Allow anyone
_uptimer.example.com. TXT "uptimer=allow-any"For Service Owners
Control who can monitor your service with DNS
This page shows you how to publish a DNS TXT policy that tells Uptimer whether checks are allowed for everyone, allowed only for specific tenants, or blocked completely.
- Choose your access mode:
allow-any,allow-only, orallow-none. - Copy the TXT format shown below and publish it on
_uptimer.<your-domain>. - Use
allow-onlywhen you want to permit checks only from specific tenant IDs.
Policy Record Format
Create TXT records on _uptimer.<domain> using one of the values below.
| Mode | TXT value | Behavior |
|---|---|---|
allow any |
uptimer=allow-any |
Any tenant can monitor this host. |
allow none |
uptimer=allow-none |
All monitoring attempts are denied. |
allow only |
uptimer=allow-only;tenants=<tenant-guid>,<tenant-guid> |
Only listed tenant IDs are allowed to monitor. |
Examples
Block everyone
_uptimer.example.com. TXT "uptimer=allow-none"Allow only selected tenants
_uptimer.example.com. TXT "uptimer=allow-only;tenants=11111111-1111-1111-1111-111111111111,22222222-2222-2222-2222-222222222222"
For allow-only, tenant IDs are GUIDs. Workspace admins can copy the Tenant ID from
Admin under Current Tenant Configuration.
Add global in the tenant list if you also want to allow non-tenant/global monitors.
How Evaluation Works
- Uptimer extracts the target host from the monitor configuration.
- It checks DNS TXT records in this order: exact host first, then parent domains.
- If no policy record is found, default behavior is
allow-any. - The policy check runs before any HTTP/TCP/DNS/Ping/Game request is sent.
If a check is denied, Uptimer records the denial in check history with policy metadata for auditability.