Monitoring DNS Records for Wildcard Values
Back in 2016, we added support for monitoring wildcard DNS records. Wildcard DNS records are used to serve requests for otherwise non-existent domain names. For example, if you created a wildcard record for *.example.com, but not a foo.example.com record, queries for foo.example.com would receive the IP addresses specified for *.example.com in response.
Today we’re pleased to announce that we’ve extended our support for using wildcards in DNS records monitoring. DNS Check now allows you to specify a wildcard (*) in place of some DNS record values, such as an A record’s IP address to indicate that any value is acceptable, but the record must exist.
Wildcard values are supported in the following areas:
- A and AAAA records may have an IP address of * specified.
- CNAME records may have a value of * specified to indicate that they may point to any domain.
- MX records may have an exchange of * specified to indicate that any exchange is acceptable.
- NS records may have a value of * specified to indicate that any nameserver is acceptable.
- PTR records may have a value of * specified to indicate that any value is acceptable.
Here are a couple of example use cases:
Load Balancer Monitoring
Suppose you’re using a load balancer to split requests for your website - www.example.com between a pool of web servers. The pool is dynamic, so you don’t know ahead of time which IPs will be returned in response to each query, but you want to make sure that at least IP is returned.
You can do that by creating a new monitored DNS record with an IP address of *:
In the above screenshot, www.example.com would pass as long as one or more IP addresses are returned in response to each query.
Toggling the above form’s “Exclusive” tag on would enforce a requirement that only one IP address is returned.
Similarly, toggling the above form’s “Exclusive” tag on, then creating a second identical monitored DNS record would enforce a requirement that exactly two IP addresses are returned.
G Suite DNS Record Monitoring
For our second example, suppose that your organization uses G Suite, and you wish to monitor the CNAME record that they asked you to create.
; Name Type Value
mail.example.com. CNAME ghs.googlehosted.com.
That’s simple enough. You can just create a CNAME record in DNS Check:
Once the above monitored record is created, DNS Check will automatically check it every 5 minutes, and notify you if it changes.
But what about the ghs.googlehosted.com record that we’re pointing to? How do we know that it’s working?
Normally monitoring ghs.googlehosted.com would be difficult because Google could return any of their IP addresses in response to each query. With wildcard DNS records, you can just tell DNS Check that you want to make sure that ghs.googlehosted.com returns at least one IP, but don’t care which one it is:
Have any questions about how to use wildcards in your DNS record monitoring? Contact us. We’re happy to help.