fbpx

Elite CIOs, CTOs & execs offer firsthand insights on tech & business. Opinions expressed by Forbes Contributors are their own.

Post written by

Steven Job

Steven Job is the President and founder of Tiggee, the parent company of DNS Made Easy and the ITO service leader, Constellix.

Steven JobSteven Job ,

Shutterstock

If you want to see how your domain name system (DNS) records are being used or troubleshoot an influx of queries, what would you do? Most likely, you would contact your managed DNS provider and request backlogs of query data. Then what? You’re not going to sift through hundreds of lines of source IP addresses and timestamps. Depending on the domain, some will get hundreds or even thousands of queries a minute.

This is what DNS analytics have been for roughly 30 years — until now. Modern technology has turned these messy backlogs into valuable information about how your DNS infrastructure is used and what you can do to improve it.

How DNS Works

Let’s pause for a minute for a quick refresher on how the DNS works. The DNS is, in essence, the phone book of the internet because it maps a domain name, like example.com, to an IP address, like 127.04.10.22.5. Every time someone enters a domain into their browser, it requires a DNS lookup to find the associated IP address. This is called a query, which is the building block of DNS analytics.  

As we saw earlier, domains receive a lot of queries. Most domains will answer a couple million queries each month. Every one of those queries has dozens of data points each, such as the network they used to get to that domain, where they are coming from, etc. All of this data needs to be stored, aggregated, filtered and presented in a way that actually makes sense to someone. Otherwise, it’s like trying to find the lady in the red dress in the Matrix code.

The Big Data Revolution

Web service providers have finally begun to tackle DNS query logs by leveraging big data technologies like Cassandra and Scala. DNS analytics dashboards have even become an industry standard among managed DNS providers, mainly because clients want to know how their DNS resources are being used so they can reduce costs or improve performance.

DNS analytics can show you exactly which records (by type or name) are being queried the most. If you see a record being queried a lot by one source IP address, it could be a system misconfiguration. These dashboards can also be used to identify and even predict DNS-based attacks, like distributed denial of service (DDoS) attacks.

Page 1 / 2