Domain management

Domain Management provides comprehensive monitoring of your organization's web properties, ensuring your domains remain secure, properly configured, and free from unauthorized tampering. For Web3 organizations where domain compromise can lead to devastating phishing attacks or fund theft, proactive domain monitoring is essential.

Monitoring Capabilities

Domain Verification

Add and verify ownership of your domains to enable monitoring:

• Verify domains through DNS TXT records or file upload

• Support for apex domains and subdomains

• Automatic detection of SSL/TLS certificate issues

• Expiration warnings for certificates and domain registrations

Security Headers Analysis

Automated scanning of HTTP security headers:

Critical Headers Monitored:

• Content-Security-Policy (CSP)

• Strict-Transport-Security (HSTS)

• X-Frame-Options (clickjacking protection)

• X-Content-Type-Options (MIME sniffing prevention)

• Referrer-Policy

• Permissions-Policy

Security Grading: Each domain receives a security grade (A+ through F) based on header configuration, with detailed recommendations for improvement.

Compliance Tracking: Monitor adherence to security best practices and regulatory requirements (PCI-DSS, SOC 2, etc.).

DNS Health Monitoring

Track DNS configuration and detect anomalies:

• Monitor DNS record changes (A, AAAA, CNAME, MX, TXT)

• Alert on suspicious DNS modifications

• Detect DNS hijacking attempts

• Track nameserver changes

• Monitor DNSSEC configuration

Content Integrity Monitoring

Frontend Protection: Sentry creates cryptographic hashes of your web application content and continuously monitors for unauthorized changes.

What's Monitored:

• HTML page content

• JavaScript files

• CSS stylesheets

• Critical static assets

• API endpoint responses

Change Detection: When content changes are detected:

• Immediate alerts sent to administrators

• Detailed diff showing what changed

• Option to mark changes as authorized (deployments)

• Historical tracking of all content modifications

Use Cases:

• Detect injected malicious scripts

• Identify compromised deployment pipelines

• Catch unauthorized "maintenance" pages

• Monitor for supply chain attacks via CDN compromise

Domain Health Dashboard

Visual overview of all monitored domains:

• Overall health status (healthy, warnings, critical)

• Last scan timestamp

• Number of security issues detected

• Certificate expiration countdown

• Uptime monitoring

• Response time tracking

Alert Types

Critical Alerts:

• Content hash mismatch (potential compromise)

• DNS records pointing to unauthorized IPs

• SSL/TLS certificate errors or expiration

• Missing critical security headers (CSP, HSTS)

• Domain ownership transfer detected

Warning Alerts:

• Security header grade degradation

• Slow response times or intermittent failures

• Certificate expiring within 30 days

• New subdomains detected

• DNS configuration changes

Best Practices

Verify All Public-Facing Domains: Don't just monitor your main site - include documentation, marketing pages, testnet deployments, and API endpoints.

Set Up Trusted Content Baselines: After each legitimate deployment, acknowledge the content change to establish the new trusted baseline.

Monitor Subdomains: Attackers often target forgotten or unused subdomains for subdomain takeover attacks.

Implement Security Headers Gradually: Use report-only modes (CSP report-only, etc.) to test configurations before enforcing.

Regular Audits: Review your domain list quarterly to remove old domains and add new ones.