This week we released DNS analytics. Members can analyze and download query logs through our web-based control panel. Our analytics platform is unparalleled as it is the first in the industry to offer real-time query logging.
All DNS Made Easy members can access DNS Analytics for free, and memberships include a minimum of one query log per month.
What is DNS Analytics?
All DNS hosting providers have access to the query logs for their clients’ domains. However, only recently has the technology become available to leverage this data to provide valuable insight into domain activity.
DNS Analytics allow you to view domain(s) query logs in visual forms like line and bar charts, interactive maps, and filterable tables. This information is used to:
- Troubleshoot influxes in query traffic
- Detect DDoS attacks early
- Gather insight into your DNS infrastructure
- Examine request loads on DNS servers and zones
- Compare capacity trends over time
- Identify stale or unused records
- Evaluate affects of service or configuration changes
You can use DNS Analytics to pinpoint a CDN (Content Delivery Network) that is making too many requests. You can filter query logs by Source IP and contact the CDN provider that is making excess requests. This is typically the result of a misconfiguration during setup.
Troubleshoot overages and excess queries by filtering your query logs by Source IP and Record Type.
Usually happens when you turn up a new system and a configuration error will cause the system to make too many requests.
DDoS or DNS-level Attack
Filter results by Location, Record Type, and Source IP to pinpoint the source of a DNS-level attack. You can also compare your results over different time periods by downloading query logs and comparing them in two separate browser windows. Historical data can be reuploaded to DNS Analytics (learn how) so you can detect traffic abnormalities.
How to Use DNS Analytics
Log into DNS Analytics by using your DNS Made Easy login credentials.
View your monthly query log quota and current usage. Query logs can be downloaded on a per domain basis and are one-minute logs of all incoming queries. Additional logs can be purchased from this screen by clicking the “Increase Quota” button.
Daily Queries Bar Chart
Query counts by day for all domains in the account.
All charts/tables default to a two-week time range from the current day. Available actions for all charts:
- Scroll to zoom
- Click and drag to move the map
- Hover to show additional data
Queries by Domain Table and Chart
Use the table to quickly spot deviations in traffic. This is also where you can click on a domain name to access more in-depth analytics for that domain.
You can select domains by clicking the checkbox next to them for comparison in a stacked bar chart below the table.
Query Logging Events Table
The table displays any query logs that were requested recently.
Time series displays the number of queries over the selected date range. Hover over the graph to see total queries at each 30-minute interval and min/max by location.
Queries by Location Map
Queries are shown as circles that have been sized relative to the query counts at each location. Hover to see min/max/mean which is calculated based on the total query counts taken every thirty minutes.
Queries by Location Table
View query logs for your domain from one of the sixteen points of presence in our network by clicking the play icon in the “Logging” column.
Select which locations you want to view in the time series below.
Query Time Series by Location
Compare selected locations in a line graph. Click the name of a location in the legend to remove it from the time series. Hover to see total queries for all locations at each 30-minute interval.
button to start logging queries. Watch incoming queries in real time using the three different views: Raw, Top, or Map buttons.
Current query log can be downloaded as a CSV file by clicking the
button. Downloaded query logs can later be reuploaded and viewed by clicking the
View a text file that logs each query, timestamp and associated information in real time.
Filter query data by:
- Record name
- Source address
- EDNS client
- IP version
- Record type
- ISO country
See query counts for each item (eg: for City, each row is a city name) and displays the fraction of the total query count.
Queries are displayed as yellow circles that are sized relative to query counts at each location.
The purple dots (by default) show the source address of incoming queries. You can change this setting by choosing “ISO Country” or “City” in the dropdown menu to the left of the map.
Originally published at DNS Made Easy Blog.