Operation Management Suite DNS Analytics now available in Public Preview. Use DNS Analytics to get security, performance- and operations-related insights into DNS infrastructure.
DNS Analytics can detect client IPs that are trying to access the malicious domains. In many cases, malware-infected devices “dial out” to the “command and control” center of a malicious domain by resolving the malware domain name. In the following example, DNS Analytics detected that the communication was done with an IRCbot.
The solution enables you to identify the client IP that initiated this communication, the domain name resolving to the malicious IP, the IP addresses the domain name resolves to, the malicious IP address, the severity of the issue, the reason for blacklisting the malicious IP, and the detection time.
Identify frequently queried domain names and talkative DNS clients
The solution provides a view into the domain names that DNS clients in the enterprise environment frequently query. You can view the list of all the queried domain names and drill-down into the lookup request details of a domain name in Log Search.
The DNS client blade reports clients that breach the threshold for number of queries in the chosen period of time. You can view the list of all DNS clients and the details of the queries that they make in Log Search.
Track dynamic DNS registrations
The solution tracks the DNS update requests from the different clients and whether the requests were successful.
You can then use this information to find the root cause of the registration failure: find the zone that is authoritative for the name that the client is trying to update, and use the solution to check the inventory information of that zone. Verify whether the dynamic update for the zone is enabled and check whether the zone is configured for secure dynamic update.
Pin-point stale resource records
The solution provides a list of all the stale resource records for the chosen period of time in Log Search. This list contains the resource record name, resource record type, the associated DNS server, record generation time, and the zone name. Based on this information, the DNS administrator can remove the stale entries from the DNS servers.
An understanding of the load is essential for capacity planning and performance of the DNS infrastructure. You can understand how the DNS load is distributed across your DNS servers and zones by observing the trends of DNS query rates for each server and zone.
View all the DNS events and inventory-related data of the DNS servers that the solution manages in Log Search.
Type=DnsEvents query will list the log data for all events that are related to lookup query, dynamic registration, and configuration change.
Type= DnsInventory query will list the log data for DNS servers, DNS zones, and resource records. Use the Log Search facet controls to analyze the data to generate actionable insights and construct meaningful reports.