DNS module: Difference between revisions

Access restrictions were established for this page. If you see this message, you have no access to this page.

Latest revision as of 12:52, 4 December 2023

The DNS module tracks name lookup requests and responses to be able to present names for IP address without doing an active lookup. This allows the Allegro Network Multimeter to do efficient passive name resolving. The DNS module stores for each name the last IP that has been announced. Due to load balancing mechanisms in content delivery networks (or other setups) and virtual hosting, a name might be resolved to multiple IP addresses or a single IP address uses multiple names. The web frontend will always show the latest information seen on the network.

Main view

DNS servers

This tab shows all DNS servers in the network for which DNS traffic has been seen.

For each server, the table contains the following information:

DNS server

See Common table columns - IP.

Go to

Links to DNS server details and DNS connections to the IP of the server.

Alternative names

See Common table columns - Alternative names.

Requests

The number of requests to the DNS server.

Responses

The number of responses from the DNS server.

Errors

The number of error responses from the DNS server.

Unanswered

The number of requests to the DNS server, which have not gotten a response from the DNS server.

Graph

See Common table columns - Graph.

The graph shows the history of requests and responses per second.

Resolved names

This tab shows a table with all IP addresses and its name based on seen DNS request and response pairs. The Expire time column contains the date when the name is no longer valid. Usually DNS servers use a short timespan to let clients not store wrong names too long. The timespan usually ranges from a few minutes to some hours. The DNS server IP column lists the IP of the DNS server which responded to a query. Often, especially in smaller networks, there is only one server, but clients are free to use any other available DNS server.

Server response times

The response times tab shows global and per DNS server statistics about response times between a DNS request by a client and the response by the server. In the global section a graph shows minimum, average and maximum values over time. A table lists the amount of requests and responses, as well as response times per DNS server. A graph shows the amount of requests and responses over time.

Server reply codes

This tab shows reply codes globally and per DNS server in a list. Graphs show the distribution over time. The most common reply codes are shown:

No error (0)
Format error (1)
Server failure (2)
Non-existent domain (3)
Other errors

DNS record types

This tab shows the amount of DNS record types globally for all DNS server. Detailed graphs are available for the most commonly used record types A, AAAA, CNAME and MX

DNS server details

The server details page shows an overview for the selected DNS server and a detailed list of DNS lookup response times for each individual DNS connection. Also, the unanswered DNS requests are shown and the non-existing names.

Overview

The overview tab shows DNS statistics for the selected DNS server, including the number of requests and responses, the average response time, and the historical graph.

Clients

In this tab all clients of the DNS server are shown. Response codes, response times and request/response numbers are available both as text and graphs. PCAP buttons allow for capturing DNS traffic between both peers.

Lookup time and status

This tab shows the number of unique DNS names that have been answered by the current DNS server. The table shows the number of requests and responses per name as well as counters for each reply code. Clicking any number will filter the connection list below the able for the corresponding elements. By using the toggle buttons above the table it is possible to hide name elements which do not have a non-zero counter for the specific field. For example, this allows for easily see only those names that have been answered with a server failure reply code.

The second table lists all DNS connection and shows when the request happened, the response time and the name and status code.

The list of connections can be filtered, for example to search for specific names, or for specific status codes. For example, the filter expression (dnsstatus==2) shows all DNS connections with a server failure.

The list can also be downloaded to get all matching connections as CSV file for further processing.

Unanswered requests

This tab shows the unique number of DNS names that have not been answered by the current DNS server. It is possible to click on the number to filter the connection table below to that specific name.

Non-existing domains

This tab shows the unique number of DNS names that has been rejected by the DNS server for being not existing. It is possible to click on the number to filter the connection table below to that specific name.

@@ Line 1: / Line 1: @@
 The DNS module tracks name lookup requests and responses to be able to present names for IP address without doing an active lookup.
-This allows the Network Multimeter to do efficient passive name resolving.
+This allows the Allegro Network Multimeter to do efficient passive name resolving.
 The DNS module stores for each name the last IP that has been announced. Due to load balancing mechanisms in content delivery networks (or other setups) and virtual hosting, a name might be resolved to multiple IP addresses or a single IP address uses multiple names. The web frontend will always show the latest information seen on the network.
+== Main view ==
-'''Web interface'''
+[[File:Dns servers.png|600xp|DNS servers]]
-{| class="wikitable sortable"
-|-
-|[[File:DNS module.png|800px|none|right]]
-|}
-== Main view ==
+=== DNS servers ===
-=== DNS server ===
+This tab shows all DNS servers in the network for which DNS traffic has been seen.
-This tab shows all DNS servers in the network for which DNS traffic has been seen.
+For each server, the table contains the following information:
-For each server the number of requests and responses are shown including a history. The table allows to go to a detailed page for the DNS server (DNS server details), the generic IP details page, and to the connections of the IP server.
+* DNS server
+:See [[Common table columns#IP|Common table columns - IP]].
+* Go to
+:Links to [[DNS module#DNS server details|DNS server details]] and [[IP module#Per IP statistics|DNS connections]] to the IP of the server.
+* Alternative names
+:See [[Common table columns#Alternative names|Common table columns - Alternative names]].
+* Requests
+:The number of requests to the DNS server.
+* Responses
+:The number of responses from the DNS server.
+* Errors
+:The number of [[DNS module#Server reply codes|error responses]] from the DNS server.
+* Unanswered
+:The number of requests to the DNS server, which have not gotten a response from the DNS server.
+* Graph
+:See [[Common table columns#Graph|Common table columns - Graph]].
+:The graph shows the history of requests and responses per second.
 === Resolved names ===
@@ Line 24: / Line 37: @@
 The DNS server IP column lists the IP of the DNS server which responded to a query. Often, especially in smaller networks, there is only one server, but clients are free to use any other available DNS server.
+[[File:Dns resolved names.png|400px|DNS resolved names]]
 === Server response times ===
@@ Line 31: / Line 45: @@
 A table lists the amount of requests and responses, as well as response times per DNS server. A graph shows the amount of requests and responses over time.
+[[File:Dns server response time.png|400px|DNS server response time]]
 === Server reply codes ===
@@ Line 43: / Line 58: @@
 * Other errors
+[[File:Dns server reply codes.png|400px|DNS server reply codes]]
 === DNS record types ===
 This tab shows the amount of DNS record types globally for all DNS server. Detailed graphs are available for the most commonly used record types A, AAAA, CNAME and MX
+[[File:Dns record types.png|400px|DNS record types]]
 == DNS server details ==
+[[File:Dns server details.png|600px|DNS server details]]
 The server details page shows an overview for the selected DNS server and a detailed list of DNS lookup response times for each individual DNS connection. Also, the unanswered DNS requests are shown and the non-existing names.
@@ Line 57: / Line 76: @@
 The overview tab shows DNS statistics for the selected DNS server, including the number of requests and responses, the average response time, and the historical graph.
-=== Lookup response times ===
+=== Clients ===
+In this tab all clients of the DNS server are shown. Response codes, response times and request/response numbers are available both as text and graphs. PCAP buttons allow for capturing DNS traffic between both peers.
+=== Lookup time and status ===
+[[File:Dns server names.png|400px|DNS names and lookup times]]
+This tab shows the number of unique DNS names that have been answered by the current DNS server. The table shows the number of requests and responses per name as well as counters for each reply code. Clicking any number will filter the connection list below the able for the corresponding elements. By using the toggle buttons above the table it is possible to hide name elements which do not have a non-zero counter for the specific field. For example, this allows for easily see only those names that have been answered with a server failure reply code.
-This tab lists all DNS connection and shows when the request happened, the response time and the name and status code.
+The second table lists all DNS connection and shows when the request happened, the response time and the name and status code.
 The list of connections can be filtered, for example to search for specific names, or for specific status codes.