How to Take a Proactive Approach to DNS Health

/in


Because DNS is such an omnipresent part of modern networking, it’s easy to assume that functional DNS infrastructure can be left running with minimal adjustments and only needs to be investigated in the event of a malfunction. Yet there are small telltale signs that precede DNS issues—and knowing what they are can help to prevent disruption before it happens.

Networking teams now have access to technology that can provide granular analysis of DNS as needed, enabling a proactive approach to DNS health that detects and fixes problems before causing dreaded downtime. Here are five tips for maximizing DNS performance and what to do in the event that you do find warning signs.

1. Establish What “Normal” Means for Your DNS Servers

There’s no specific amount of DNS traffic that indicates something needs to be addressed. Rather, you can find issues by determining your infrastructure’s specific baseline traffic and then finding anomalies.

Start with obtaining DNS statistics by season and by region, so you have enough context to know whether a trend is abnormal. Also, be sure not to overlook calls to API endpoints, image resources, and other potential destinations that are regularly active but that users are not directly calling. And take the time to establish the average resolver cardinality, or how many resolvers typically query your zones.

From there, you can assess potential threats. If there is a huge spike in DNS queries globally, the chances are high that it’s a DDoS attack. If the spike is more localized, it’s more likely to be an error originating from a specific server in that region. A sudden increase in cardinality is likely a sign of a botnet attack.

2. Find Risks with NXDOMAIN

If you observe an NXDOMAIN response, it means that the DNS record being queried simply doesn’t exist. Typos when entering URLs are inevitable, so some number of NXDOMAIN responses are unavoidable. In fact, according to recent research, about 10% of DNS queries result in an NXDOMAIN response. For an individual company, it’s no concern if that value is 6% or lower. A greater percentage of NXDOMAIN responses should be investigated, especially above 10%.

When trying…

Source…