Domain-monitoring services can detect changes to registration information and DNS resolution to IP addresses. Monitoring services won't prevent a DNS attack from being carried out, but they will issue an alert at the earliest stage of an attack, say security experts. Commercial monitoring services can send an alert if configuration changes are detected to major elements of high-profile domain names. Some companies with a mature IT staff and development team rely on a small shell-script to keep tabs on website resources, said Trend Micro's April.
Monitoring system logs is also important, according to Dell-SecureWorks' Houle. Administrators should ensure systems responsible for authentication are logging transactions, he said. In addition, proactive monitoring can detect a brute-force attack against a system and suspicious login activity, Houle said.