Fort Knox Mode

Some organizations can’t store DNS data on third-party infrastructure. Compliance policies, security requirements, or just principle — the data shouldn’t live on someone else’s servers. Fort Knox mode was built for exactly this.

When enabled, BackupMyDNS captures your zone snapshot, encrypts it, emails it directly to you, and deletes it from our systems immediately. Your zone data never persists on our infrastructure. Not temporarily, not in a queue, not in a log. It’s gone.

The flow

Every backup cycle follows the same sequence:

  1. Detect change — we poll your provider on schedule and compare against the last known state
  2. Snapshot zone — we pull every record from the zone via the provider API
  3. Encrypt — the snapshot is AES-256 encrypted before it goes anywhere
  4. Email to you — the encrypted zone file arrives as an attachment in your inbox
  5. Delete from our systems — the data is purged from our infrastructure

The whole cycle completes in seconds. There is no window where your zone data sits on our servers waiting to be processed.

What you get

Fort Knox mode doesn’t compromise on capture quality. You get:

  • The same automated change detection that runs on every plan
  • The same API-level capture of all record types — A, AAAA, CNAME, MX, TXT, SRV, CAA, and everything else the provider API surfaces
  • The same scheduling: hourly on Pro, every 10 minutes on Business
  • Backups arrive in your inbox as encrypted zone file attachments, ready to archive however your organization requires

The automation is identical. The difference is where the data ends up.

What you trade off

Since we don’t retain your zone data, some dashboard features aren’t available in Fort Knox mode:

  • No diff view — we can’t show you what changed between snapshots because we don’t have the previous snapshot to compare against
  • No browsable snapshot history — the timeline view in the app requires stored snapshots
  • No one-click downloads from the dashboard — your backups live in your email, not in the app

Your inbox becomes your backup archive. For many compliance-driven teams, this is the right tradeoff. You get the automation and the encryption without the third-party storage.

Who it’s for

Fort Knox mode exists for teams where third-party data storage is a non-starter:

  • Regulated industries — finance, healthcare, and government organizations with policies that prohibit DNS infrastructure data from residing on external systems
  • Compliance-driven teams — SOC 2, HIPAA, or internal security frameworks that restrict where zone data can be stored
  • Security-conscious organizations — teams that want the automation of scheduled backups without any data persistence on a third-party platform

If your security review would flag “DNS zone data stored on vendor infrastructure,” Fort Knox mode eliminates that finding.

Encryption

Your zone data is AES-256 encrypted before it leaves our systems. The email attachment contains the encrypted zone file — not plaintext. Even in transit, even sitting in your inbox, the content is protected.

This is the same encryption standard we use for all stored zone data on standard plans. The difference is that with Fort Knox mode, the encrypted data only exists in one place: wherever you put it.

Availability

Fort Knox mode is available on Pro ($14/mo) and Business ($49/mo) plans. Enable it per-provider or per-zone from your account settings.

Start backing up your DNS →

Free for your first domain. No credit card required.