DNS - The Phone Book for IP Addresses
The IP protocol DNS
What is DNS?
DNS is an important service in IP-based networks and a central component of the Internet. All exchange partners on the Internet communicate with each other by the use of IP addresses which are used by computers for mutual networking. The user only has to enter the domain name and does not have to remember the long IP address consisting of numbers and dots in order to make a request. When a request is made, domain names are translated into numbers with the help of DNS servers. These then control which origin server a user reaches. This process operates also in the opposite direction - resolving IP addresses into names, since DNS servers translate queries back and forth between two points and thus in both directions. This process is called reverse lookup.
The acronym DNS stands for "Domain Name System" and thus describes, in simplified terms that a domain such as allegro-packets.com is converted into the IP address 12.345.67.89. The functionality of DNS can be compared to a telephone directory. It manages the assignment between domain names and IP addresses, like the classic telephone book between names and telephone numbers.
The domain namespace has a tree-like structure, (see the adjacent image). The leaves of the tree represent the labels. Labels are strings of characters, each 1-63 bytes long and separated by dots. In the structure, a domain is terminated with a dot; this is usually omitted when typing. Formally, however, the dot belongs to a complete domain. In addition, a complete domain name consists of the concatenation of all labels of a path. Our complete domain is allegro-packets.com. and must not exceed 255 bytes including all dots. The complete domain name is also called Fully Qualified Domain Name (FQDN).
A domain name is always resolved from right to left. This means that the further to the right a label is, the higher it is in the tree. The dot at the end of the domain separates the label for the first hierarchy level from the root. The first level is the top-level domain. The graphic illustrates the tree-like structure of a domain.
What problems cause packet loss in DNS?
When DNS requests cannot be resolved, the user often says that the network or the Internet is not working. If incorrect DNS servers are used, the fault is difficult to detect even for a network administrator. A malfunction within a networked IT infrastructure can result in considerable costs, and a corruption of DNS data can be the starting point for attacks.
DNS is a sensitive protocol when it comes to packet loss. When "the Internet doesn't work", DNS can be disrupted by packet loss and trigger errors or be the cause of disruptions in a wide variety of application scenarios. Examples include when a website cannot be accessed, an email cannot be sent, an image cannot be uploaded, or a stream cannot be started. If packet loss in DNS prevents the IP address of the server from being determined, errors of this type will occur. With this basic information you facilitate your troubleshooting, because if it is clear where to look for the error, it can save time, money and frustration.
As connection protocols for transporting data, DNS mainly uses UDP or alternatively, TCP if the maximum size of a UDP packet of 512 bytes is exceeded; this is not uncommon. So why does this limitation still exist? The UDP payload is related to IPv4.
If an attempt is made to transfer data via TCP, although TCP is blocked, the request must nevertheless be answered via UDP, although the maximum size of the packet is exceeded. This becomes a problem and causes packets to be discarded. As a result, there is incorrect DNS name resolution or even domains that cannot be resolved. Thus, services, applications and "the Internet" function slowly or not at all.
Analyze DNS with the Allegro Network Multimeter
Since the Internet is an integral part of almost all organizations and processes, a trouble-free workflow must be ensured. Checking and controlling DNS helps to keep an overview of "the Internet" to find and fix errors quickly in case of emergency. The Allegro Network Multimeter makes checking the DNS protocol extremely easy.
Since firmware Release 3.0, even more DNS details can be examined, making it even easier to detect errors. For example, more statistics on response times, status, the frequency of requests and how often they were (or not) answered can be viewed. It is no longer necessary to spend a long time examining a pcap to find an error. With the Allegro DNS module, search times can be reduced and different DNS statistics can be called directly. The DNS analysis can be performed live or for selected time intervals.
For more information on other features and innovations of the Allegro Network Multimeter, feel free to watch our release video. Starting at minute 12:23, Managing director of Allegro Packets Klaus Degner talks about DNS statistics.
DNS module presentation
The dashboard displays many different statistics on request and response times for name resolution without performing an active search. This allows the Allegro Network Multimeter to implement efficient passive name resolution.
The DNS module stores the last announced IP address for each domain name. Due to load balancing mechanisms in content delivery networks for example and virtual hosting, a name can be resolved to multiple IP addresses. In addition, a single IP address can also use multiple names. The Allegro dashboard always displays the latest information seen on the network.
The DNS module consists of five tabs: DNS Servers, Resolved Names, Server Response Times, Server Response Codes, and DNS Record Types. These are discussed in more detail below and in the Product Wiki.
All past and current queries and responses are displayed here for each server. The table displays detailed views for the DNS server, for the individual IP addresses and the IP connections. For each individual DNS connection, detailed lists can be retrieved, e.g. on response times or the unanswered queries.
This tab displays a table with all IP addresses and their names. The Expiration Time column contains the time after which the name will no longer be valid. Normally, DNS servers use only a short time period so that clients do not store incorrect names for too long. The "DNS Server IP" column lists the IP address of the DNS server that responded to a query. Often, especially in smaller networks, there is only one server, but clients are free to use any other available DNS server.
Server response times
This tab shows the global statistics on the times between a request from a client and the response from the server per DNS server. Individual sections can be selected here to be viewed in more detail.
Server response codes
In the Server Response Codes tab, response codes can be viewed globally. In addition, all codes for individual DNS servers are displayed in a list. The diagrams illustrate the distribution over time using different colour markings (see image).
DNS record types
The last tab shows the set of DNS record types globally for all DNS servers. For the most frequently used record types A, AAAA, CNAME and MX, additional detailed diagrams can be retrieved.
Use Case: Identification of the DNS servers used and their users
Organizations often have a local DNS server that should be used for name resolution. This is also automatically adopted on the client systems via mechanisms such as DHCP. However, not all systems are configured in this way and sometimes external DNS servers are used intentionally. Which DNS servers are used can be easily determined with the Allegro Network Multimeter:
Under the category "L3 - IP" in the item "DNS statistics" the first tab shows a list of all DNS servers used. Here, the traffic volume of the servers is graphically displayed and the list can be sorted e.g. by the number of requests sent to the DNS server. If an unexpected server is listed here, the connections to this server can be easily displayed. A click on "DNS Connections" leads to a list that shows all DNS connections to this server and thus enables the identification of the systems that use this DNS server.
For advanced information on the features of the DNS module, visit the Product Wiki.