dnswatchdog.iodocs

Overview

How DNS Watchdog detects and classifies security issues.

DNS Watchdog continuously scans your DNS infrastructure and raises issues when it detects security risks. Each issue has a type, severity, and review status.

Severity levels

SeverityMeaning
CriticalImmediate action recommended — active security risk
WarningPotential risk that should be reviewed
InfoInformational finding for awareness

Example of issues grouped by severity level showing critical, warning, and info badges

Review workflow

Every issue starts in Needs Review status. From there you can:

  1. In Review — mark an issue while you investigate
  2. Ignored — dismiss the issue if it's a known acceptable risk
  3. Resolved — the underlying condition is no longer detected

The review status workflow showing transitions between Needs Review, In Review, Ignored, and Resolved

Issue categories

DNS Watchdog detects issues across several categories:

  • Open Ports — exposed services like databases, remote access, and infrastructure ports
  • Certificates — expired, expiring, mismatched, or weak SSL/TLS certificates
  • HTTP — connection errors, server errors, weak TLS, and missing HTTPS redirects
  • DNS — dangling subdomains, broken delegations, and broken redirects
  • Email Authentication — SPF, DKIM, DMARC, MTA-STS, and MX validation issues

Filtering

Use the sidebar or filter controls to narrow issues by:

  • Severity (critical, warning, info)
  • Issue type (e.g. dangling_subdomain, certificate_expired)
  • Review status (needs review, in review, ignored)
  • Zone or record

Daily scans

Scans run automatically every day. New issues appear when detected, and resolved issues are cleared when the underlying condition is no longer present.

Archive & Restore

Safely delete DNS records with soft-delete and one-click restoration.

Port 21: FTP

Open FTP port detected on a publicly accessible host.

On this page

Severity levelsReview workflowIssue categoriesFilteringDaily scans