Submit a ticket My Tickets
Welcome
Login  Sign up
  1. Constellix
  2. Solution home
  3. Advanced DNS
  4. DNS Analytics and Anomaly Detection

DNS Analytics

Kyler West
Modified on: Wed, 31 Mar, 2021 at 12:03 PM

DNS Analytics offers unparalleled visibility into your domains and query usage. Find out where queries are coming from, watch them hit your nameservers in real time, and troubleshoot network issues like never before. We are going to give you a guided tour of the DNS Analytics platform. You can follow along by logging into the DNS Analytics app at: analytics.constellix.com

What is DNS Analytics?

All DNS hosting providers have access to the query logs for their clients’ domains. However, only recently has the technology become available to leverage this data to provide valuable insight into domain activity. DNS Analytics allow you to view domain(s) query logs in visual forms like line and bar charts, interactive maps, and filterable tables. This information is used to:

  • Troubleshoot influxes in query traffic
  • Detect DDoS attacks early
  • Gather insight into your DNS infrastructure
  • Examine request loads on DNS servers and zones
  • Compare capacity trends over time
  • Identify stale or unused records
  • Evaluate affects of service or configuration changes

We hosted a live demo for a few of these use cases in a recent webinar, which you can watch below. Please note, the demo uses the DNS Made Easy version of the DNS Analytics application. However, all the functionality is the same.

Use Cases

CDN Issues

You can use DNS Analytics to pinpoint a CDN (Content Delivery Network) that is making too many requests. You can filter query logs by Source IP and contact the CDN provider that is making excess requests. This is typically the result of a misconfiguration during setup.

System Misconfigurations

Troubleshoot overages and excess queries by filtering your query logs by Source IP and Record Type. Usually happens when you turn up a new system and a configuration error will cause the system to make too many requests.

DDoS or DNS-level Attack

Filter results are displayed by Location, Record Type, and Source IP to pinpoint the source of a DNS-level attack. You can also compare your results over different time periods by downloading query logs and comparing them in two separate browser windows. Historical data can be reuploaded to DNS Analytics (learn how) so you can detect traffic abnormalities.

How to Use DNS Analytics
Dashboard

Log into DNS Analytics by using your Constellix login credentials. View your monthly query log quota and current usage. Query logs can be downloaded on a per domain basis and are one-minute logs of all incoming queries. Additional logs can be purchased for $0.27 each from this screen by clicking the “Increase Quota” button.

Daily Queries Bar Chart

Query counts are displayed by day for all domains in the account. All charts/tables default to a two-week time range from the current day. Available actions for all charts: 

  • Scroll to zoom
  • Click and drag to move the map
  • Hover to show additional data

Queries by Domain Table and Chart

Use the table to quickly spot deviations in traffic. This is also where you can click on a domain name to access more in-depth analytics for that domain.
You can select domains by clicking the checkbox next to them for comparison in a stacked bar chart below the table.

Query Logging Events Table

The table displays any query logs that were requested recently.

Domain Analytics

Time series displays the number of queries over the selected date range. Hover over the graph to see total queries at each 30-minute interval and min/max by location.

Queries by Location Map

Queries are shown as circles that have been sized relative to the query counts at each location. Hover to see min/max/mean which is calculated based on the total query counts taken every thirty minutes.

Queries by Location Table

View query logs for your domain from one of the sixteen points of presence in our network by clicking the play icon in the “Logging” column. Select which locations you want to view in the time series below.

Query Time Series by Location

Compare selected locations in a line graph. Click the name of a location in the legend to remove it from the time series. Hover to see total queries for all locations at each 30-minute interval.

Query Logging

Click the  button to start logging queries. Watch incoming queries in real time using the three different views: Raw, Top, or Map buttons. The current query log can be downloaded as a CSV file by clicking the button. Downloaded query logs can later be reuploaded and viewed by clicking the  button.

Raw View

View a text file that logs each query, timestamp and associated information in real time.

Top View

 Filter query data by:

  • Record name
  • Source address
  • EDNS client
  • IP version
  • Record type
  • ISO country
  • City

See query counts for each item (eg: for City, each row is a city name) and displays the fraction of the total query count.

Map View

Queries are displayed as yellow circles that are sized relative to query counts at each location. The purple dots (by default) show the source address of incoming queries. You can change this setting by choosing “ISO Country” or “City” in the dropdown menu to the left of the map. 


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

Related Articles