NS1’s new DNS Insights feature gives network administrators a powerful tool to improve performance and boost reliability. Our analysis of customer data shows that misconfigurations are the most frequent cause of abnormal NXDOMAIN traffic and SERVFAIL responses that drag down performance metrics. DNS Insights gives you the power to connect the dots and take immediate action to keep connections with end users up and running.
While the standard data sources in DNS Insights cast a pretty broad net, most enterprises want to capture data from specific places and track performance against the unique metrics of their business. That’s why NS1 offers custom policies as part of its DNS Insights feature.
The power of DNS Insights policies
With DNS Insights, you can build policies to track a wide variety of metrics across the network infrastructure that matters the most to your business.
Policies define what kind of traffic you want to collect and analyze. A policy is a set of rules that filters the DNS queries based on various parameters, such as domain name, query type, response code, and location. By default, DNS Insights uses a policy that collects all the queries for zones hosted in your account. This gives you a comprehensive view of your DNS usage across all your zones.
You can also create custom policies to focus on specific aspects of your DNS traffic. For example, you can create a policy that only collects queries from Google Public DNS (ASN 15169) to see how Google users are accessing your zones. You can then view the metrics generated by this policy to understand the performance and behavior of Google Public DNS for your zones.
DNS Insights policies can be either permanent or temporary. If you’re facing an ongoing issue which requires long-term attention, or something that would benefit from analysis over the course of several months, we can create a policy to address it. Or if you’re looking at a special event - a system cut-over, a rollout of a new internet property, an expansion into a new geographic region - we can also create policies to monitor performance and troubleshoot any issues that may arise.
By ingesting the DNS Insights data feed into your SIEM or visualization tools, you can also create alerts. Significant events like a sudden spike in NXDOMAIN traffic, abnormal SERVFAIL responses, overloading of key service domains, or traffic from specific resolvers can all be actively monitored through DNS Insights and your data analysis platform of choice.
Examples and use cases
Here are just a few ways that custom DNS Insights policies can deliver value for your business:
Monitoring queries from specific locations
Not all inbound queries to your network are equal. Whether it’s a specific resolver you’re interested in, or a geographic region you’re trying to prioritize, certain queries are bound to attract outsized interest. DNS Insights policies can help you cut through the noise of inbound query traffic and focus on ones that come from key geographies, service providers, specific IP addresses or end user subnets.
Monitoring specific domain names
Every business has certain key systems that serve as barometers for overall network performance. Or maybe there are systems associated with specific projects (like a new product rollout or a system migration) which require focus on a particular domain name. DNS Insights policies can narrow your focus, providing operators with a dashboard specific to the operational systems that matter most.
Monitoring a specific response code
DNS Insights comes with a pre-built dashboard that shows all response codes returned by NS1 from queries to your account. Yet sometimes you really want to hone in on a particular response code in isolation. Perhaps a response code like NXDOMAIN or SERVFAIL is an indicator of broader network issues. Or maybe you want to track specific response codes to indicate the presence of recurring misconfigurations. Or there could be another response code that serves as a key indicator of performance on your network for unique operational reasons. A DNS Insights policy can focus your attention on the response codes that matter most to you.
Monitoring responses with an empty answer
When a resolver asks NS1 for an AAAA record but there’s only an A record available, it returns a NODATA NOERROR response. We record these as EBOT queries (Exists But Other Type), allowing network administrators to track requests that could be addressed through support for IPv6. A DNS Insights policy can be created to monitor these queries over time, either to make the case for IPv6 support or demonstrate the impact of an IPv6 rollout across a network.