You may want to use a DNS monitor to check the serial number reported by a name server for a domain. The serial number is a specific property of a domain name, which the name server stores in the SOA (Start of Authority) record. The name server increments the serial number each time the DNS settings for a domain get modified, and by watching the serial number, you will know the moment your DNS entry changes and receive alerts to possible tampering. In this article, you’ll step through the process of getting the serial number and how you can set up a DNS monitor to test the value.
First, you need to get the current serial number
To get the current serial number, you need to perform an SOA query.
- Open a command window.
- Type
nslookupand press [Enter]. - Switch to querying SOA records by typing
set type=soaand press [Enter]. - Type the name of the domain name in question and press [Enter].
If the current name server can respond to this query, it will give you the contents of the SOA records. One of the values returned is the serial number. In the example below, the serial number is 162337499.
Setting up a DNS monitor to check the SOA record
Now that you know the serial number, you need to set up a DNS monitor to check the SOA record. If you need help with setting up a DNS monitor, visit Setting up a DNS monitor.
- Open an existing DNS monitor or create a new DNS monitor
- Select SOA Record from the DNS Query dropdown
- Provide the IP address or domain name for the name server you want to test in the DNS Server box. Leave this box blank to use the local name server on the checkpoint.
- Fill in the domain name you would like to verify the SOA record for in the Test Value box.
- Enter the serial number you would like to test for in the Expected result box.
