How Periodic Works

Overview

eSolia Periodic is a domain security monitoring platform that continuously monitors DNS records, email authentication settings, and Cloudflare security configurations. It detects unauthorized changes, verifies propagation across global DNS resolvers, and provides actionable alerts and remediation tracking.

flowchart TB
    subgraph Domain["Your Domain"]
        DNS["DNS Records<br/>SPF, DKIM, DMARC<br/>MX, NS, CAA"]
        CF["Cloudflare Settings<br/>SSL, WAF, HSTS"]
    end

    subgraph Platform["eSolia Periodic"]
        Monitor["Monitoring Engine"]
        Baseline["Baseline Capture"]
        Detect["Change Detection"]

        subgraph Resolvers["9 Global DNS Resolvers"]
            R1["Google • Cloudflare"]
            R2["Quad9 • OpenDNS"]
            R3["Mullvad • AdGuard"]
            R4["Control D • CleanBrowsing"]
            R5["IIJ (Japan)"]
        end

        Alert["Alert System"]
        Dashboard["Admin Dashboard"]
    end

    subgraph Output["Notifications"]
        Email["📧 Email"]
        Teams["💬 Teams"]
        Webhook["🔗 Webhooks"]
    end

    DNS --> Monitor
    CF --> Monitor
    Monitor --> Resolvers
    Monitor --> Baseline
    Baseline --> Detect
    Detect --> Alert
    Alert --> Email
    Alert --> Teams
    Alert --> Webhook
    Monitor --> Dashboard

Core Features

DNS Baseline Monitoring

Periodic captures a "baseline" of your DNS configuration and continuously monitors for changes:

Record	Purpose	What We Monitor
NS	Nameservers	Unauthorized nameserver changes (hijacking indicator)
MX	Mail servers	Mail routing changes
SPF	Sender Policy	Email authentication configuration
DKIM	DomainKeys	Email signing key records
DMARC	Domain Policy	Email authentication policy and reporting
CAA	CA Authorization	Certificate issuance restrictions
DNSSEC	DNS Security	Cryptographic signing status

Multi-Resolver Propagation Checking

Periodic queries multiple DNS resolvers via DNS over HTTPS (DoH) to verify propagation and detect inconsistencies:

Tier 1 Resolvers (Major Providers)

Google DNS (8.8.8.8) - North America
Cloudflare DNS (1.1.1.1) - Global Anycast
Quad9 (9.9.9.9) - Global with security filtering
OpenDNS (208.67.222.222) - Global

Tier 2 Resolvers (Extended Coverage)

Mullvad DNS (194.242.2.2) - Europe (Sweden)
AdGuard DNS (94.140.14.14) - Global
Control D (76.76.2.0) - North America (Canada)
CleanBrowsing (185.228.168.9) - Global

APAC Region

IIJ Public DNS (210.130.0.1) - Japan

Cloudflare Security Monitoring

For domains using Cloudflare, Periodic monitors security settings:

SSL Mode

Full (strict) vs flexible

TLS Version

Minimum TLS 1.2 or 1.3

HSTS

Header enforcement

WAF

Web Application Firewall rules

Always HTTPS

HTTP→HTTPS redirect

Bot Management

Bot detection settings

DMARC & TLS-RPT Report Analysis

Periodic ingests and analyzes email authentication reports:

DMARC Aggregate Reports: SPF/DKIM alignment statistics, failure sources
TLS-RPT Reports: Email transport security issues, certificate problems

Remediation Projects

Track security improvements with:

Before/after snapshotsChange documentationScore improvement trackingProject status (Planning → In Progress → Complete)

The Monitoring Cycle

flowchart LR
    A["1. Capture<br/>Baseline"] --> B["2. Query<br/>Resolvers"]
    B --> C["3. Compare<br/>Results"]
    C --> D["4. Detect<br/>Changes"]
    D --> E["5. Send<br/>Alerts"]
    E --> F["6. Track<br/>Remediation"]
    F -.-> A

1 Capture Baseline

When you add a domain, Periodic queries all DNS records and captures the current state as a "baseline" - the expected configuration.

2 Query Resolvers

On each check cycle, Periodic queries all 9 DNS resolvers in parallel using DoH (DNS over HTTPS). This provides true propagation verification, geographic coverage (US, EU, APAC), and independence from your local resolver.

3 Compare Results

Results from all resolvers are compared: Do all resolvers agree? Does the result match the baseline?

4 Detect Changes

Based on comparison, Periodic determines the status:

OK - All resolvers agree and match expected

PROPAGATING - Resolvers disagree (change in progress)

UNAUTHORIZED - All agree but doesn't match expected

WARNING - Security best practice issues

ERROR - Query failure

5 Send Alerts

Alerts are sent via:

Email: Immediate notification to configured addresses
Microsoft Teams: Adaptive Card format
Webhooks: For SIEM integration

6 Track Remediation

For issues that need fixing:

Create a remediation project
Document the planned changes
Execute changes
Resync baseline
Track score improvement

Security Architecture

Data Isolation

Multi-tenant: Each client's data is isolated
Per-client encryption: API credentials encrypted with client-specific keys
Role-based access: Owner → Admin → Client roles with appropriate permissions

Authentication

Magic Link Login: Passwordless via email
TOTP 2FA: Time-based one-time passwords with backup codes
Session Security: HTTP-only cookies, automatic expiration

Use Cases

DNS Hijacking Detection

Attackers change your NS records to redirect traffic.

Periodic Response

Detects NS record change from expected nameservers
Checks all 9 resolvers to confirm propagation
Sends immediate UNAUTHORIZED alert
Logs event for audit trail

Email Authentication Drift

IT team updates SPF but forgets about other records.

Periodic Response

Captures change in SPF record
Compares against expected value
If expected → marks as propagating until consensus
If unexpected → alerts for review
Security assessment flags gaps in DKIM/DMARC

Cloudflare Misconfiguration

SSL mode accidentally set to "Flexible" instead of "Full (Strict)".

Periodic Response

Cloudflare check detects mode change
Compares against baseline
Generates WARNING alert
Provides remediation guidance

Strengthen Your Domain Security

Periodic continuously monitors your domains, detects unauthorized changes, and helps you improve your security posture.