Getting Started with ZoneWatcher: Monitor Your First Domain in 5 Minutes
Step 1: Connect Your DNS Provider
After creating your ZoneWatcher account, the first thing you'll do is connect a DNS provider. ZoneWatcher integrates directly with providers including Cloudflare, AWS Route 53, DNSimple, ClouDNS, DNS Made Easy, Porkbun, Hostinger, DreamHost, and many others.
Head to your account settings, select your provider, and authenticate. For most providers, this means generating an API key or token with read access to your DNS zones.
You only need read access. ZoneWatcher never modifies your DNS records; it only monitors them.
Step 2: Add Your Domain
Once your provider is connected, ZoneWatcher's autodiscovery pulls in your domains automatically. You'll see a list of all zones available on the connected provider and can select which domains you want to monitor.
If you're using a provider that isn't directly integrated, you can add domains manually using public DNS monitoring. ZoneWatcher will query your domain's authoritative nameservers directly without requiring an API key.
Step 3: Review Your Records
With the domain added, ZoneWatcher fetches a complete snapshot of your DNS records. Take a minute to review them. This initial snapshot becomes your baseline; every future change is measured against it.
You'll see every record in the zone: A, AAAA, CNAME, MX, TXT, NS, SOA, and others. For each record, ZoneWatcher shows the name, type, value, and TTL.
This is also a good time to spot anything unexpected. Stale CNAME records pointing to decommissioned services? TXT records you don't recognize? Better to find them now than during an incident.
Step 4: Configure Alerts
ZoneWatcher can notify you through email, Slack, Microsoft Teams, Discord, or webhooks whenever a DNS record changes. Set up at least one notification channel; email is the obvious default, but Slack is where most teams want their alerts.
You can configure alert rules to filter what triggers a notification. Maybe you want to be alerted on any change to A, MX, or NS records, but you don't care about TTL adjustments. Fine-tune this to avoid alert fatigue while keeping coverage on the records that matter.
Step 5: Make a Test Change
The best way to confirm monitoring is working: make a deliberate change. Add a test TXT record to your zone (something like _test.example.com TXT "zonewatcher-test"), wait for ZoneWatcher to detect it, and verify the alert arrives.
Then remove the test record. You should get a second alert.
If both alerts come through, you're set. Your DNS is being monitored, and unauthorized or unexpected changes won't go unnoticed.
What Happens Next
ZoneWatcher continuously polls your DNS records and compares them against the last known state. When something changes, you receive:
- A notification through your configured channels
- A change entry in your audit trail showing the exact before-and-after values
- A timestamped record you can reference during incident response or compliance audits
Over time, the audit trail builds into a complete history of your domain's DNS configuration. You can see every change, when it happened, and what the zone looked like at any point in time.
Going Further
Once your first domain is set up:
- Add more domains. If you manage multiple domains, add them all. Autodiscovery makes this fast.
- Export zone files. ZoneWatcher can export your zone as a BIND zone file or CSV for backups and migrations.
- Invite your team. Give your ops, security, and IT team members access so everyone sees the same audit trail.
- Set up monitoring for multiple providers. If your domains are split across different DNS providers, connect them all for a unified view.
DNS monitoring is one of those things that feels unnecessary until the day it saves you. Set it up now while everything is working, and you'll be glad it's there when something changes unexpectedly.