Private Domain Monitoring
Monitor your domains without exposing data to passive DNS databases or third parties
Passive DNS databases like SecurityTrails, WhoisXML, and Farsight DNSDB collect and resell your domain resolution history to anyone who pays. Threat actors use these services to map your infrastructure before attacking. EdgeDNS monitoring is fundamentally different: your monitoring data belongs exclusively to your organization. No other customer, researcher, or adversary can query your domain's monitoring history.
The Challenge
Every DNS query resolved by a public resolver or passive DNS sensor becomes part of a shared database. Your A records, MX records, nameserver changes, and subdomain structure are exposed to anyone with an API key to passive DNS services. For regulated industries (finance, healthcare, government), this represents an unacceptable data exposure risk and a valuable reconnaissance resource for attackers planning targeted campaigns.
The Solution
EdgeDNS domain subscriptions perform active monitoring from your authenticated API context. DNS resolution, certificate checks, WHOIS lookups, and score evaluations are executed privately and stored in per-organization tables. No data is shared between organizations, and results are accessible only through authenticated API calls scoped to your organization. Data retention is configurable: Developer 90 days, Pro 360 days, Enterprise unlimited.
Endpoints Used
Combine these EdgeDNS endpoints to build this solution.
/v1/subscriptionsTry in PlaygroundCreate Subscription: Subscribe domains for private, organization-scoped monitoring
/v1/subscriptions/:id/dns-historyTry in PlaygroundDNS History: View your private DNS record history (not in any public database)
/v1/subscriptions/:id/alertsTry in PlaygroundSubscription Alerts: Get alerted to changes without third-party data sharing
/v1/subscriptionsTry in PlaygroundList Subscriptions: Manage all monitored domains in your private portfolio
Results You Can Achieve
Zero data leakage
Your DNS resolution history, certificate state, and WHOIS changes are never shared with other customers
Invisible to adversaries
Attackers using passive DNS for recon cannot see your monitoring data or infrastructure changes
Compliance-friendly
Data retention is configurable: Developer 90 days, Pro 360 days, Enterprise unlimited
Code Example
Set up private monitoring for regulated domains
// Subscribe a domain with all monitoring services enabled
const sub = await fetch('https://api.edgedns.dev/v1/subscriptions', {
method: 'POST',
headers: {
'Authorization': 'Bearer YOUR_API_KEY',
'Content-Type': 'application/json'
},
body: JSON.stringify({
domain: 'secure.bankexample.com',
ping_enabled: true,
ping_interval_minutes: 1,
dns_enabled: true,
dns_interval_minutes: 30,
whois_enabled: true,
whois_interval_minutes: 1440,
cert_enabled: true,
cert_interval_minutes: 60,
email_score_enabled: true,
security_score_enabled: true,
notification_emails: ['soc@bankexample.com']
})
}).then(r => r.json());
// Your monitoring data is PRIVATE to your organization
// No other API customer can query this history
const dnsHistory = await fetch(
`https://api.edgedns.dev/v1/subscriptions/${sub.data.id}/dns-history`,
{ headers: { 'Authorization': 'Bearer YOUR_API_KEY' } }
).then(r => r.json());
console.log('Private DNS records tracked:', dnsHistory.data.length);Learn More
Explore industry standards and best practices related to this use case.
Ready to build Private Domain Monitoring?
Get started with 200 free API requests per month. No credit card required.