The Internet and the Domain Name System (DNS) are continually changing; domains are constantly created and existing ones are frequently modified. Cybercriminals change DNS records to hijack domains and redirect traffic to malicious websites.
The redirected traffic bypasses their hosts leaving organizations unaware that traffic is being diverted. This leaves businesses and customers at great risk.
Whenever a new domain is created or a domain’s configuration changes, the DNS Changes channel highlights that change in real-time. This lets organizations easily monitor their DNS worldwide and alert on unauthorized changes due to operational accidents — or an attack.
The data is collected from the Farsight global DNS sensor array. The DNS Changes channel contains more than 200,000 observations per second to provide a holistic view of all DNS changes including:
“Farsight’s DNS Changes is the authoritative source of changes in Internet infrastructure.”
A resource record (RR) is a single DNS record.
A resource record set (RRset) consists of all the resource records of a given type for a given rrname.
When the DNS Changes channel detects a never-before-seen RRset, it publishes that RRset to Channel 214 on SIE. It also annotates novel information about each RRset. These include individual RRs that have not been seen before and whether the RRset has changed from those previously seen for a Fully Qualified Domain Name (FQDN).
Data is presented as a time-stamped RRset, providing full context for observed changes as well as critical information for security investigators and operational change management.
It reports on global changes when existing domains purposely, inadvertently or maliciously: