Troubleshoot network issues with DNS Insights
It’s relatively simple to use DNS data to determine if there’s a problem with your network. A spike in NXDOMAIN responses or other errors is usually taken as a clear indication that something is wrong.
The next step, diagnosing the cause of the problem and actually doing something about the error, is often a heavier task. It’s a data problem. Any authoritative DNS provider worth its salt will show you how many NXDOMAIN responses you are getting. But few provide the network of contextual information teams need to uncover the cause of errors, which can come from multiple directions and involve multiple DNS data points.
Until now, authoritative DNS providers have approached this problem in one of two ways:
Overwhelm network teams with data
Some authoritative DNS providers offer raw data feeds as an add-on. This will certainly provide your network team with all the information they need to troubleshoot misconfigurations and diagnose the root cause of DNS errors.
Problem: Finding a needle in a haystack. Raw data feeds may sound good, but they typically create more work for network teams who must process and analyze the data to discover the root cause of network issues. Even if your team pushes DNS feeds to a data lake, SIEM, or processing platform, it can take time to build dashboards and workflows to transform them into usable information. Still, it’s not always clear whether you’ll have the right information when you need it.
As a result, network teams spend more time finding the information they need and less time actually diagnosing and resolving problems.
Provide only basic data
Other authoritative DNS providers take the opposite approach, providing only a simple dashboard with basic information. Typically this takes the form of a NXDOMAIN response table consisting of geographic location, IP range, and a few other points.
The advantage of this approach is that the data is pre-processed and easily digestible, saving a lot of work to build, configure, and manage the analytics infrastructure on the backend.
The biggest drawback is that the data is usually not comprehensive enough to explain all the reasons why network errors occur in the real world. There isn’t enough flexibility to capture every special case or look at a problem through multiple lenses. What you see is what you get. And that’s often not enough.
Result: Network teams gain enough information to want more. While you may be able to identify the underlying problem, your ability to actually solve the problem and determine the root cause is limited.
DNS Insights: “Proper” Network Troubleshooting
After analyzing DNS data options on the market, IBM® NS1 Connect® decided to take a different path, providing both the breadth of data and the analytics needed to make that data useful to network teams.
For this purpose, we decided to use Orb, an open source DNS data analysis tool designed and built by IBM NS1®. Originally created as a way to diagnose and protect against DDoS attacks, Orb efficiently captures targeted data at the edge using a “small data” approach that generates useful analytics on the fly while reducing operational overhead.
By deploying Orb on NS1’s own DNS infrastructure, we can now provide our customers with the data they need to accurately and quickly identify the root causes of misconfigurations and other network errors without the hassle of having to build their own analysis systems. .
This feature, known as DNS Insights, is available to all customers using IBM NS1 Connect Managed DNS and Dedicated DNS.
What you get with DNS Insights
Simply put, DNS Insights gives you the best of both worlds when it comes to DNS observability. This means you can resolve issues faster and easier by combining extensive data and built-in analytics to diagnose a variety of network issues.
- DNS Insights is a targeted data feed. Derived from various DNS and network metrics. This diversity of data sources gives network teams the flexibility they need to investigate misconfigurations from multiple angles. This is not a flood of raw data logs that will overwhelm your storage capacity and require a lot of effort to consume. But it’s more than just an NXDOMAIN response table. Simply put, you will actually use it.
- DNS Insights is a set of pre-built dashboards. Performs most data analysis tasks. We approached the problem from different angles, providing charts and graphs. (RM1) shows the most common (and several rare) ways in which misconfiguration can manifest itself. Dashboards are designed to show just enough data to point you in the right direction, without too much detail that can make it confusing or difficult to understand.
- DNS Insights connects troubleshooting data to other tools. We use Prometheus Remote Write and OpenTelemetry, open source standards for observability tools. These two options for data transfer allow you to connect your DNS Insights feeds and dashboards to the tools you use, such as Splunk, DataDog, and Grafana.
Get the DNS data (and answers) you need
NS1 customers are the driving force behind DNS Insights. We have been listening to the needs and working with several key design partners for many months to improve our products to meet the needs of both innovative market leaders and corporate enterprises. Here’s what some of them said after trying DNS Insights:
- “This is information we have been waiting for for a long time.”
- “We can see why we are getting so many bad queries. This helps us a lot.”
- “It’s certainly a lot more data than we can see today… It’s very useful.”
We know how powerful DNS Insights is. NS1 has been using this technology for many years. Now, we’re excited to bring powerful data and analytics to our customers as well. This is a set of innovative new features that once again positions NS1 as the most innovative, forward-thinking and authoritative DNS provider.
Learn more about DNS Insights. If you are a current NS1 customer, please contact your sales representative for more information.
Learn more about DNS Insights today.