DNS change alerts you can actually trust
A silent DNS edit is one of the highest-leverage failure modes in software ops. An MX flip breaks inbound mail for a week. A TXT edit breaks SPF/DKIM and your transactional email lands in spam. A nameserver swap could be a legitimate registrar move — or the first sign of account compromise. ManageCert snapshots your DNS daily, diffs against yesterday, and alerts within 24 hours of any change.
The SANS Internet Storm Center has noted that unexpected DNS changes are often the first sign of compromise — the attacker repoints MX records to intercept email, or swaps nameservers to a registrar they control. By the time you notice (failed logins, weird email behavior), the breach is days old. Even when changes are legitimate (a teammate updated DNS without telling you), the silent edit can break mail, auth, or analytics in ways that take hours to diagnose. ManageCert is the audit log you didn't know you needed.
Why ManageCert for DNS change alerts
Six record types, daily snapshot + diff
A, AAAA, MX, CNAME, TXT, NS — we snapshot all six daily for every domain you monitor and diff against the prior snapshot. Any change → alert.
Catches the silent breaks
MX rotation breaks inbound mail. TXT change breaks SPF/DKIM and tanks deliverability. CNAME edit breaks subdomain routing. NS swap could be legitimate or could be your domain being hijacked. All silent, all caught.
Audit trail when you need it
Every snapshot is stored. If you ever need to answer "when did this change?" — we have a daily history per domain, exportable as JSON from your account settings.
SSL, domain expiry, DNS — daily, across all your domains.
SSL certificates
Expiry, issuer, SANs, chain validity, hostname match. Alerts at 30/14/7/1 days, plus immediate if invalid.
Domain registration
RDAP + WHOIS lookups daily. Alerts at 60/30/14/7 days. Catches lapsed-domain → squatter before it happens.
DNS records
A/AAAA/MX/CNAME/TXT/NS snapshot + diff. Catches mid-night MX flips before mail breaks for a week.
Frequently asked
- What if my DNS legitimately changes often (round-robin, geo-DNS)?
- v1 ships naive diff with user-suppressible alerts — you can ignore noisy domains. v1.5 will add smart filtering for round-robin and geo-DNS rotations so only meaningful changes surface.
- Will I get alerted every time I deploy and a CDN rotates IPs?
- If your CDN rotates IPs daily, yes — first time you'll see the change, then you can suppress that record type for that domain. We're working on smarter heuristics for v1.5.
- How fast is 'immediate' for DNS-change alerts?
- Our daily cron runs at 06:00 UTC, so worst case is ~24 hours from change to alert. Fast enough to catch the silent edit before it breaks your week; not fast enough for active-attack response. For real-time security, pair us with your existing SIEM.
- Do you store the historical DNS records?
- Yes — every snapshot is kept for the lifetime of your account. Exportable as JSON from Account settings.
Ready to stop worrying?
Solo $19 · Pro $39 · Agency $99 · Studio $249. 14-day free trial. Annual saves 20%.