It’s relatively simple to see that something’s wrong with your network using DNS data. A spike in NXDOMAIN responses or other errors usually serves as a clear indication that something’s amiss.
The next step - diagnosing the source of the problem and then actually doing something about those errors - is often a much heavier lift.
It’s a data problem. Any authoritative DNS provider worth its salt will show you how many NXDOMAIN responses you’re getting. Yet few provide the contextual information network teams need to uncover the source of those errors, which can come from multiple directions and involve multiple DNS data points.
Up to this point, authoritative DNS providers have approached this challenge in one of two ways:
Overwhelm network teams with data
Several authoritative DNS providers offer raw data feeds as an add-on feature. These certainly provide all the information a network team would need to troubleshoot misconfigurations and diagnose the root cause of DNS errors.
The problem: finding the needle in the haystack. Raw data feeds sound nice, but they usually end up creating more work for network teams, who have to process and analyze the data to discover the underlying cause of network issues. Even if the team is pushing the DNS feed into a data lake, SIEM, or processing platform, it can take a while to build out the dashboards and workflows to convert it into usable information. Even then, it’s not always clear that you’ll have the right information when you need it.
The result: network teams spend more time trying to find the information they need and less time actually diagnosing and solving challenges.
Provide only basic data
Other authoritative DNS providers take the opposite approach, providing just a simple dashboard with basic information. Usually, this takes the form of a table of NXDOMAIN responses organized by geographical location, IP range, and a few other points.
The advantage of this approach is that the data is pre-processed and easy to digest, saving a lot of work on the back end to build, configure, and manage analysis infrastructure.
The primary disadvantage is that the data usually isn’t comprehensive enough to account for all the reasons network errors happen in the real world. There isn’t enough flexibility to capture all the corner cases or look at an issue through multiple lenses. What you see is what you get - and that’s often not enough.
The result: network teams get just enough information to wish they had more. They can identify basic issues, but their ability to truly troubleshoot and get to root causes is limited.
DNS Insights: Network troubleshooting that’s “just right”
After analyzing the DNS data options on the market, NS1 decided to take a different path - one that offered both a broad scope of data and the analysis needed to make that data useful for network teams.
To do this, we decided to use Orb, an open-source DNS data analysis tool designed and built right here at NS1. Originally created as a way to diagnose and protect against DDoS attacks, Orb efficiently captures targeted data at the edge using a “small data” approach which reduces operational overhead while generating useful analysis on the fly.
By deploying Orb on NS1’s own DNS infrastructure, we can now offer our customers the data they need to accurately and quickly identify the root cause of misconfigurations and other network errors without the headache of building out an analysis machine on their own.
What you get with DNS Insights
Simply put, DNS Insights offers the best of both worlds: the broad scope of data to diagnose a wide variety of network challenges, coupled with built-in analysis to make troubleshooting faster and easier.
DNS Insights is a targeted data feed drawn from a wide variety of DNS and network metrics. This diversity of data sources provides the flexibility network teams need to examine misconfigurations from several angles. This isn’t a flood of raw data logs that overwhelms your storage capacity and requires a lot of effort to consume. But it also goes further than a simple table of NXDOMAIN responses. In short, it’s what you’ll actually use.
DNS Insights is a set of pre-built dashboards that do most of the data analysis work for you. We’ve approached the issue from multiple angles, offering charts and graphs which display the most common (and several uncommon) ways that misconfigurations may present themselves. The dashboards are designed to show just enough data to get you on the right track, without too much detail that would make them confusing or impenetrable.
DNS Insights connects troubleshooting data to other tools using Prometheus Remote Write and [soon] OpenTelemetry, an open-source standard for observability tools. With these two options for data transfer, you can plug in the DNS Insights feed and dashboards into whichever tool you happen to use - Splunk, DataDog, Grafana, and more.
Get the DNS data (and the answers!) you need
NS1 customers are the driving force behind DNS Insights. We’ve been listening to their requirements and working with several key design partners for months to refine the product to meet the needs of innovative market leaders and ordinary businesses alike. After playing around with DNS Insights, here’s what a few of them had to say:
“This is information we’ve been waiting to see for a long time.”
“We can see why we’re getting hit with so many bad queries - this helps us out a lot.”
“It’s certainly a lot more data than we can see today…it’s extremely useful.”
We know the power of DNS Insights - NS1 has been using this technology for many years. Now we’re pleased to make that powerful data and analysis available to our customers as well - an innovative new feature set that once again places NS1 as the most innovative, forward-looking authoritative DNS provider.
Learn more about DNS Insights, and if you’re a current NS1 customer, contact your sales rep for more information.