DNS module

From Allegro Network Multimeter Manual
Jump to navigation Jump to search

The DNS module tracks name lookup requests and responses to be able to present names for IP address without doing an active lookup. This allows the Allegro Network Multimeter to do efficient passive name resolving. The DNS module stores for each name the last IP that has been announced. Due to load balancing mechanisms in content delivery networks (or other setups) and virtual hosting, a name might be resolved to multiple IP addresses or a single IP address uses multiple names. The web frontend will always show the latest information seen on the network.

Main view

DNS servers

DNS servers

This tab shows all DNS servers in the network for which DNS traffic has been seen.

For each server, the table contains the following information:

  • DNS server
See Common table columns - IP.
  • Go to
Links to DNS server details and DNS connections to the IP of the server.
  • Alternative names
See Common table columns - Alternative names.
  • Requests
The number of requests to the DNS server.
  • Responses
The number of responses from the DNS server.
  • Errors
The number of error responses from the DNS server.
  • Unanswered
The number of requests to the DNS server, which have not gotten a response from the DNS server.
  • Graph
See Common table columns - Graph.
The graph shows the history of requests and responses per second.

Resolved names

This tab shows a table with all IP addresses and its name based on seen DNS request and response pairs. The Expire time column contains the date when the name is no longer valid. Usually DNS servers use a short timespan to let clients not store wrong names too long. The timespan usually ranges from a few minutes to some hours. The DNS server IP column lists the IP of the DNS server which responded to a query. Often, especially in smaller networks, there is only one server, but clients are free to use any other available DNS server.

DNS resolved names

Server response times

The response times tab shows global and per DNS server statistics about response times between a DNS request by a client and the response by the server. In the global section a graph shows minimum, average and maximum values over time. A table lists the amount of requests and responses, as well as response times per DNS server. A graph shows the amount of requests and responses over time.

DNS server response time

Server reply codes

This tab shows reply codes globally and per DNS server in a list. Graphs show the distribution over time. The most common reply codes are shown:

  • No error (0)
  • Format error (1)
  • Server failure (2)
  • Non-existent domain (3)
  • Other errors

DNS server reply codes

DNS record types

This tab shows the amount of DNS record types globally for all DNS server. Detailed graphs are available for the most commonly used record types A, AAAA, CNAME and MX

DNS record types

DNS server details

DNS server details

The server details page shows an overview for the selected DNS server and a detailed list of DNS lookup response times for each individual DNS connection. Also, the unanswered DNS requests are shown and the non-existing names.

Overview

The overview tab shows DNS statistics for the selected DNS server, including the number of requests and responses, the average response time, and the historical graph.

Clients

In this tab all clients of the DNS server are shown. Response codes, response times and request/response numbers are available both as text and graphs. PCAP buttons allow for capturing DNS traffic between both peers.

Lookup time and status

DNS names and lookup times

This tab shows the number of unique DNS names that have been answered by the current DNS server. The table shows the number of requests and responses per name as well as counters for each reply code. Clicking any number will filter the connection list below the able for the corresponding elements. By using the toggle buttons above the table it is possible to hide name elements which do not have a non-zero counter for the specific field. For example, this allows for easily see only those names that have been answered with a server failure reply code.

The second table lists all DNS connection and shows when the request happened, the response time and the name and status code.

The list of connections can be filtered, for example to search for specific names, or for specific status codes. For example, the filter expression (dnsstatus==2) shows all DNS connections with a server failure.

The list can also be downloaded to get all matching connections as CSV file for further processing.

Unanswered requests

This tab shows the unique number of DNS names that have not been answered by the current DNS server. It is possible to click on the number to filter the connection table below to that specific name.

Non-existing domains

This tab shows the unique number of DNS names that has been rejected by the DNS server for being not existing. It is possible to click on the number to filter the connection table below to that specific name.