Upload
thousandeyes
View
244
Download
1
Embed Size (px)
DESCRIPTION
The Domain Name System (DNS) is a crucial link in application delivery, whether you maintain your own DNS infrastructure or use an external provider. ThousandEyes monitors network and DNS performance, including tracing DNS queries, measuring resolution time and verifying record mappings. In this SlideShare, we cover how you can: Trace queries from root name servers to authoritative servers Monitor DNS server availability and resolution time Confirm the accuracy of record mappings Alert on DNS issues proactively Watch the recorded webinar with live demo here: http://ow.ly/BzB5s
Citation preview
Best Practices for Monitoring DNS
Nick Kephart Director of Product Marketing
1
• Founded: 2010 • Team: UCLA PhDs • Investors:
About ThousandEyes
Troubleshoot application delivery in modern enterprise networks
Background What We Do
Customers Recognition
2
Why Monitor DNS Record
Misconfiguration Server or
Network Failure Vendor
Availability
DNSSEC Expiration Cache Poisoning DDoS Attacks
3
Track queries from root servers to authoritative servers
DNS Use Cases in ThousandEyes
Confirm and alert on record mappings for internal and external addresses
Query Trace
Record Accuracy
Monitor authoritative servers and recursive resolvers
Server Availability
DNSSEC Validation
Validate DNSSEC keychain
GSLB and Anycast
Troubleshoot load balanced DNS using alerts and path visualization
4
• ns • @ • +trace • +dnssec • +norec
ThousandEyes Approach to DNS Monitoring
• Authoritative server network and routing metrics
DIG-like Features And Correlation
• Store, save, share, baseline, alert
With Analysis
Enterprise
Vendor
5
Easy to Deploy, SaaS-based Monitoring
Enterprise Internet DNS Servers
Enterprise Agent (branch offices, data centers,
key customers)
Cloud Agent (at dozens of global POPs)
Active Tests DNS, BGP, Network
ThousandEyes SaaS Platform
6
• Set up DNS Server tests for critical services and records – Alert on record mappings and use Path Viz to troubleshoot network
connectivity, GSLB and Anycast
• Troubleshoot local resolvers with DNS Server tests – Monitor recursive resolvers with Recursive Queries option
• Set up DNS Trace tests for major domains, sub-domains – Ensure DNS hierarchy is working as expected
• Review your DNS TTLs – Balance server load with propagation time; vary by record type
• Be prepared for a DDoS – Diversify networks or vendors where you host DNS
Best Practices
Demo
8
New DNS Test
Choose DNS test type
Domain and record
Views included in the test
Auto-lookup authoritative
servers
9
DNS Server Monitoring
Availability and resolution time
By authoritative servers
Performance over 30 days
Save or share data
10
DNS Record Details
See mappings and resolution time for Tokyo
Select a specific agent (Tokyo)
11
DNS Domain Trace Monitoring
Record availability, average queries and
query time
Detailed traces
Performance over 30 days
12
DNS Detailed Traces
Unsuccessful trace
Successful trace d-root à pac1.nipr.mil à ns02.army.mil
13
DNSSEC Monitoring
DNSSEC validation percentage
DNSSEC trace details
14
DNSSEC Details
Keychain trust tree
DNSSEC keys
15
DNS Alerting
Alert on resolution time, mappings, error details
Auto-detect baselines
Alert to email or API
View the Live Demo https://vimeo.com/102066201