What to Monitor
- WHOIS changes (registrant, NS, expiry)
- DNS resolution (A, MX, TXT)
- SSL certificate expiry
- Blacklist & malware status
- Domain drop date countdown
Free Tools Stack
UptimeRobot: 50 monitors free, 5-min intervals. SSL Labs API: cert grade alerts. DomainTools Monitor: whois delta emails. MXToolbox: blacklist & SPF/DMARC checks.
Setting Up WHOIS Watch
Cloudflare Registrar sends automatic whois-change emails. If using others, create Zapier trigger “RSS by Zapier” polling whois history RSS from DomainTools; push to Slack #security.
DNS Monitoring
Use Pingdom “DNS” type to expect A record = 192.0.2.42. If poisoned or mis-edited, alert fires within 1-5 minutes. Combine with RUM beacon to correlate user impact.
Certificate Expiry
Let’s Encrypt sends 20-day warnings, but corporate CAs may not. Run openssl x509 -enddate in cron, push to Grafana. Red alert at 30 days, page on-call at 7 days.
Custom Script Example
Bash + dig: poll NS daily, if answer ≠ expected, sendmail to admin. Store last-good IP in text file to avoid flapping on single failure.
Escalation Matrix
Tier 1: automated alert → Slack. Tier 2: no acknowledgment in 30 min → SMS. Tier 3: domain actually hijacked → call legal counsel + registrar fraud hotline + freeze account.
False Positive Reduction
Ignore planned maintenance windows by tagging monitors “maintenance” in UptimeRobot and pausing via API. Document change tickets so alerts can be correlated.
Cost at Scale
Monitoring 1,000 domains via UptimeRobot Pro costs $54/month. Self-hosted open-source (Zabbix + scripts) runs on $20 VPS but needs maintenance time—factor TCO before choosing.
Key Takeaway
Domains are mission-critical assets. 24/7 monitoring costs pennies compared to revenue loss from hijack or expiry. Automate early, sleep better.