Home
Network
NS1 Connect
IBM® NS1 Connect DNS insights gives you the power to identify and correct misconfigurations using curated DNS data analytics.
The root cause of poor application performance can be difficult to pinpoint because network misconfigurations can show up in your DNS traffic in many ways. To accurately diagnose and correct anomalous traffic patterns, you need access to information about where your DNS queries are coming from and how your network is responding.
IBM NS1 Connect DNS insights provides the data you need to quickly identify and deal with misconfigurations that impact application performance. It doesn’t just dump raw data logs onto your screen and expect you to interpret them. DNS insights delivers curated, pre-processed information that tells you what you need to know to quickly make adjustments.
Identify malicious activity and address public exposure of DNS data caused by improper DNS configurations.
Pinpoint the root causes of unexpected increases in DNS traffic and non-existent domain (NXDOMAIN) activity.
Remove errors and misconfigurations in application traffic flows that impact performance.
Go beyond raw data logs with pre-processed DNS data that tells you what you need to know.
Consume information in the SIEM or data analysis platform of your choice, or use our pre-built dashboards.
Track the DNS data that matters to your business with custom data policies.
DNS insights captures and analyzes a wide variety of DNS data factors, giving you the power to diagnose misconfigurations and anomalous events from multiple angles.
Quantiles of all DNS wire packets before filtering per second
Count of all DNS wire packets before filtering per second
Total sum of rates for DNS packets processed by policy
Total DNS transactions (query/reply pairs) with the AD flag set in the response
Total DNS transactions (query/reply pairs) with the AA flag set in the response
Cardinality of unique QNAMES, both ingress and egress
Total DNS transactions (query/reply pairs) with the CD flag set in the query
Total DNS wire packets that were sampled for deep inspection
Total DNS transactions (query/reply pairs) received over DNSCrypt over TCP
Total DNS transactions (query/reply pairs) received over DNSCrypt over UDP
Total DNS transactions (query/reply pairs) received over DNS over HTTPS
Total DNS transactions (query/reply pairs) received over DNS over QUIC
Total DNS transactions (query/reply pairs) received over DNS over TLS
Total DNS transactions (query/reply pairs) with the EDNS Client Subnet option set
Total DNS wire packets seen that did not match the configured filter(s) (if any)
Total DNS transactions (query/reply pairs) received over IPv4
Total DNS transactions (query/reply pairs) received over IPv6
Total DNS transactions (query/reply pairs) flagged as reply with response code NOERROR but with an empty answers section
Total DNS transactions (query/reply pairs) flagged as reply with response code NOERROR
Total DNS transactions (query/reply pairs) flagged as reply with response code NXDOMAIN
Total DNS wire packets events
Total number of DNS responses that do not have a corresponding query
Total DNS transactions (query/reply pairs) flagged as reply with response code REFUSED
Quantiles of ratio of packet sizes in a DNS transaction (reply/query)
Count of ratio of packet sizes in a DNS transaction (reply/query)
Total sum of ratio of packet sizes in a DNS transaction (reply/query)
Total DNS transactions (query/reply pairs) flagged as reply with response code SRVFAIL
Total DNS transactions (query/reply pairs) received over TCP
Total number of DNS queries that timed out
Top ASNs by ECS
Top EDNS Client Subnet (ECS) observed in DNS transaction
Top GeoIP ECS locations
Top QNAMES with result code NOERROR and empty answer section
Top QNAMES with result code NOERROR
Top QNAMES with result code NXDOMAIN
Top QNAMES, aggregated at a depth of two labels
Top QNAMES, aggregated at a depth of three labels
Top QNAMES by response volume in bytes
Top query types
Top result codes
Top QNAMES with result code REFUSED
Top QNAMES in transactions where host is the server and transaction speed is slower than p90
Top QNAMES with result code SRVFAIL
Top UDP source port on the query side of a transaction
Total DNS transactions (query/reply pairs) received over UDP
Cumulative counters of transaction timing (query/reply pairs) in microseconds
Counts of transaction timing (query/reply pairs) in microseconds
Rate of all DNS transaction (reply/query) per second
Count of all DNS transaction (reply/query) per second
Total sum of all DNS transaction (reply/query) per second
Quantiles of transaction timing (query/reply pairs) in microseconds
Count of transaction timing (query/reply pairs) in microseconds
Total sum of transaction timing (query/reply pairs) in microseconds
Total DNS transactions (query/reply pairs)
Identify the misconfigurations that slow down your applications by trying to connect to resources that are unavailable or moved.
Identify the early warning signs of DDoS attacks and prevent inadvertent exposure of internal device data to the internet.
Keep legitimate tests and bug bounty programs running while shutting down malicious activity.
The DNS insights data feed is natively compatible with Prometheus and any system that supports Prometheus Remote Write (including Splunk and DataDog).
DNS insights comes with pre-built Grafana dashboard templates to view data via charts and graphs, unified into one dashboard.
DNS insights supports integrations with a wide variety of other data sinks and SIEMs through OpenTelemetry.