Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  4. DNS Check

Author: Government Digital Service

DNS Check

DNS Check is a free monitoring service provided by the Government Digital Service (GDS) to the UK public sector using commercial and internal tools and services. It can be accessed through your MyNCSC sign in.

All domains in public sector namespaces are automatically included in DNS Check.

Benefits of using DNS Check

The benefits of using DNS Check in your organisation include:

  • centrally funded with no cost to your organisation
  • proactive protection that detect vulnerabilities before attackers do
  • free outreach service and we will contact you if we detect critical vulnerabilities
  • sign in through MyNCSC to access multiple Active Cyber Defence (ACD) services
  • access to the domain and vulnerability knowledge base

What DNS Check does

DNS Check works by doing things like:

  • making a DNS query
  • requesting a page from a web server
  • asking an email server if it supports a particular encryption method

The service looks for a range of internet-facing domain and DNS-related misconfigurations and vulnerabilities including:

  • domain lifecycle issues such as expiries and registration problems
  • dangling resources and lame delegations
  • email misconfigurations and failures
  • nameserver misconfigurations, consistency issues and failures
  • some basic web issues like out of policy forwarding

We will email you from support@domains.gov.uk to tell you about any critical vulnerabilities found.

Source and frequency of scanning

Every day, we operate a small number of internal monitoring tools which run standard DNS queries with no impact on the domain owner’s services.

We use Detectify to check all .gov.uk domains 3 times a day. If you have authorised us to check other public sector domains these will also be checked 3 times. These checks are mainly passive DNS and HTTP queries, although domain owners may see light traffic from Detectify servers.

Find out more about how we use Detectify.

We use Hardenize to run standard DNS queries that have no impact on the domain owner’s services. The frequency of these are:

  • every day for .gov.uk domains
  • weekly for other public sector domains

Read more about Hardenize, including where their traffic comes from.

We also use Whois XMLAPI’s Domain Reputation API to run standard DNS and HTTP queries that have no impact on the domain holder’s services. The frequency of these are:

  • daily for .gov.uk domains
  • fortnightly for all other public sector domains

Get full cyber vulnerability protection

While DNS Check is a valuable service, we recommend enhancing your protection by registering for our Vulnerability Monitoring Service and SIEM Integration.

This provides advanced monitoring and allows you to integrate with your existing SIEM tool for seamless oversight.

Additionally, by sharing your zone files with us, we can keep an eye on all your domains and subdomains, helping ensure nothing is missed and reducing the risk of vulnerabilities going unnoticed.

Contact us

For any questions about monitoring and vulnerabilities, email support@domains.gov.uk.

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now