We’ve added support for monitoring Internationalized Domain Names (IDNs) using DNS Check.
The DNS protocol uses ASCII characters to represent domain names. That works fine for domains which only contain English alphabet characters, but leaves many other languages short-changed.
Internationalized Domain Names (IDN) address this shortcoming by encoding non-ASCII characters. Punycode is used to encode Unicode characters into ASCII representations. For example,
domaiñ.com contains a non-ASCII
ñ character, so Punycode translates it to
Modern web browsers usually perform the Punycode translation for you behind the scenes. Similarly, DNS Check will automatically apply Punycode encoding for you as you add domains using non-ASCII characters. Of if you’ve also encoded your domains, you can enter them in that format.
After each international domain is entered into DNS Check, it’s displayed using Punycode encoding. We’re doing this to reduce ambiguity, since different Unicode characters can look very similar to one another, or even to plain ASCII characters.
We’ve added DNS load balancer monitoring to DNS Check.
DNS load balancers are used to distribute load for performance and/or redundancy purposes.
You can use DNS Check to monitor both A record and AAAA record based load balancers:
Each load balancer check can be configured with up to ten IP addresses.
DNS load balancer monitoring is available for paid accounts only.
You can find more details on DNS load balancers, including information on how to monitor them on our Check DNS Load Balancer Records page.
Paid DNS Check accounts have the ability to monitor custom name servers. Up to this point, each DNS record group has been limited to a single custom name server. This has meant that if you wanted to monitor multiple name servers, you would have to create a DNS record group for each.
Today we’ve increased the number of custom name servers that a DNS record group can have from 1 to 10.
What should a DNS monitoring service do when it’s configured to check multiple name servers, and provide a single pass/fail result? Here’s what we came up with:
When multiple custom name servers are specified, DNS Check will randomize the order, then query them one by one until it receives a result. If the first response contains the expected record, the check passes. If the first response contains an error, or a different record than what was expected, the check fails.
If a query receives no response within 5 seconds, then DNS Check will query the next name server in its randomized list. Note that we may adjust this timeout, or make it configurable in the future. 5 seconds is a long time to have to wait for a response to a DNS query.
This means that if one of your name servers stops responding to queries entirely, DNS Check will move onto the next name server, and will not alert you about the issue unless it’s unable to communicate with any of your custom name servers.
If you wish to be notified if any one of your name servers aren’t reachable, then you should continue to specify a single name server per DNS record group.
We’re excited to make this new functionality available, and are already thinking of ways to improve it. For example, we may make the 5 second query timeout mentioned above configurable, or add in an option to check all name servers, and report on issues encountered with any of them.
Feel free to send in a feature request if you have any suggestions for improvement.
DNS record lookups can fail for a number of reasons, the most common of which is due what’s called a “ServFail” error.
ServFail errors occur when there’s an error communicating with a DNS server. This could have a number of causes, including an error on the DNS server itself, or a temporary networking issue.
Fortunately, most domains use multiple authoritative DNS servers, so if there is a short-lived ServFail issue on one name server which doesn’t impact the others, DNS lookups should still work. That said, if a name server has chronic ServFail issues, we recommend investigating why. ServFail errors happen, but should be rare.
ServFail Errors and DNS Record Monitoring
Many of our customers use DNS Check to notify them via an email, page or chat bot when a monitored DNS record starts failing. Some of these customers want to be notified if there’s any kind of issue, but others would rather not be about ServFail issues, unless they persist.
Last year we introduced a feature for suppressing isolated ServFail notifications. This took the form of an account wide setting which when toggled on, suppressed notifications for ServFail errors unless two or more occurred in a row:
This feature was introduced to cut down on false positives. At the time, 57% of errors being reported were of the “ServFail” variety. The majority of these ServFail errors were resolved 5 minutes later, when the DNS record in question was next checked.
This feature had the desired impact. The number of ServFail related notifications plummeted, and for most users, the issue of ServFail related false positives disappeared.
Unfortunately, this didn’t completely resolve the situation for some customers who have DNS providers with… less than stellar uptime. I won’t call out specific DNS providers in this blog post, but there is a definite pattern in terms of which DNS providers have frequent ServFail errors.
Our Updated ServFail Notification Suppression Feature
To address this issue (on the DNS monitoring side, at least), we’ve replaced our old “Suppress first ServFail notification” setting with a new setting which allows you to suppress notifications for anywhere from 0 to 10 consecutive ServFail errors:
This setting has a default value of “1”, and can be adjusted from your Notification Settings page. I recommend keeping the default value in most situations, and adjusting it upward only as needed.
This setting does not have any impact on notifications for other types of lookup failures, such as the wrong value being returned for a DNS record. As long as you have notifications enabled, you’ll receive a notification the first time a non-ServFail error occurs.
We’ve added ALIAS record monitoring to DNS Check.
An ALIAS record maps one DNS record to another of the same type. For example, you might use an ALIAS record to make the widgets.com A record resolve to the same IP address as the www.widgets.com A record:
ALIAS records have some similar use cases to CNAME records, with a few important differences:
ALIAS records can be used for a domain’s APEX, or root. CNAME records cannot.
ALIAS records require a single DNS lookup. CNAME records might require multiple lookups.
ALIAS records apply to a single DNS record type. CNAME records apply to all record types.
ALIAS records are non-standard records that are only supported by some DNS providers, like Amazon Route 53 and DNSimple. Some other DNS providers, like DNS Made Easy and easyDNS offer similar functionality using what they refer to as ANAME records. CNAME records, by contrast are a standard DNS record type supported by most DNS providers.
You can find more details on ALIAS records, including information on how to monitor them on our Check DNS ALIAS Records page.
We hope you find the ability to check ALIAS and ANAME records useful. Please feel free to contact us if you have any questions.
If you haven’t tried DNS Check yet, please sign up for a free account. Free accounts can check and monitor up to 10 DNS records at a time. If you’d like to check more than 10 DNS records, then you can upgrade to a paid account at any time. We’d love to earn your business.
DNS is incredibly flexible. One of the things that it allows you to do is enable load balancing and/or redundancy by creating multiple DNS records with the same name and record type. For example, you could create two A records for your company’s domain name to perform round robin load balancing between two web servers. Another example is creating multiple MX records, so that failure of a single mail server doesn’t take incoming email offline.
Unfortunately, this capability increases the complexity of monitoring DNS records, even if you’re not intentionally using it. Having an extra, invalid DNS record could cause impaired performance, a service outage, or enable a man in the middle attack.
Today we’re proud to announce an improvement to DNS Check which simplifies monitoring for these types of DNS issues.
The “Exclusive” Option
Each DNS record that’s monitored by DNS Check has an “Exclusive” option which you can turn on and off:
When this option is turned on, DNS Check compares the full list of DNS records returned to the list of DNS records being monitored for the given record name / type combination. If the two sets of records match up exactly, the check passes. Otherwise, DNS Check will detect the error, and notify you about it.
This is an enhancement to DNS Check’s previous functionality. The “Exclusive” option was initially released in May 2015, but was limited verifying that only one DNS record existed for a given name / type combination. Today’s release removes the single record limitation. You can now specify that multiple “Exclusive” records should exist for the same name / type combination.
When the “Exclusive” option is turned off, DNS Check simply verifies that a DNS record exists with the value specified. It does not report any kind of error if additional records are returned.
We recommend turning the “Exclusive” option on whenever possible.
In April 2015 we launched DNS Check as a free service that allows you to monitor up to 10 DNS records for free, and get notified if any of them stop (or start) resolving to the values that you expect them to. This free service is now our “Basic” account type, and is still our most popular offering.
In May we added a paid tier which checks up to 100 DNS records at a time, and adds the ability to query custom name servers. This is known as our “Professional” account type.
Today we’re proud to announce that we’ve added a new “Enterprise” account type to DNS Check. Enterprise accounts monitor up to 1,000 DNS records.
Here’s a comparison of our three offerings:
|Package||DNS record checks||Query custom name servers|
You can view a more detailed comparison, and sign up for any of these account types on our pricing page.
It’s time to expand DNS Check’s footprint, this time to Europe.
We just added a new name server hosted by Amazon Web Services in Ireland. The server’s hostname is ireland1.dnscheck.co, and its IPv4 address is 18.104.22.168. No IPv6 address is assigned yet, although we plan to add one in.
This new name server joins our existing IPv4 and IPv6 capable name servers in New York and San Francisco.
DNS Check customers can query our new ireland1.dnscheck.co name server for more direct testing of European hosted DNS services.
Customers who use DNS Check’s default name servers will start to see a portion of their queries come from ireland1.dnscheck.co automatically.
Professional customers who would like to query ireland1.dnscheck.co directly can do so by entering ireland1.dnscheck.co in a DNS record group’s Name server field.
We’ve made a number of updates to DNS Check’s user interface to improve usability over the past couple weeks. Some of the more noteworthy updates are:
Added a search bar to the top of each DNS record type section. This allows you to search your monitored DNS records by name or value.
DNS records are now sortable by their pass/fail status, name, and value.
Added a mass delete feature. Previously, DNS records could be deleted individually, or an entire DNS record group could be deleted. Now you can also select multiple DNS records to delete at a time.
Cut the number of steps required to create a DNS record group, and import monitored records into it.
Improved usability on mobile devises.
Speed up DNS zone file imports.
We also made a number of smaller updates which we hope you’ll like.
Check out our example DNS Check to see some of these updates in use.
We’d love to have your feedback. Please contact us, or leave a comment below if you have any suggestions for improvement.
DNS Check API
The DNS Check API is REST API which enables checking on the status of monitored DNS records, and record groups.
An example use case of the API is to augment monitoring systems that have limited DNS record checking capabilities. Many monitoring services support checking A and AAAA records, but lack support for checking other DNS record types, such as MX and SPF records.
We’ve written two integration guides which provide examples of how the DNS Check API can be used to fill this monitoring gap:
The DNS Check API is available to both free and paid accounts.
DNS Check Integrations Directory
We’re also releasing the DNS Check Integrations Directory. This is a directory of third party services that integrate with DNS Check. Integrations currently fall into two categories:
Integrations where DNS Check pushes information as DNS record change state between passing and failing. Examples include Slack and PagerDuty.
Integrations where a third party periodically polls DNS Check for information using DNS Check’s API. Examples include Nagios and Pingdom.
We plan to expand the number of available integration options.
Please contact us if you’re interested in integrating with DNS Check, and having your app listed in the integrations directory.
Subscribe via RSS