Introduction to DNS Insights
DNS Insights is an advanced DNS and network observability solution within IBM® NS1 Connect®. Available as an add-on feature, it provides observability tools to help you better understand DNS traffic and network events within your Managed DNS network and, if applicable, your single-tenant Dedicated DNS network. DNS Insights is also available for Managed China DNS network on accounts with Managed China enabled.
Using lightweight, actionable telemetry data, DNS Insights provide a granular view of performance, traffic trends, and network anomalies. You can use DNS Insights to:
-
Analyze geographic traffic patterns to better understand where DNS queries originate and refine application delivery and traffic management configurations.
-
Identify misconfigurations that can negatively impact performance, increase operational costs, or expose sensitive information. For example, TTL values might be too low for high-volume domain names, generating unnecessary traffic volumes. Similarly, employee laptops might query internal host names over the internet, potentially exposing sensitive information and increasing DNS costs.
-
Determine the source of unexpected query spikes and investigate unusual traffic behavior across your network.
-
Detect potentially malicious activity, such as DDoS attacks or malicious probing, so you can take appropriate actions to protect your infrastructure.
Altogether, these insights help you to improve system performance, investigate traffic behavior, and monitor security instances while reducing operational costs.
How DNS Insights works
DNS Insights collects and aggregates DNS traffic data across your Managed DNS and Dedicated DNS networks. You can visualize the aggregated DNS Insights metrics in the NS1 Connect dashboard based on the configured DNS Insights data set.
DNS Insights uses data sets to determine which DNS traffic data is collected, aggregated, and processed across your networks. DNS Insights agents are deployed on DNS servers at different points of presence (PoPs) across your Managed DNS and Dedicated DNS networks. Based on the configured data set, the agents collect and process DNS traffic data and send processed metrics to a time series database (TSDB) through a data sink. DNS Insights agents send metrics to the TSDB every 60 seconds as time-series data streams. The collected metrics include DNS and network-related metrics, such as the total number of DNS queries, top, response codes, autonomous system numbers (ASNs) among others. For a complete list of collected metrics, see List of collected metrics.
Key DNS Insights components
- Data sink
-
A data sink is the integration between DNS Insights agents and the time series database (TSDB).
- Data sets
-
A data set (previously called policy) is a set of rules that determine which DNS traffic data is collected and processed by the DNS Insights agents. When viewing DNS Insights data in the NS1 Connect dashboard, you can select a data set to analyse the aggregated DNS metrics. NS1 Connect provides two default data sets:
- MDNSi-{customerID}-All-dashboard
Shows DNS Insights metrics for all DNS queries received across all zones configured in your account.
- MDNSi-{customerID}-OnlyNXDOMAIN-dashboard
Shows DNS Insights metrics only for DNS queries that resulted in NXDOMAIN (non-existent domain) responses.
- MDNSi-{customerID}-All-dashboard
You can request additional custom data sets through IBM support. For example, you can request a data set to collect data related to the following:
-
A specific query name.
-
A specific domain name suffix.
-
A list of query names or suffixes.
-
A specific response code such as NXDOMAIN.
-
Responses with an empty answer.
-
Combinations of the above.
Getting started
-
To purchase the DNS Insights add-on, contact your IBM sales representative.
-
If you already purchased DNS Insights, see Using the DNS Insights dashboard to learn how to navigate the dashboard.