Types of DNS Advanced Alerts

  • 2 minute(s) read
Prev Next

Overview

The DNS Alert type provides you the ability to define content-matching alert triggers based on DNS Records.

The types of DNS alerts are as follows:

  1. DNS GENERAL
  2. DNS ANSWERS
  3. DNS ADDITIONAL
  4. DNS AUTHORITATIVE

dns_1.png

DNS General:

The General alert allows alerting on any information that is/is not returned in any section: Answer, Authority, or Additional Records. The type of record/info that the alert is matching to is defined in the alert trigger.

General Alerts can also be based on:

  • what level the information is returned at.
  • whether returned with a specific name.
  • whether returned with a specific TTL.

DNS Answers:

The Answer alert allows alerting on any information that is/is not returned in the Answer section. The type of record/info that the alert is matching to is defined in the alert trigger.

Answer Alerts can also be based on:

  • what level the info is returned at.
  • whether returned with a specific name.
  • whether returned with a specific TTL.

DNS Additional Records:

The Additional Records alert allows alerting on any information that is/is not returned in only the Additional Records. The type of record/info that the alert is matching to is defined in the alert trigger.

Additional Records alerts can also be based on:

  • what level the info is returned at.
  • whether returned with a specific name.
  • whether returned with a specific TTL.

DNS Authoritative:

The Authoritative Alert allows alerting on whether specific NS servers are/are not returned in only the Authoritative section.

The Authoritative alert can also be based on:

  • what level the info is returned at.
  • whether returned with a specific name.
  • whether returned with a specific TTL.
  • It supports only NS (Authoritative name server)

An example of the DNS Waterfall and its Mapping is shown below.

kb_dns.png

Alert Triggers

Any/Level/Address/TLD: this allows us to specify where in the DNS resolution the match should occur.
level.png

  • Any - look at any level
  • Index - look at a specific level
  • IP Address – look at the results from a specific address (input accepts domain or IP)
  • Last – look at the last level
    Any | Name: This allows us to specify whether a specific record (defined below) should be returned with a specific domain name.

Any | All: This allows us to specify whether any or all records should match/not match the input.

Equals | Doesn’t Equal: This allows us to specify whether records should match/not match the input.

TTL: This allows us to specify whether a record or name needs to have a specific TTL. Is an integer input.** **

Enforce Test Failure

If enabled, the run will be marked as a failure if the alert is triggered.