Domainyze
Dns Monitoring Updated Dec 26, 2025

Common DNS Monitoring Scenarios

DNS monitoring can alert you to a wide variety of situations. This guide covers common scenarios you might encounter and explains what they mean. Scenario 1: Nameser...

DNS monitoring can alert you to a wide variety of situations. This guide covers common scenarios you might encounter and explains what they mean.

Scenario 1: Nameserver Migration

What Happened:

NS Removed: ns1.oldprovider.com. NS Removed: ns2.oldprovider.com. NS Added: ns1.newprovider.com. NS Added: ns2.newprovider.com.

Explanation: Your domain's nameservers changed, typically when migrating to a new DNS provider.

Is This Normal? Yes, if you recently:

  • Switched DNS hosting providers
  • Migrated to a new registrar
  • Changed web hosting companies

Action Required:

  • ✅ Verify this was an intentional migration
  • ✅ Ensure all DNS records were transferred correctly
  • ⚠️ If unauthorized, immediately contact your registrar

Scenario 2: Email Provider Change

What Happened:

MX Removed: 10 mail.oldmail.com. MX Added: 10 mx1.newmail.com. MX Added: 20 mx2.newmail.com. TXT Added: v=spf1 include:_spf.newmail.com ~all TXT Removed: v=spf1 include:_spf.oldmail.com ~all

Explanation: You switched email providers, updating MX records and SPF records.

Is This Normal? Yes, if you:

  • Changed email hosting providers
  • Migrated from one email platform to another
  • Updated email infrastructure

Action Required:

  • ✅ Confirm email routing works correctly
  • ✅ Test sending and receiving emails
  • ✅ Verify SPF, DKIM, and DMARC are properly configured

Scenario 3: Website IP Address Change

What Happened:

A Removed: 192.0.2.50 A Added: 192.0.2.100

Explanation: Your website's IP address changed.

Is This Normal? Yes, if you:

  • Migrated to a new web hosting provider
  • Changed server infrastructure
  • Implemented a CDN (Content Delivery Network)
  • Upgraded or moved servers

Action Required:

  • ✅ Verify your website loads correctly
  • ✅ Check that SSL certificate is valid for new IP
  • ⚠️ If unexpected, investigate with hosting provider

Scenario 4: CDN or Security Service Added

What Happened:

A Removed: 203.0.113.50 A Added: 104.16.132.229 A Added: 104.16.133.229 NS Added: dns1.cdn-provider.com. NS Added: dns2.cdn-provider.com.

Explanation: You enabled a CDN or security service (like Cloudflare).

Is This Normal? Yes, when:

  • Setting up Cloudflare or similar CDN
  • Enabling DDoS protection services
  • Adding a web application firewall (WAF)

Action Required:

  • ✅ Verify website works through the CDN
  • ✅ Check SSL/TLS settings
  • ✅ Test website performance

Scenario 5: SSL Certificate Authority Authorization Update

What Happened:

CAA Added: 0 issue "letsencrypt.org" CAA Added: 0 issuewild "letsencrypt.org"

Explanation: CAA records were added to specify which certificate authorities can issue SSL certificates.

Is This Normal? Yes, when:

  • Implementing stricter SSL certificate controls
  • Switching SSL certificate providers
  • Following security best practices

Action Required:

  • ✅ Verify this aligns with your SSL provider
  • ✅ Ensure your SSL provider is authorized in CAA records

Scenario 6: IPv6 Support Added

What Happened:

AAAA Added: 2001:db8::1

Explanation: IPv6 address records were added to your domain.

Is This Normal? Yes, when:

  • Your hosting provider enables IPv6
  • Upgrading infrastructure to support IPv6
  • Following modern internet standards

Action Required:

  • ✅ Verify your website is accessible via IPv6
  • ✅ Test from IPv6-enabled networks

Scenario 7: Load Balancer Configuration

What Happened:

A Added: 192.0.2.10 A Added: 192.0.2.11 A Added: 192.0.2.12 A Removed: 192.0.2.50

Explanation: Multiple A records added for load balancing across servers.

Is This Normal? Yes, when:

  • Implementing load balancing
  • Scaling infrastructure
  • Adding redundancy

Action Required:

  • ✅ Verify all IPs respond correctly
  • ✅ Test failover behavior

Scenario 8: Subdomain CNAME Changes

What Happened:

CNAME Added: www.example.com points to example.com.

Explanation: A CNAME record was added to alias a subdomain.

Is This Normal? Yes, when:

  • Setting up www subdomain
  • Configuring service-specific subdomains
  • Creating domain aliases

Action Required:

  • ✅ Verify subdomain resolves correctly
  • ✅ Check HTTPS works on aliased domain

Scenario 9: Potential DNS Hijacking ⚠️

What Happened:

NS Removed: ns1.yourprovider.com. NS Removed: ns2.yourprovider.com. NS Added: ns1.suspicious-domain.xyz. NS Added: ns2.suspicious-domain.xyz. A Removed: 192.0.2.50 A Added: 185.199.108.153

Explanation: Nameservers changed to unknown provider, and website IP changed.

Is This Normal? ⚠️ SECURITY ALERT - Only if you intentionally migrated DNS.

Action Required:

  • 🚨 IMMEDIATE: Change registrar account password
  • 🚨 Contact registrar support immediately
  • 🚨 Review account access logs
  • 🚨 Check for unauthorized account changes
  • 🚨 Enable two-factor authentication on registrar account
  • 🚨 Verify your registrar contact information
  • 🚨 Consider locking your domain

Scenario 10: DMARC Policy Implementation

What Happened:

TXT Added: v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com

Explanation: DMARC email authentication policy was added.

Is This Normal? Yes, when:

  • Implementing email security best practices
  • Protecting against email spoofing
  • Meeting compliance requirements

Action Required:

  • ✅ Monitor DMARC reports at specified email
  • ✅ Verify legitimate emails aren't quarantined
  • ✅ Ensure SPF and DKIM are aligned

Best Practices

  1. Document Changes: Keep a change log of intentional DNS modifications
  2. Notify Your Team: Inform stakeholders before making DNS changes
  3. Use Webhooks: Integrate alerts into your monitoring systems
  4. Verify Immediately: Always check alerts as soon as received
  5. Maintain Access: Ensure you have secure access to DNS control panels
  6. Enable 2FA: Use two-factor authentication on all DNS-related accounts
  7. Domain Locking: Consider locking your domain at the registrar level

When to Be Concerned

Take immediate action if:

  • Nameservers change to unknown providers
  • Changes occur during non-business hours without authorization
  • Multiple record types change simultaneously without explanation
  • Your website or email stops working after DNS changes
  • You receive multiple DNS change alerts in quick succession

Need Help?

If you're unsure about a DNS change alert:

  • Review your DNS Check History
  • Contact your hosting or DNS provider
  • Check with your IT team or DNS administrator
  • If you suspect security issues, contact your domain registrar immediately

Previous article

← Viewing DNS Check History

Next article

Types of Alerts We Send →

Related

More from Dns Monitoring

Browse all help

What Is DNS Monitoring and How It Works

DNS (Domain Name System) records control critical aspects of your domain's functionality—from where your website points to how your email is delivered. Unexpected DN...

How to Enable DNS Monitoring

DNS monitoring is automatically enabled for all domains in your Portfolio. Follow these steps to start monitoring your domain's DNS records. Steps to Enable DNS Moni...

Understanding DNS Change Alerts

When Domainyze detects changes to your domain's DNS records, you'll receive detailed alerts via email and webhook (if configured). This guide helps you understand wh...