From CA ASM 10.x onward, a new field named Match type has been added to the DNS Monitor settings > Advanced tab. It consists of 3 options: Subset, Equal and Superset.
Below are the steps to create a DNS monitor for a domain with multiple DNS A records:
1. Login to your CA ASM portal, and select Monitoring > Monitors > New Monitor
2. Select DNS for monitor type:
3. In the New DNS monitor > General Parameters page, enter the relevant information as follow:
Note: In this example, all 3 IPs (184.108.40.206,220.127.116.11,18.104.22.168) were entered into the Expected result field.
4. Click on the Advanced tab on the left, and select the desired option for the Match type field:
Subset match passes if found records are a subset of the expected result (e.g. the found record is an item from the expected pool).
Equal match passes if found and expected result lists are equal.
Superset match passes if found records are a superset of the expected result (e.g. found records include all expected items).
E.g. if the expected result is 22.214.171.124,126.96.36.199 then found results
188.8.131.52: passes as a subset
184.108.40.206, 220.127.116.11: passes in all cases
18.104.22.168, 22.214.171.124, 126.96.36.199: passes as a superset
In this case, as yahoo.com will always return all 3 IP addresses, the DNS Lookup checks will pass in all cases (Subset, Equal & Superset)
If you add one more dummy IP address in the Expected result field, the checks will only pass as Subset
If you remove one IP address from the Expected result field, the checks will only pass as Superset.
5. Click Save and you should see the check passes with the given configurations:
6. Click Activate to activate the DNS monitor, then go to Analysis > Logs to see the actual lookup results from all monitoring stations: