DNS Monitoring: Why Your Site Might Be Down Even When Your Server Is Fine

Your servers are healthy, but users can't reach you. DNS failures are silent killers. Here's how to monitor and prevent them.

Published: March 20, 2026 • Reading time: 8 minutes

Your application is running. Your servers are healthy. Your database is responsive. But users can't reach your site.

The culprit? DNS. The invisible layer that translates your domain name to an IP address. When DNS fails, everything fails — but your internal monitoring won't notice.

Why DNS Monitoring Matters

DNS is the first step in every request to your service:

  1. User types your domain
  2. Browser queries DNS for the IP address
  3. DNS returns the IP (or doesn't)
  4. Browser connects to your server

If step 3 fails, your server never sees the request. Your logs show nothing. Your metrics look normal. But users get "site can't be reached."

DNS issues are invisible to server-side monitoring. You need external checks that go through the full DNS resolution process.

Common DNS Failure Modes

1. Domain Expiration

You forgot to renew your domain. It happens more than you'd think.

Symptoms: Complete outage, WHOIS shows expired

Prevention: Auto-renewal, calendar reminders, multi-year registrations

2. Nameserver Misconfiguration

Your registrar points to the wrong nameservers, or your DNS provider has issues.

Symptoms: Intermittent or complete failure

Prevention: Monitor DNS resolution, not just server health

3. DNS Record Errors

A records, CNAMEs, or MX records are missing or wrong.

Symptoms: Specific subdomains fail, email bounces

Prevention: DNS change management, monitoring specific records

4. DNS Propagation Delays

You changed DNS records, but not all users see the change yet.

Symptoms: Some users see old IP, some see new

Prevention: Lower TTL before changes, use DNS prefetching

5. DNS Provider Outages

Even major DNS providers have outages (Route 53, Cloudflare, Dyn have all had incidents).

Symptoms: Intermittent failures across multiple domains

Prevention: Secondary DNS provider, monitoring from multiple locations

6. DDoS Attacks on DNS

Attackers target DNS infrastructure (Dyn attack in 2016 took down Twitter, Netflix, Reddit).

Symptoms: Widespread outages affecting your provider's customers

Prevention: DDoS-protected DNS, secondary provider

What to Monitor in DNS

1. Domain Expiration

Alert when your domain is approaching expiration.

# Check domain expiration
whois example.com | grep "Expiration"

# Or use a monitoring service
# Alert when < 30 days remaining

2. DNS Resolution

Can your domain be resolved from multiple locations?

# Check from your server
dig example.com +short

# Check from external service
# OpsPulse, Pingdom, etc.

3. Correct IP Address

Does your domain resolve to the expected IP?

expected_ip="203.0.113.42"
actual_ip=$(dig example.com +short)

if [ "$actual_ip" != "$expected_ip" ]; then
  echo "DNS mismatch! Expected $expected_ip, got $actual_ip"
fi

4. Nameserver Availability

Are your nameservers responding?

# Check each nameserver
for ns in ns1.example.com ns2.example.com; do
  if ! dig @$ns example.com +short >/dev/null 2>&1; then
    echo "Nameserver $ns not responding!"
  fi
done

5. Record-Specific Checks

Verify specific records exist and have expected values.

DNS Monitoring Best Practices

Monitor from Multiple Locations

DNS can fail regionally. Monitor from at least 3-5 geographic locations.

Monitor the Full Resolution Chain

Don't just check if your nameserver responds. Check the actual domain resolution that users experience.

Set Up Alerts for Changes

Alert when DNS records change unexpectedly. This could indicate a hijacking attempt.

Use Multiple DNS Providers

For critical services, use primary + secondary DNS providers. If one fails, the other takes over.

Monitor TTL Compliance

Before making changes, verify your TTL allows for quick propagation.

DNS Monitoring Checklist

External uptime monitoring includes DNS checks: Services like OpsPulse check DNS resolution as part of the request. If DNS fails, you'll know.

DNS Troubleshooting Quick Reference

Symptom Check
Complete outage, no DNS response Domain expiration, nameserver configuration, DNS provider outage
Intermittent failures DNS propagation, TTL issues, nameserver availability
Wrong IP address DNS record misconfiguration, DNS cache, hijacking
Email delivery failures MX records, SPF/DKIM/DMARC
SSL certificate errors CNAME vs A record, CA verification records

Monitor DNS as Part of Uptime Checks

OpsPulse monitors your service from the outside, including DNS resolution. Know when DNS fails before users report "site can't be reached."

Start Free Monitoring →

Summary

DNS monitoring is essential because:

  1. It's invisible: Server-side monitoring won't detect DNS issues
  2. It's critical: DNS failure = complete outage
  3. It's preventable: Most DNS issues can be caught early

Monitor DNS resolution as part of your external uptime checks. It's a small effort that prevents a common failure mode.

Related Resources