Keep an Eye on Your DNS Records
DNS Hijacking, Cache poisoning, and a host of other issues are a continued concern when it comes to internet hygiene. Amid the government shutdown, DHS has reported on multiple site having their domains hijacked - https://www.us-cert.gov/ncas/alerts/AA19-024A. Particularly interesting are potential flaws in ways that GoDaddy does its registration, spammers can easily hijack your domain from its registrar, or worse yet log into your management portal and change it. Ensuring this data doesn't change is something every admin/security personnel should do, and can easily be done with a Linux or Windows Server and email relay to send yourself alerts.
Old Fashion dig command:
Wrap this in a simple change script - and crontab - and your golden!
if [ ! -f $old ]; then
dig @188.8.131.52 +short NS $domain > $old
dig @184.108.40.206 +short NS $domain > $new
changed=$(diff $old $new)
if [ -n "$changed" ]; then
echo $changed | mail -s "DNS Record Changed!" "email@example.com"
mv $new $old
And of course for all of our wintendow fans out there, of course there is a way to do this:
$resolveCmd = Resolve-DnsName -name packetaddict.com -type ns -server 220.127.116.11 | select name, type, section, namehost
$old = "./oldDNS"
$new = "./newDNS"
if ( (Test-Path $old) -eq $False )
$resolveCmd | Out-File $old
$resolveCmd | Out-File $new
$changes = Compare-Object (Get-Content $old) (Get-Content $new)
if ($changes -ne $null)
Copy-Item $new $old