Audit your domain

Change Detection

Catch unauthorized changes to DNS, SSL, and WHOIS data

Back to Web Performance

What we check

We monitor for unexpected configuration changes

We monitor your DNS records, SSL certificates, and WHOIS data for unexpected changes that could indicate unauthorized modifications or security issues. Tracking configuration changes helps detect unauthorized access, misconfigurations, or security compromises before they cause outages or data breaches.

Security Impact

Why change detection is critical

Unauthorized changes cause outages

When DNS, SSL, or domain registration details change without authorization, it can cause immediate outages. Services break, emails stop working, and websites go offline.

Indicates security compromise

Unexpected changes often indicate unauthorized access. Attackers who compromise DNS can redirect traffic, steal data, or launch phishing attacks using your domain.

Former employees still have access

Ex-employees or contractors with lingering access can make changes maliciously or accidentally. Change detection catches this before damage occurs.

Silent failures are common

Configuration changes happen silently. You often don't notice until users report issues. By then, damage may be severe.

Implementation

How to manage configuration changes

With Httpeace

Httpeace automatically monitors for unexpected configuration changes:

  • Add your domain to Httpeace
  • We monitor DNS, SSL certificates, and WHOIS data automatically every day
  • Get instant alerts when any configuration changes
  • See what changed and when in your dashboard

Without Httpeace

Manual change detection requires tracking multiple configuration sources:

# Check DNS records
dig ANY yourdomain.com

# Check SSL certificate
echo | openssl s_client -connect yourdomain.com:443 | openssl x509 -text

# Check WHOIS data
whois yourdomain.com

# Check name servers
dig NS yourdomain.com

You'll need to:

  • Snapshot current DNS records (A, AAAA, MX, TXT, CNAME, NS) for comparison
  • Store SSL certificate details (issuer, expiration, SANs, fingerprint)
  • Record WHOIS data (registrar, registrant, expiration, name servers)
  • Run daily checks comparing current values to baselines
  • Build scripts to automate comparison and alerting
  • Parse different output formats from dig, openssl, whois
  • Filter out expected changes (SSL renewals, DNS updates)
  • Alert on unexpected changes via email/Slack/webhook
  • Maintain change log documenting authorized modifications
  • Enable MFA on registrar, DNS provider, hosting accounts
  • Use domain locking to prevent unauthorized transfers
  • Limit DNS/domain access to necessary team members only
  • Review provider audit logs regularly
  • If unauthorized changes detected, revert immediately
  • Investigate scope (check all configs, not just what changed)

Manual change detection requires constant vigilance and custom automation. Configuration changes happen silently, and by the time you notice manually, significant damage may have occurred.

FAQ

Frequently asked questions

How quickly does Httpeace detect changes?

We check your domain configuration daily. Most changes are detected within 24 hours. For critical changes like DNS or name server modifications, we alert you immediately upon detection.

What should I do if I get a change alert?

First, verify if the change was authorized. Check with your team, review change logs, and compare against your configuration documentation. If unauthorized, immediately revert the change and investigate how it happened. Secure compromised accounts and review access controls.

Can Httpeace prevent unauthorized changes?

No, Httpeace detects and alerts—it doesn't prevent changes. Prevention requires security controls at your registrar/DNS provider: strong passwords, MFA, registrar locks, limited access, and audit logs. Httpeace provides the crucial early warning system.

Will I get false positives from legitimate changes?

Yes, you'll receive alerts for all changes—both authorized and unauthorized. This is intentional. Maintain a change log and configure team notifications so everyone knows when legitimate changes are made. Any unexpected alert then indicates a real problem.

What if my DNS provider makes changes automatically?

Some DNS providers auto-update IP addresses, optimize record TTLs, or manage certificates automatically. These may trigger alerts. Once you verify these are expected, you'll recognize the pattern. The key is investigating every unexpected alert—one could be a security incident.

Related checks

Other checks in this category

Redirect Chain Detection

Speed up page loads and improve SEO rankings.

View all Web Performance checks

Peace of mind for your domains.

Start monitoring today and prevent outages, hacks, and costly mistakes.

Audit your domain — it's freeTalk to us