I recently took a good look at Kentik to see what all the fuss was about ( In my opinion, there was a fuss… ) and I found a spectacular network intelligence system that is widely believed to carry the top spot among the many products in its class. It’s very dazzling too, to read about how the back end is architected or listening to the way Phil Gervasi describes them in the Tech Filed Day videos. But one of the things that stuck with me the most was their thoughtfulness and thoroughness for doing the basics. The smoothness with which the functions operated for me on my first try was what captured my first impression most of all.

We all make our own security mistakes over the lifetime being an infosec professional, but one of the things that I find really spooky, is when someone makes one of them for you. It was just about a year ago ( today being August 2025 ) when a plethora of SquareSpace migrated domains had their DNS configurations hijacked by some very creative thinking attackers. I presume that the administrators managing the migration didn’t realize that there was no email validation or that there was some sort of authentication in place.. Either way, all you have to do is make one mistake and someone usually finds it.

When I began perusing Kentik’s real time Synthetic testing capability that comes with DNS server response validation, I put myself in their square shaped shoes and built a solution around it to test in the lab.

I constructed two DNS tests to monitor Route 53 and a Bind9 server, one test querying each respectively. When I fired off the change to route 53 via my aws cli, the alerts began to fire within 60 seconds ( several runs were all within a 45 – 85 second range with the DNS tests set to run every minute ), first route 53 then my BIND9 server which had a TTL of 30 seconds.

We’re going to be taking a closer look at the way the platform managed flow next time. Be sure to stay tuned.