Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  4. Basic monitoring service

Author: GDS

Basic monitoring service

Basic monitoring is a free monitoring service provided by the Government Digital Service (GDS) to the UK public sector using commercial and internal tools and services.

All domains in public sector namespaces are automatically included in basic monitoring.

We can also monitor domains in any namespace, for example .gov.uk, .nhs.uk, or .org.uk, as long as you own the domain and can authorise monitoring of the services it operates.

The service is centrally funded, so there is no cost to organisations. You can use the basic monitoring service as well as your own monitoring, or to replace it.

What basic monitoring does

Basic monitoring runs checks using only the standard functionality of the service, for example:

  • making a DNS query
  • requesting a page from a web server
  • asking an email server if it supports a particular encryption method

The service looks for a range of internet-facing domain and DNS-related misconfigurations and vulnerabilities including:

  • domain lifecycle issues such as expiries and registration problems
  • dangling resources and lame delegations
  • email misconfigurations and failures
  • nameserver misconfigurations, consistency issues and failures
  • some basic web issues like out of policy forwarding

We will email you to tell you about any critical vulnerabilities found.

Frequency of scanning and impact on services

Every day, we operate a small number of internal monitoring tools which run standard DNS queries with no impact on the domain owner’s services.

We use Detectify to check all .gov.uk domains 3 times a day. If you have authorised us to check other public sector domains these will also be checked 3 times. These checks are mainly passive DNS and HTTP queries, although domain owners may see light traffic from Detectify servers.

Find out more about how we use Detectify.

We use Hardenize to run standard DNS queries that have no impact on the domain owner’s services. The frequency of these are:

  • every day for .gov.uk domains
  • weekly for other public sector domains

Read more about Hardenize, including where their traffic comes from.

We also use Whois XMLAPI’s Domain Reputation API to run standard DNS and HTTP queries that have no impact on the domain holder’s services. The frequency of these are:

  • daily for .gov.uk domains
  • fortnightly for all other public sector domains

Use SIEM to receive data

We do not provide direct access to any of the commercial supplier tools or portals.

If you use SIEM, you can sign up to our data sharing service to receive all vulnerability data directly into your SIEM.

Find out about integration with your SIEM.

Contact

If your organisation owns domains you would like included in basic monitoring, email support@domains.gov.uk.

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now