• Michael Weeks

Keep an Eye on Your DNS Records

DNS Hijacking, Cache poisoning, and a host of other issues are a continued concern when it comes to internet hygiene. Amid the government shutdown, DHS has reported on multiple site having their domains hijacked - Particularly interesting are potential flaws in ways that GoDaddy does its registration, spammers can easily hijack your domain from its registrar, or worse yet log into your management portal and change it. Ensuring this data doesn't change is something every admin/security personnel should do, and can easily be done with a Linux or Windows Server and email relay to send yourself alerts.


Old Fashion dig command:

Wrap this in a simple change script - and crontab - and your golden!





if [ ! -f $old ]; then

dig @ +short NS $domain > $old


dig @ +short NS $domain > $new

changed=$(diff $old $new)

if [ -n "$changed" ]; then

echo $changed | mail -s "DNS Record Changed!" ""

mv $new $old



And of course for all of our wintendow fans out there, of course there is a way to do this:


$resolveCmd = Resolve-DnsName -name -type ns -server | select name, type, section, namehost

$old = "./oldDNS"

$new = "./newDNS"

if ( (Test-Path $old) -eq $False )


$resolveCmd | Out-File $old


$resolveCmd | Out-File $new

$changes = Compare-Object (Get-Content $old) (Get-Content $new)

if ($changes -ne $null)



Copy-Item $new $old


48 views0 comments

Recent Posts

See All