Welcome to the Hardenize blog. This is where we will document our journey as we make the Internet a more secure place and have some fun and excitement along the way.
Continuing to expand on the theme of integration with our customers' infrastructure, we're announcing support for discovery via continuous DNS zone transfer. With this new feature, we can ensure 100% visibility into all zone hosts and resource records.
Having a robust DNS infrastructure is critical to achieving high availability and reliable services. For this reason, high availability via multiple servers is built into the DNS. With multiple servers supporting the same zone, one server is designated as primary and the rest as secondaries. DNS zone transfers are designed to support the propagation of authoritative zone data to the secondaries from the primary so that the zone can be configured in a single location.
This feature is also very useful when it comes to infrastructure monitoring. Although we provide comprehensive automated discovery via a variety of methods and are able to achieve excellent results, a direct integration with the authoritative DNS servers can provide full and timely visibility.
Prior to this latest release, our monitoring already supported the detection of DNS zone transfer capability that was enabled and exposed to the public. With this release, we're adding support for integration-focused zone transfer, using a set of known stable IP addresses along with support for TSIG authentication. Together, this setup enables our customers to deploy this integration safely.