DNS module

From Allegro Network Multimeter Manual
Revision as of 08:57, 5 May 2022 by Mark (talk | contribs)
Jump to navigation Jump to search

The DNS module tracks name lookup requests and responses to be able to present names for IP address without doing an active lookup. This allows the Allegro Network Multimeter to do efficient passive name resolving. The DNS module stores for each name the last IP that has been announced. Due to load balancing mechanisms in content delivery networks (or other setups) and virtual hosting, a name might be resolved to multiple IP addresses or a single IP address uses multiple names. The web frontend will always show the latest information seen on the network.

Main view

DNS servers

DNS server

This tab shows all DNS servers in the network for which DNS traffic has been seen.

For each server the number of requests and responses are shown including a history. The table allows to go to a detailed page for the DNS server (DNS server details), the generic IP details page, and to the connections of the IP server.

Resolved names

This tab shows a table with all IP addresses and its name based on seen DNS request and response pairs. The Expire time column contains the date when the name is no longer valid. Usually DNS servers use a short timespan to let clients not store wrong names too long. The timespan usually ranges from a few minutes to some hours. The DNS server IP column lists the IP of the DNS server which responded to a query. Often, especially in smaller networks, there is only one server, but clients are free to use any other available DNS server.

DNS resolved names

Server response times

The response times tab shows global and per DNS server statistics about response times between a DNS request by a client and the response by the server. In the global section a graph shows minimum, average and maximum values over time. A table lists the amount of requests and responses, as well as response times per DNS server. A graph shows the amount of requests and responses over time.

DNS server response time

Server reply codes

This tab shows reply codes globally and per DNS server in a list. Graphs show the distribution over time. The most common reply codes are shown:

  • No error (0)
  • Format error (1)
  • Server failure (2)
  • Non-existent domain (3)
  • Other errors

DNS server reply codes

DNS record types

This tab shows the amount of DNS record types globally for all DNS server. Detailed graphs are available for the most commonly used record types A, AAAA, CNAME and MX

DNS record types

DNS server details

DNS server details

The server details page shows an overview for the selected DNS server and a detailed list of DNS lookup response times for each individual DNS connection. Also, the unanswered DNS requests are shown and the non-existing names.

Overview

The overview tab shows DNS statistics for the selected DNS server, including the number of requests and responses, the average response time, and the historical graph.

Lookup response times

DNS names and lookup times

This tab shows the number of unique DNS names that have been answered by the current DNS server. The table shows the number of requests and responses per name as well as counters for each reply code. Clicking any number will filter the connection list below the able for the corresponding elements. By using the toggle buttons above the table it is possible to hide name elements which do not have a non-zero counter for the specific field. For example, this allows for easily see only those names that have been answered with a server failure reply code.

The second table lists all DNS connection and shows when the request happened, the response time and the name and status code.

The list of connections can be filtered, for example to search for specific names, or for specific status codes. For example, the filter expression (dnsstatus==2) shows all DNS connections with a server failure.

The list can also be downloaded to get all matching connections as CSV file for further processing.

Unanswered requests

This tab shows the unique number of DNS names that have not been answered by the current DNS server. It is possible to click on the number to filter the connection table below to that specific name.

Non-existing domains

This tab shows the unique number of DNS names that has been rejected by the DNS server for being not existing. It is possible to click on the number to filter the connection table below to that specific name.

Retrieved from "https://allegro-packets.com/wiki/index.php?title=DNS_module&oldid=3958"