monitoring dns records and servers

2

•  November 15th 2016 •  An overview of the Domain Name System, resources,

records, name resolution and name servers.

DNS Webinar Series

•  January 17th 2017 •  An in-depth view on how to monitor and alert on DNS

availability, response time and record mappings.

Intro to DNS

Monitoring DNS Records and Servers

•  December 13th 2016 •  Tips and examples covering DNS hijacking and DDoS

attacks on DNS infrastructure. DNS Security

3

About ThousandEyes ThousandEyes delivers visibility into every network your organization relies on.

Founded by network experts; strong

investor backing

Relied on for "critical operations by leading enterprises

Recognized as "an innovative "

new approach

31 Fortune 500

5 top 5 SaaS Companies 4 top 6 US Banks

4

DNS Records Record Type Purpose Addresses A Maps a fully qualified domain name (FQDN) to an IPv4 address AAAA Maps a FQDN to an IPv6 address Aliases CNAME Maps a FQDN to another FQDN DNAME Maps all subdomains of a FQDN to another FQDN Servers NS Maps a subdomain to a FQDN of a name server MX Maps an email domain to a FQDN of a mail server Read more: https://blog.thousandeyes.com/guide-to-dns-record-types

5

DNS Resolution

Client Recursive server"(ISP, company,

public DNS)

Root server a.root-servers.net

TLD server a.gtld-servers.net

Authoritative server ns2.google.com

6

DNS Trace Test

Enterprise or Cloud Agent

Root server a.root-servers.net

TLD server a.gtld-servers.net

Authoritative server ns2.google.com

7

DNS Server Test Authoritative Server

Root server a.root-servers.net

TLD server a.gtld-servers.net

Authoritative server ns2.google.com

Enterprise or Cloud Agent

8

Enterprise or Cloud Agent

DNS Server Test Caching Resolver – Non-Recursive Queries

Local caching resolver

Root server a.root-servers.net

TLD server a.gtld-servers.net

Authoritative server ns2.google.com

9

DNS Server Test Caching Resolver - Recursive Queries

Local caching resolver

Root server a.root-servers.net

TLD server a.gtld-servers.net

Authoritative server ns2.google.com

Enterprise or Cloud Agent

10

DNS Trace vs. DNS Server Tests DNS Trace DNS Server

dig +trace dig @ns.domain.com With network, routing tests

Tests the entire DNS hierarchy Tests a pre-determined set of name servers (usually authoritative) or local caching resolvers

Shows whether record mappings are correct and available; also final query time

Shows record mappings as well as server, network and routing data

Understand the availability and accuracy of record mappings

Understand the performance of your DNS infrastructure (internally or externally managed)

11

•  ns •  @ •  +trace •  +dnssec •  +norec

ThousandEyes Approach to DNS Monitoring

•  Authoritative and caching server network

•  Routing metrics

DIG-like Features And Correlation •  Store, save,

share, baseline, alert, report

With Analysis

Enterprise

Vendor

12

Alerting for DNS Server Performance Test Type Threshold

DNS Server DNS Trace

Error is present Mapping not in _____

DNS Server Resolution Time ≥ _____ms

Network End-to-End (Server)

Packet Loss, Latency, Jitter, Error, Available Bandwidth, Capacity

BGP Reachability, Path Changes, Origin ASN, Next Hop ASN, Prefix, Covered Prefix

Read more: https://blog.thousandeyes.com/tips-instrumenting-dns-alerts/

13

q Set up DNS Trace tests for major domains and subdomains q Alert on record mappings and

availability q Ensure DNS hierarchy is working as

expected q Check for hijacks

Best Practices for DNS Tests q Set up DNS Server tests to critical

DNS infrastructure q Alert on record mappings, availability,

resolution time, network performance q Use Path Viz to see network

connectivity, GSLB and Anycast q Troubleshoot local caching servers

with DNS Server tests q Recursive Queries option

14

Demo

15

Choose DNS test type

Domain and record

Views included in the test

Auto-lookup authoritative

servers

Add a New DNS Test

16

DNS Domain Trace Monitoring

Record availability,

average queries and query time

Detailed traces

Performance over 30 days

17

DNS Detailed Traces

Unsuccessful trace

Successful trace d-root à pac1.nipr.mil à

ns02.army.mil

18

DNS Server Monitoring

Availability and resolution time

By authoritative

servers

Performance over 30 days

Save or share data

19

DNS Record Details

See mappings and resolution time for Tokyo

Select a specific agent

(Tokyo)

20

Correlation Across Layers

Continuing server availability issues

Correlated with loss in many upstream ISPs

Root cause is instability due to route flapping

21

DNS Alerting

Alert on resolution time, mappings, error details

Alert to email or API

22

See what you’re missing.

Watch the webinar:

https://www.thousandeyes.com/resources/monitoring-dns-records-servers-webinar