We’re excited to announce that we’ve integrated DNS Check with Basecamp 3. This integration enables you to receive notifications in the Basecamp Campfire chat of your choice each time a DNS record transitions between passing and failing:

Integrating your DNS Check account with Basecamp 3 is simple, and only takes about a minute. See the DNS Check / Basecamp 3 integration Guide to get started.

Interested in trying out DNS Check’s DNS monitoring service, and our integration with Basecamp 3? Sign up for a free DNS Check account. Free accounts can monitor up to 10 DNS records and have no expiration date. You’re welcome to use your free account for as long as you like.

You can upgrade to a professional DNS Check account at any time to monitor additional DNS records, and enable advanced features, like the ability to query custom name servers, and monitor DNS load balancers.

We’ve added CNAME DNS load balancer monitoring to DNS Check.

DNS load balancers distribute load for performance and/or redundancy purposes.

You can also use DNS Check to monitor A record and AAAA record based load balancers:

Each load balancer check can be configured with up to ten IP addresses or CNAME records.

DNS load balancer monitoring is available for paid accounts only.

You can find more details on DNS load balancers, including information on how to monitor them on our Check DNS Load Balancer Records page.

We’ve added SPF resource record monitoring to DNS Check.

SPF records are used to control which IP addresses and services are authorized to send email for a domain name.

SPF records are unusual in that they can actually be published using either of the following resource record types:

• TXT resource records - these are general purpose DNS records that map a domain to a string of text. These have a number of uses including SPF, DKIM and DMARC authentication.
• SPF resource records - these are specialized DNS records that map a domain to a string of text for the purposes of SPF authentication

DNS Check has supported monitoring TXT resource records since June 2015, so technically, you could use our service to monitor SPF records that were published using TXT resource records before today. What we added in today was support for checking SPF resource records:

The historic recommendation was to publish SPF records using both the TXT and SPF resource record types. This has changed. RFC 7208 states that SPF records must be published as TXT resource records only.

We recommend following RFC 7208, and replacing your SPF resource records with TXT resource records. That said, you may have reasons for not making the switch immediately, so we support monitoring both resource record types.

You can find more information on SPF records, including information on how to monitor them on our Check DNS SPF Records page.

We’ve added support for monitoring Internationalized Domain Names (IDNs) using DNS Check.

The DNS protocol uses ASCII characters to represent domain names. That works fine for domains which only contain English alphabet characters, but leaves many other languages short-changed.

Internationalized Domain Names (IDN) address this shortcoming by encoding non-ASCII characters. Punycode is used to encode Unicode characters into ASCII representations. For example, domaiñ.com contains a non-ASCII ñ character, so Punycode translates it to xn--domai-sta.com.

Modern web browsers usually perform the Punycode translation for you behind the scenes. Similarly, DNS Check will automatically apply Punycode encoding for you as you add domains using non-ASCII characters. Of if you’ve also encoded your domains, you can enter them in that format.

After each international domain is entered into DNS Check, it’s displayed using Punycode encoding. We’re doing this to reduce ambiguity, since different Unicode characters can look very similar to one another, or even to plain ASCII characters.

We’ve added DNS load balancer monitoring to DNS Check.

DNS load balancers are used to distribute load for performance and/or redundancy purposes.

You can use DNS Check to monitor both A record and AAAA record based load balancers:

Each load balancer check can be configured with up to ten IP addresses.

DNS load balancer monitoring is available for paid accounts only.

You can find more details on DNS load balancers, including information on how to monitor them on our Check DNS Load Balancer Records page.

Paid DNS Check accounts have the ability to monitor custom name servers. Up to this point, each DNS record group has been limited to a single custom name server. This has meant that if you wanted to monitor multiple name servers, you would have to create a DNS record group for each.

Today we’ve increased the number of custom name servers that a DNS record group can have from 1 to 10.

What should a DNS monitoring service do when it’s configured to check multiple name servers, and provide a single pass/fail result? Here’s what we came up with:

1. When multiple custom name servers are specified, DNS Check will randomize the order, then query them one by one until it receives a result. If the first response contains the expected record, the check passes. If the first response contains an error, or a different record than what was expected, the check fails.

2. If a query receives no response within 5 seconds, then DNS Check will query the next name server in its randomized list. Note that we may adjust this timeout, or make it configurable in the future. 5 seconds is a long time to have to wait for a response to a DNS query.

   This means that if one of your name servers stops responding to queries entirely, DNS Check will move onto the next name server, and will not alert you about the issue unless it’s unable to communicate with any of your custom name servers.

   If you wish to be notified if any one of your name servers aren’t reachable, then you should continue to specify a single name server per DNS record group.

We’re excited to make this new functionality available, and are already thinking of ways to improve it. For example, we may make the 5 second query timeout mentioned above configurable, or add in an option to check all name servers, and report on issues encountered with any of them.

Feel free to send in a feature request if you have any suggestions for improvement.

DNS record lookups can fail for a number of reasons, the most common of which is due what’s called a “ServFail” error.

ServFail errors occur when there’s an error communicating with a DNS server. This could have a number of causes, including an error on the DNS server itself, or a temporary networking issue.

Fortunately, most domains use multiple authoritative DNS servers, so if there is a short-lived ServFail issue on one name server which doesn’t impact the others, DNS lookups should still work. That said, if a name server has chronic ServFail issues, we recommend investigating why. ServFail errors happen, but should be rare.

ServFail Errors and DNS Record Monitoring

Many of our customers use DNS Check to notify them via an email, page or chat bot when a monitored DNS record starts failing. Some of these customers want to be notified if there’s any kind of issue, but others would rather not be about ServFail issues, unless they persist.

Last year we introduced a feature for suppressing isolated ServFail notifications. This took the form of an account wide setting which when toggled on, suppressed notifications for ServFail errors unless two or more occurred in a row:

This feature was introduced to cut down on false positives. At the time, 57% of errors being reported were of the “ServFail” variety. The majority of these ServFail errors were resolved 5 minutes later, when the DNS record in question was next checked.

This feature had the desired impact. The number of ServFail related notifications plummeted, and for most users, the issue of ServFail related false positives disappeared.

Unfortunately, this didn’t completely resolve the situation for some customers who have DNS providers with… less than stellar uptime. I won’t call out specific DNS providers in this blog post, but there is a definite pattern in terms of which DNS providers have frequent ServFail errors.

Our Updated ServFail Notification Suppression Feature

To address this issue (on the DNS monitoring side, at least), we’ve replaced our old “Suppress first ServFail notification” setting with a new setting which allows you to suppress notifications for anywhere from 0 to 10 consecutive ServFail errors:

This setting has a default value of “1”, and can be adjusted from your Notification Settings page. I recommend keeping the default value in most situations, and adjusting it upward only as needed.

This setting does not have any impact on notifications for other types of lookup failures, such as the wrong value being returned for a DNS record. As long as you have notifications enabled, you’ll receive a notification the first time a non-ServFail error occurs.

We’ve added ALIAS record monitoring to DNS Check.

An ALIAS record maps one DNS record to another of the same type. For example, you might use an ALIAS record to make the widgets.com A record resolve to the same IP address as the www.widgets.com A record:

ALIAS records have some similar use cases to CNAME records, with a few important differences:

1. ALIAS records can be used for a domain’s APEX, or root. CNAME records cannot.

2. ALIAS records require a single DNS lookup. CNAME records might require multiple lookups.

3. ALIAS records apply to a single DNS record type. CNAME records apply to all record types.

4. ALIAS records are non-standard records that are only supported by some DNS providers, like Amazon Route 53 and DNSimple. Some other DNS providers, like DNS Made Easy and easyDNS offer similar functionality using what they refer to as ANAME records. CNAME records, by contrast are a standard DNS record type supported by most DNS providers.

You can find more details on ALIAS records, including information on how to monitor them on our Check DNS ALIAS Records page.

We hope you find the ability to check ALIAS and ANAME records useful. Please feel free to contact us if you have any questions.

If you haven’t tried DNS Check yet, please sign up for a free account. Free accounts can check and monitor up to 10 DNS records at a time. If you’d like to check more than 10 DNS records, then you can upgrade to a paid account at any time. We’d love to earn your business.

DNS is incredibly flexible. One of the things that it allows you to do is enable load balancing and/or redundancy by creating multiple DNS records with the same name and record type. For example, you could create two A records for your company’s domain name to perform round robin load balancing between two web servers. Another example is creating multiple MX records, so that failure of a single mail server doesn’t take incoming email offline.

Unfortunately, this capability increases the complexity of monitoring DNS records, even if you’re not intentionally using it. Having an extra, invalid DNS record could cause impaired performance, a service outage, or enable a man in the middle attack.

Today we’re proud to announce an improvement to DNS Check which simplifies monitoring for these types of DNS issues.

The “Exclusive” Option

Each DNS record that’s monitored by DNS Check has an “Exclusive” option which you can turn on and off:

When this option is turned on, DNS Check compares the full list of DNS records returned to the list of DNS records being monitored for the given record name / type combination. If the two sets of records match up exactly, the check passes. Otherwise, DNS Check will detect the error, and notify you about it.

This is an enhancement to DNS Check’s previous functionality. The “Exclusive” option was initially released in May 2015, but was limited verifying that only one DNS record existed for a given name / type combination. Today’s release removes the single record limitation. You can now specify that multiple “Exclusive” records should exist for the same name / type combination.

When the “Exclusive” option is turned off, DNS Check simply verifies that a DNS record exists with the value specified. It does not report any kind of error if additional records are returned.

We recommend turning the “Exclusive” option on whenever possible.

In April 2015 we launched DNS Check as a free service that allows you to monitor up to 10 DNS records for free, and get notified if any of them stop (or start) resolving to the values that you expect them to. This free service is now our “Basic” account type, and is still our most popular offering.

In May we added a paid tier which checks up to 100 DNS records at a time, and adds the ability to query custom name servers. This is known as our “Professional” account type.

Today we’re proud to announce that we’ve added a new “Enterprise” account type to DNS Check. Enterprise accounts monitor up to 1,000 DNS records.

Here’s a comparison of our three offerings:

You can view a more detailed comparison, and sign up for any of these account types on our pricing page.