DNS module: Difference between revisions

The DNS module tracks name lookup requests and responses to be able to present names for IP address without doing an active lookup. This allows the Network Multimeter to do efficient passive name resolving. The DNS module stores for each name the last IP that has been announced. Due to load balancing mechanisms in content delivery networks (or other setups) and virtual hosting, a name might be resolved to multiple IP addresses or a single IP address uses multiple names. The web frontend will always show the latest information seen on the network.

Web interface

Main view

DNS server

This tab shows all DNS servers in the network for which DNS traffic has been seen.

For each server the number of requests and responses are shown including a history. The table allows to go to a detailed page for the DNS server (DNS server details), the generic IP details page, and to the connections of the IP server.

Resolved names

This tab shows a table with all IP addresses and its name based on seen DNS request and response pairs. The Expire time column contains the date when the name is no longer valid. Usually DNS servers use a short timespan to let clients not store wrong names too long. The timespan usually ranges from a few minutes to some hours. The DNS server IP column lists the IP of the DNS server which responded to a query. Often, especially in smaller networks, there is only one server, but clients are free to use any other available DNS server.

Server response times

The response times tab shows global and per DNS server statistics about response times between a DNS request by a client and the response by the server. In the global section a graph shows minimum, average and maximum values over time. A table lists the amount of requests and responses, as well as response times per DNS server. A graph shows the amount of requests and responses over time.

Server reply codes

This tab shows reply codes globally and per DNS server in a list. Graphs show the distribution over time. The most common reply codes are shown:

• No error (0)
• Format error (1)
• Server failure (2)
• Non-existent domain (3)
• Other errors

DNS record types

This tab shows the amount of DNS record types globally for all DNS server. Detailed graphs are available for the most commonly used record types A, AAAA, CNAME and MX

DNS server details

The server details page shows an overview for the selected DNS server and a detailed list of DNS lookup response times for each individual DNS connection. Also, the unanswered DNS requests are shown and the non-existing names.

Overview

The overview tab shows DNS statistics for the selected DNS server, including the number of requests and responses, the average response time, and the historical graph.

Lookup response times

This tab lists all DNS connection and shows when the request happened, the response time and the name and status code.

The list of connections can be filtered, for example to search for specific names, or for specific status codes. For example, the filter expression (dnsstatus==2) shows all DNS connections with a server failure.

The list can also be downloaded to get all matching connections as CSV file for further processing.

Unanswered requests

This tab shows the unique number of DNS names that have not been answered by the current DNS server. It is possible to click on the number to filter the connection table below to that specific name.

Non-existing domains

This tab shows the unique number of DNS names that has been rejected by the DNS server for being not existing. It is possible to click on the number to filter the connection table below to that specific name.