It is relatively simple to see that something is wrong with your network using DNS data. A spike in NXDOMAIN responses or other errors usually serves as a clear indication that something is amiss.

The next step—diagnosing the source of the problem and then actually doing something about those errors—is often a heavier lift. It is a data problem. Any authoritative DNS provider worth its salt will show you how many NXDOMAIN responses you are getting. Yet, few provide the contextual information network that teams need to uncover the source of those errors, which can come from multiple directions and involve multiple DNS data points.

Up to this point, authoritative DNS providers have approached this challenge in one of two ways:

Overwhelm network teams with data

Several authoritative DNS providers offer raw data feeds as an add-on feature. These certainly provide all the information a network team would need to troubleshoot misconfigurations and diagnose the root cause of DNS errors.

The problem: finding the needle in the haystack. Raw data feeds sound nice, but they usually end up creating more work for network teams, who have to process and analyze the data to discover the underlying cause of network issues. Even if the team is pushing the DNS feed into a data lake, SIEM, or processing platform, it can take a while to build out the dashboards and workflows to convert it into usable information. Even then, it is not always clear that you will have the right information when you need it.

The result: network teams spend more time trying to find the information they need and less time actually diagnosing and solving challenges.

Provide only basic data

Other authoritative DNS providers take the opposite approach, providing just a simple dashboard with basic information. Usually, this takes the form of a table of NXDOMAIN responses organized by geographical location, IP range and a few other points.

The advantage of this approach is that the data is pre-processed and easy to digest, saving a lot of work on the back end to build, configure and manage analysis infrastructure.

The primary disadvantage is that the data usually is not comprehensive enough to account for all the reasons network errors happen in the real world. There is not enough flexibility to capture all the corner cases or look at an issue through multiple lenses. What you see is what you get—and that is often not enough.

The result: network teams get just enough information to wish they had more. They can identify basic issues, but their ability to truly troubleshoot and get to root causes is limited.

DNS Insights: Network troubleshooting that is “just right”

After analyzing the DNS data options on the market, IBM® NS1 Connect® decided to take a different path—one that offered both a broad scope of data and the analysis needed to make that data useful for network teams.

To do this, we decided to use Orb, an open source DNS data analysis tool designed and built by IBM NS1®. Originally created as a way to diagnose and protect against DDoS attacks, Orb efficiently captures targeted data at the edge using a “small data” approach which reduces operational overhead while generating useful analysis on the fly.

By deploying Orb on NS1’s own DNS infrastructure, we can now offer our customers the data they need to accurately and quickly identify the root cause of misconfigurations and other network errors without the headache of building out an analysis machine on their own.

Known as DNS Insights, this feature is available to all customers using IBM NS1 Connect Managed DNS and Dedicated DNS.

What you get with DNS Insights

Simply put, DNS Insights offers the best of both worlds in DNS observability: the broad scope of data to diagnose a wide variety of network challenges, coupled with built-in analysis to make troubleshooting faster and easier.

• DNS Insights is a targeted data feed drawn from a wide variety of DNS and network metrics. This diversity of data sources provides the flexibility network teams need to examine misconfigurations from several angles. This is not a flood of raw data logs that overwhelms your storage capacity and requires a lot of effort to consume. But it also goes further than a simple table of NXDOMAIN responses. In short, it is what you will actually use.
• DNS Insights is a set of pre-built dashboards that do most of the data analysis work for you. We have approached the issue from multiple angles, offering charts and graphs that [RM1] display the most common (and several uncommon) ways that misconfigurations may present themselves. The dashboards are designed to show just enough data to get you on the right track, without too much detail that would make them confusing or impenetrable.
• DNS Insights connects troubleshooting data to other tools using Prometheus Remote Write and OpenTelemetry, an open source standard for observability tools. With these two options for data transfer, you can plug in the DNS Insights feed and dashboards into whichever tool you happen to use—Splunk, DataDog, Grafana and more.

Get the DNS data (and the answers) you need

NS1 customers are the driving force behind DNS Insights. We have been listening to their requirements and working with several key design partners for months to refine the product to meet the needs of innovative market leaders and ordinary businesses alike. After playing around with DNS Insights, here is what a few of them had to say:

• “This is information we’ve been waiting to see for a long time.”
• “We can see why we’re getting hit with so many bad queries—this helps us out a lot.”
• “It’s certainly a lot more data than we can see today…it’s extremely useful.”

We know the power of DNS Insights—NS1 has been using this technology for many years. Now we are pleased to make that powerful data and analysis available to our customers as well— an innovative new feature set that once again places NS1 as the most innovative, forward-looking authoritative DNS provider.

Learn more about DNS Insights. If you are a current NS1 customer, contact your sales rep for more information.