Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Best Practices for Monitoring DNS


Published on

The Domain Name System (DNS) is a crucial link in application delivery, whether you maintain your own DNS infrastructure or use an external provider. ThousandEyes monitors network and DNS performance, including tracing DNS queries, measuring resolution time and verifying record mappings. In this SlideShare, we cover how you can:

Trace queries from root name servers to authoritative servers

Monitor DNS server availability and resolution time

Confirm the accuracy of record mappings

Alert on DNS issues proactively

Watch the recorded webinar with live demo here:

Published in: Technology
  • Be the first to comment

Best Practices for Monitoring DNS

  1. 1. Best Practices for DNS Monitoring Nick Kephart, Director of Product Marketing
  2. 2. 1 Network Intelligence Keeps Your Business Running ThousandEyes is a network intelligence platform that delivers visibility into every network your organization relies on. Established and backed by network experts Relied on for critical operations by leading enterprises Recognized as an innovative new approach
  3. 3. 2 Why Monitor DNS Record Misconfiguration Server or Network Failure Vendor Availability DNSSEC Expiration Cache PoisoningDDoS Attacks
  4. 4. 3 Confirm and alert on record mappings for internal and external addresses DNS Monitoring Use Cases Track queries from root servers to authoritative servers Query Trace Record Accuracy Server Availability DNSSEC Validation Validate DNSSEC keychain Monitor authoritative and caching servers GSLB and Anycast Troubleshoot load balanced DNS using alerts and path visualization
  5. 5. 4 ThousandEyes Approach to DNS Monitoring •  ns •  @ •  +trace •  +dnssec •  +norec •  Authoritative and caching server network •  Routing metrics DIG-like Features And Correlation •  Store, save, share, baseline, alert With Analysis Enterprise Vendor
  6. 6. 5 How to Deploy DNS Tests Consumers Internet DNS Hosting Provider Enterprise Branch Enterprise Data Center 3 Local caching server 2 1 Enterprise Agent Cloud Agent Authoritative Server Authoritative Server TLD Server DNS Server DNS Trace DNS Server
  7. 7. 6 q Set up DNS Server tests for critical services and records q Alert on record mappings q Use Path Viz to see network connectivity, GSLB and Anycast q Troubleshoot local caching servers with DNS Server tests q Use Recursive Queries option Best Practices q Set up DNS Trace tests for major domains, sub-domains q Ensure DNS hierarchy is working as expected, check for hijacks q Review your DNS TTLs q Balance server load with propagation time; vary by record type q Be prepared for a DDoS q Diversify networks or vendors where you host DNS
  8. 8. Demo
  9. 9. 8 Choose DNS test type Domain and record Views included in the test Auto-lookup authoritative servers Add a New DNS Test
  10. 10. 9 DNS Server Monitoring Availability and resolution time By authoritative servers Performance over 30 days Save or share data
  11. 11. 10 DNS Record Details See mappings and resolution time for Tokyo Select a specific agent (Tokyo)
  12. 12. 11 DNS Domain Trace Monitoring Record availability, average queries and query time Detailed traces Performance over 30 days
  13. 13. 12 DNS Detailed Traces Unsuccessful trace Successful trace d-root à à
  14. 14. 13 DNSSEC Monitoring DNSSEC validation percentage DNSSEC trace details
  15. 15. 14 DNSSEC Details Keychain trust tree DNSSEC keys
  16. 16. 15 DNS Alerting Alert on resolution time, mappings, error details Alert to email or API
  17. 17. See what you’re missing. Watch the webinar