Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Monitoring DNS Records and Servers

901 views

Published on

Learn to choose and set up ThousandEyes DNS tests to systematically monitor the DNS records and servers for domains critical to your business.

See the full webinar and the rest of the series at https://www.thousandeyes.com/resources/monitoring-dns-records-servers-webinar

Published in: Technology
  • Be the first to comment

Monitoring DNS Records and Servers

  1. 1. 2 •  November 15th 2016 •  An overview of the Domain Name System, resources, records, name resolution and name servers. DNS Webinar Series •  January 17th 2017 •  An in-depth view on how to monitor and alert on DNS availability, response time and record mappings. Intro to DNS Monitoring DNS Records and Servers •  December 13th 2016 •  Tips and examples covering DNS hijacking and DDoS attacks on DNS infrastructure. DNS Security
  2. 2. 3 About ThousandEyes ThousandEyes delivers visibility into every network your organization relies on. Founded by network experts; strong investor backing Relied on for " critical operations by leading enterprises Recognized as " an innovative " new approach 31 Fortune 500 5 top 5 SaaS Companies 4 top 6 US Banks
  3. 3. 4 DNS Records Record Type Purpose Addresses A Maps a fully qualified domain name (FQDN) to an IPv4 address AAAA Maps a FQDN to an IPv6 address Aliases CNAME Maps a FQDN to another FQDN DNAME Maps all subdomains of a FQDN to another FQDN Servers NS Maps a subdomain to a FQDN of a name server MX Maps an email domain to a FQDN of a mail server Read more: https://blog.thousandeyes.com/guide-to-dns-record-types
  4. 4. 5 DNS Resolution Client Recursive server" (ISP, company, public DNS) Root server a.root-servers.net TLD server a.gtld-servers.net Authoritative server ns2.google.com
  5. 5. 6 DNS Trace Test Enterprise or Cloud Agent Root server a.root-servers.net TLD server a.gtld-servers.net Authoritative server ns2.google.com
  6. 6. 7 DNS Server Test 
 Authoritative Server Root server a.root-servers.net TLD server a.gtld-servers.net Authoritative server ns2.google.com Enterprise or Cloud Agent
  7. 7. 8 Enterprise or Cloud Agent DNS Server Test 
 Caching Resolver – Non-Recursive Queries Local caching resolver Root server a.root-servers.net TLD server a.gtld-servers.net Authoritative server ns2.google.com
  8. 8. 9 DNS Server Test 
 Caching Resolver - Recursive Queries Local caching resolver Root server a.root-servers.net TLD server a.gtld-servers.net Authoritative server ns2.google.com Enterprise or Cloud Agent
  9. 9. 10 DNS Trace vs. DNS Server Tests DNS Trace DNS Server dig +trace dig @ns.domain.com With network, routing tests Tests the entire DNS hierarchy Tests a pre-determined set of name servers (usually authoritative) or local caching resolvers Shows whether record mappings are correct and available; also final query time Shows record mappings as well as server, network and routing data Understand the availability and accuracy of record mappings Understand the performance of your DNS infrastructure (internally or externally managed)
  10. 10. 11 •  ns •  @ •  +trace •  +dnssec •  +norec ThousandEyes Approach to DNS Monitoring •  Authoritative and caching server network •  Routing metrics DIG-like Features And Correlation •  Store, save, share, baseline, alert, report With Analysis Enterprise Vendor
  11. 11. 12 Alerting for DNS Server Performance Test Type Threshold DNS Server DNS Trace Error is present Mapping not in _____ DNS Server Resolution Time ≥ _____ms Network End-to-End (Server) Packet Loss, Latency, Jitter, Error, Available Bandwidth, Capacity BGP Reachability, Path Changes, Origin ASN, Next Hop ASN, Prefix, Covered Prefix Read more: https://blog.thousandeyes.com/tips-instrumenting-dns-alerts/
  12. 12. 13 q Set up DNS Trace tests for major domains and subdomains q Alert on record mappings and availability q Ensure DNS hierarchy is working as expected q Check for hijacks Best Practices for DNS Tests q Set up DNS Server tests to critical DNS infrastructure q Alert on record mappings, availability, resolution time, network performance q Use Path Viz to see network connectivity, GSLB and Anycast q Troubleshoot local caching servers with DNS Server tests q Recursive Queries option
  13. 13. 14 Demo
  14. 14. 15 Choose DNS test type Domain and record Views included in the test Auto-lookup authoritative servers Add a New DNS Test
  15. 15. 16 DNS Domain Trace Monitoring Record availability, average queries and query time Detailed traces Performance over 30 days
  16. 16. 17 DNS Detailed Traces Unsuccessful trace Successful trace d-root à pac1.nipr.mil à ns02.army.mil
  17. 17. 18 DNS Server Monitoring Availability and resolution time By authoritative servers Performance over 30 days Save or share data
  18. 18. 19 DNS Record Details See mappings and resolution time for Tokyo Select a specific agent (Tokyo)
  19. 19. 20 Correlation Across Layers Continuing server availability issues Correlated with loss in many upstream ISPs Root cause is instability due to route flapping
  20. 20. 21 DNS Alerting Alert on resolution time, mappings, error details Alert to email or API
  21. 21. 22 See what you’re missing. Watch the webinar: https://www.thousandeyes.com/resources/monitoring-dns-records-servers-webinar

×