Documentation Index

Fetch the complete documentation index at: https://docs.catchpoint.com/llms.txt

Use this file to discover all available pages before exploring further.

Types of DNS Advanced Alerts

Prev Next

Overview

The DNS Alert type provides you the ability to define content-matching alert triggers based on DNS Records.

The types of DNS alerts are as follows:

  1. DNS GENERAL
  2. DNS ANSWERS
  3. DNS ADDITIONAL
  4. DNS AUTHORITATIVE

dns_1.png

DNS General:

The General alert allows alerting on any information that is/is not returned in any section: Answer, Authority, or Additional Records. The type of record/info that the alert is matching to is defined in the alert trigger.

General Alerts can also be based on:

  • what level the information is returned at.
  • whether returned with a specific name.
  • whether returned with a specific TTL.

DNS Answers:

The Answer alert allows alerting on any information that is/is not returned in the Answer section. The type of record/info that the alert is matching to is defined in the alert trigger.

Answer Alerts can also be based on:

  • what level the info is returned at.
  • whether returned with a specific name.
  • whether returned with a specific TTL.

DNS Additional Records:

The Additional Records alert allows alerting on any information that is/is not returned in only the Additional Records. The type of record/info that the alert is matching to is defined in the alert trigger.

Additional Records alerts can also be based on:

  • what level the info is returned at.
  • whether returned with a specific name.
  • whether returned with a specific TTL.

DNS Authoritative:

The Authoritative Alert allows alerting on whether specific NS servers are/are not returned in only the Authoritative section.

The Authoritative alert can also be based on:

  • what level the info is returned at.
  • whether returned with a specific name.
  • whether returned with a specific TTL.
  • It supports only NS (Authoritative name server)

An example of the DNS Waterfall and its Mapping is shown below.

kb_dns.png

Alert Triggers

Any/Level/Address/TLD: this allows us to specify where in the DNS resolution the match should occur.
level.png

  • Any - look at any level
  • Index - look at a specific level
  • IP Address – look at the results from a specific address (input accepts domain or IP)
  • Last – look at the last level
    Any | Name: This allows us to specify whether a specific record (defined below) should be returned with a specific domain name.

Any | All: This allows us to specify whether any or all records should match/not match the input.

Equals | Doesn’t Equal: This allows us to specify whether records should match/not match the input.

TTL: This allows us to specify whether a record or name needs to have a specific TTL. Is an integer input.** **

Enforce Test Failure

If enabled, the run will be marked as a failure if the alert is triggered.