtime report on Site24x7
Downtime report on Site24x7

It can also help you manage the SLAs of DNS Hosting Providers, and generate detailed reports outlining performance, availability, health trends, busy hours, and response time of your servers, alongside root cause analysis that allows you to pinpoint the cause of downtime. In case of unavailability, your team can be notified via voice calls, SMS, Instant Messages, RSS feeds, and push notifications from Android and iOS apps.

ManageEngine Site 24×7 is SaaS available in three plans (Basic, Pro, and Enterprise), with prices starting at US$ 35 monthly. There is a free 30-day trial available.

Download the Full Version for 30 days

UpTrends

UpTrends offers a tool for monitoring DNS health 24/7 and offers generous functionalities. With real-time alerts, it lets you monitor all the important DNS records, including A, AAAA, SOA, TXT, and MX.

Additionally, root servers can be monitored so that you know when DNS has been interfered with. This allows DNS poisoning to be stopped before it affects server health and performance. UpTrends also tracks SOA serial numbers to ensure that no changes have gone unnoticed.

Chart showing DNS resolution errors on UpTrends
Chart showing DNS resolution errors on UpTrends

Furthermore, DNS servers can be checked worldwide, from a network composed of more than 200 locations. A regional problem can spread to the rest of the DNS network, and UpTrends is good at detecting and resolving these problems before they spread. In case of problems, alerts can be automatically escalated based on your team’s duty schedules and the error duration.

Uptrends is SaaS and available in 2 pricing plans: Basic, for organizations with less than 5 websites, applications, and APIs, and Enterprise, for those with more than that. Pricing starts at US$ 100, and there is a full-featured, 30-day free trial available.

ThousandEyes

ThousandEyes, by Cisco, allows you to monitor the availability, resolution speed, and record mappings of your DNS servers, be they on-premises, hosted, or third-party. It is also able to trace the entire DNS hierarchy for a record, from top-level domain servers to the authoritative server, and understand if DNS infrastructure outside of your control is causing an outage or performance degradation.

The Monitoring Dashboard on ThousandEyes
The Monitoring Dashboard on ThousandEyes

It features auto-discovery, routing, path tracing, and availability metrics, allowing you to understand the connectivity to authoritative servers. You will be able to measure the responsiveness and record accuracy of your local DNS resolvers, customize, configure, and export alerts on DNS availability, record mappings, and DNSSEC, detect DNS cache poisoning by alerting on record mappings, and verify the DNSSEC keychain from the bottom up.

Pricing for ThousandEyes is only available by quote. There is a 15-day free trial available.

How does DNS work?

The “resolving process” refers to the conversion of domain names to IP addresses. Users have no insight into that resolution process, which takes place in the background. When the hostname is entered into a browser’s search bar, there is a moment – typically less than a second – when the request is resolved. Although this procedure takes only a few microseconds, there are four different types of DNS servers involved:

  • the DNS-Recursor (also known as recursive DNS server)
  • the root name server
  • the TLD (Top Level Domain) name server
  • the authoritative name server

Each of them has a different purpose, and they work together to provide access to users to the content they request.

What threats are DNS servers exposed to?

In a DNS attack, an attacker exploits vulnerabilities in the DNS. Even though the DNS system is fairly robust, it was designed primarily for steady operation, not for the highest level of security. That is why there are many different ways to attack the DNS system today. A lot of these attacks are very complex and take advantage of the communication between the clients and the servers. Another attack technique is to log in to a DNS provider’s website with stolen credentials and redirect DNS records. Typical types of DNS attacks:

  • Zero-Day-Exploit: Attackers are targeting previously unknown vulnerabilities in the DNS protocol or in the DNS software used.
  • Cache Poisoning: In this case, attackers manipulate the DNS system by replacing an IP address in the server’s cache with another address. This allows attackers to redirect web surfers to fake websites, collect data, or perform other types of attacks. It is also known as DNS poisoning.
  • Denial of Service (DoS): a bot sends out more traffic to a specific IP address than it can handle in its data buffers. The destination can then no longer respond to legitimate requests.
  • Distributed Denial of Service (DDoS): Compared to DoS, an attacker here uses a botnet to send a large number of requests to a target address in a short period of time.
  • DNS Amplification: Since too many server requests cannot be responded to, they are forwarded to other servers. Attackers can use this method to spread their attacks far and wide or to amplify them.

What is DNS monitoring and how does it work?

During a DNS monitoring process, automated queries are sent to a desired DNS server and the results are validated for a specific domain name. One of the most common methods is to query the DNS server with a URL and verify the IP address returned in the A record or AAAA record. The appropriate response to these queries is the correct IP address, which corresponds to the URL being used. If the correct IP address is received, no further action is required, and monitoring continues. However, if a different IP address is returned, the monitoring tool starts a so-called DNS incident and starts notifying. A DNS incident is a period when a Domain Name System is unavailable or returns incorrect records. However, it can also mean that the request sent by the monitoring tool does not receive a response within a defined period of time.

Why using monitoring DNS monitoring is important?

To ensure the accessibility of your own website, monitoring the DNS record is very important. If there are DNS problems – of whatever kind – customers can no longer reach the online store, for example, which can quickly have a financial impact on a company. Monitoring DNS increases both the reliability and security of this service and is very powerful in detecting some common hacking attacks such as a DDoS attack or DNS poisoning.

The advantages are obvious:

  • DNS monitoring can run 24/7. It is fully automated and requires little to no maintenance once set up, while still providing the same valuable information.
  • DNS monitoring can be set up in a very short time, while availability information is provided from the beginning.
  • DNS monitoring enables testing of different endpoints around the globe. This enables differentiation of regional faults from incidents that affect all users.