I've written a simple dns checker. It can be found at http://www.stearns.org/dns-check/ . Pull dns-check and put it somewhere it can be executed, like ~/bin or /usr/local/bin . Put dns-check.conf in /etc (if you name it anything other than /etc/dns-check.conf, you'll need to specify the config file on the command line. mkdir /var/lib/dns-check #Where the known good data is stored. I suggest you run the program as a non-root user, say, "monitor" as it needs no privileges to run. adduser monitor chown -R monitor.monitor /var/lib/dns-check Monitor does not need to own the config file, it just has to be readable by that user. Place the dns records you want to check in /etc/dns-check.conf like so: #Sample entries #DNS server Object to request Type of DNS object Key to use localhost www.mydomain.com. A 12.13.14.15 www.mydomain.com. A 12.13.14.15 mydomain.com. MX 12.13.14.15 mydomain.com. SOA 12.13.14.15 mydomain.com. AXFR The 5 lines are: 1) Ask the DNS server at localhost where it believes www.mydomain.com. can be found. 2) Ask our other name server (12.13.14.15) the same thing. 3) Check the MX record for the domain. 4) Check SOA too. 5) Do a full zone transfer of mydomain.com. . If you have zone transfers limited to hosts with the appropriate key, you'll need to tell dns-check what that key is. Put the key, if needed, in column 4 like so: 12.13.14.15 mydomain.com. AXFR keyname:Base64KeyData== (Note that by using Tsig keys with the dig tool, the key will be briefly visible in the task list on the machine running dns-check. If protecting that key is important to you, you may wish to consider who gets accounts on that machine.) Once you've decided what to watch, run dns-check . The first time dns-check works with a new entry in /etc/dns-check.conf, it'll show you what it got from the server and save it in /var/lib/dns-check/ . A blank entry means dig couldn't pull that data at all, even after 3 tries. Run dns-check again and it'll show no output at all (and give a return code of 0 so you can call it from other scripts). This means nothing has changed. A return code of 1 means some dns data changed (or missing config file/data dir). Once it's stable, you can run it from cron with (the following on one long line in /var/spool/cron/monitor ): */3 * * * * export CHECKOUT="`dns-check`" ; if [ -n "$CHECKOUT" ]; then echo "$CHECKOUT" | mail -s 'Changed DNS' monitoringteam@mydomain.com ; fi Make sure to restart cron or "touch /var/spool/cron" to make the change take effect. To call it from another script, try: if /usr/src/dns-check/dns-check ; then echo Nothing has changed since the files were last written, good. else echo Content has either changed or been added. fi When you intentionally make changes to a dns entry, dns-check will continue to alert on the change. Simply remove the file in /var/lib/dns-check with the old, incorrect data and rerun dns-check. The file will be recreated.