Keep an Eye on Your DNS Records

DNS Hijacking, Cache poisoning, and a host of other issues are a continued concern when it comes to internet hygiene. Amid the government shutdown, DHS has reported on multiple site having their domains hijacked - https://www.us-cert.gov/ncas/alerts/AA19-024A. Particularly interesting are potential flaws in ways that GoDaddy does its registration, spammers can easily hijack your domain from its registrar, or worse yet log into your management portal and change it. Ensuring this data doesn't change is something every admin/security personnel should do, and can easily be done with a Linux or Windows Server and email relay to send yourself alerts.

Linux:

Old Fashion dig command:

Wrap this in a simple change script - and crontab - and your golden!

#!/bin/bash

domain="packetaddict.com"

old="./dnsnameservers-old"

new="./dnsnameservers-new"

if [ ! -f $old ]; then

dig @8.8.8.8 +short NS $domain > $old

fi

dig @8.8.8.8 +short NS $domain > $new

changed=$(diff $old $new)

if [ -n "$changed" ]; then

echo $changed | mail -s "DNS Record Changed!" "mweeks9989@gmail.com"

mv $new $old

fi

Windows:

And of course for all of our wintendow fans out there, of course there is a way to do this:

#!/bin/pshell

$resolveCmd = Resolve-DnsName -name packetaddict.com -type ns -server 8.8.8.8 | select name, type, section, namehost

$old = "./oldDNS"

$new = "./newDNS"

if ( (Test-Path $old) -eq $False )

{

$resolveCmd | Out-File $old

}

$resolveCmd | Out-File $new

$changes = Compare-Object (Get-Content $old) (Get-Content $new)

if ($changes -ne $null)

{

$changes

Copy-Item $new $old

}