AI-powered DNS request tracking extends infrastructure observability for high quality network traffic

Have you ever received a call from a customer telling you that an application you’re providing is too slow? Applications and services are often slowed down by under-performing DNS communications or misconfigured DNS servers, which can result in frustrated customers uninstalling your application.

The Dynatrace Software Intelligence Platform gives you a complete Infrastructure Monitoring solution for the monitoring of cloud platforms and virtual infrastructure, along with log monitoring and AIOps. With all the data collected and powered by our Davis AI-driven causation engine, Dynatrace automatically identifies slowdowns in your applications and services and points you to their root cause.

To extend Dynatrace diagnostic visibility into network traffic, we’ve added out-of-the-box DNS request tracking to our infrastructure monitoring capabilities. While our competitors only provide generic traffic monitoring without artificial intelligence, Dynatrace automatically analyzes DNS-related anomalies. This provides you with additional details in cases where such issues impact your applications or services, allowing you to:

Ensure high quality network traffic by tracking DNS requests out-of-the-box

As of today, Dynatrace constantly and automatically tracks DNS requests with zero additional configuration. All DNS related metrics are available on each host overview page on the Network services tile, organized into two tabs which allow you to monitor the:

  • Number of requests and orphaned responses
  • Average query response time
  • Number of reported errors (including RCODE) to facilitate diagnosis.

The Davis AI causation engine automatically detects and analyzes anomalies, such as under-performing DNS communication or a misconfigured DNS server, and provides you with all the relevant details instantly when such issues impact your applications or services. Also, all the metrics that are captured to track DNS requests or reported errors can be used to define custom events that you want to be alerted on if they occur.

Now let’s take a look at two possible use cases where AI-powered DNS tracking can be valuable.

Identify under-performing DNS servers

If your DNS server is facing performance issues, you may experience numerous errors and slower response times. Average query response time can be tracked and alerted on. Slower response times can be a sign of a stressed DNS server or network communication issues. In the case of an under-performing, unreachable, or unresponsive DNS server, you may also notice a significant increase in reported Timeout and ServFail(2) errors.

Easily diagnose possible security breaches or software malfunctions

One popular method of launching DDoS attacks involves using a compromised machine to produce a large volume of DNS queries to non-existent or invalid domains. Although similar behavior can be observed in the case of software malfunctions, the difference in numbers is usually significant and easy to spot. As a result, the DNS server may become unresponsive due to extreme resource consumption, or resolution failures for legitimate names may occur.

Such a DNS NXDOMAIN flood attack can be diagnosed by monitoring either the number of DNS requests or simply by checking the number of NXDomain(3) and ServFail(2) codes that are returned to the client.

Prerequisites

  • OneAgent version 1.201
  • Dynatrace version 1.202

What’s next

Client-side monitoring of DNS requests is only a prerequisite for the broader DNS monitoring support that we’re currently developing, which will provide an integrated OneAgent extension for CoreDNS.

The Network statistics tile will be redesigned and renamed Network observability, covering the following capabilities:

  • Point-to-point traffic monitoring
  • Network traffic data aggregation and filtering for on-premises, cloud, and hybrid networks
  • Network services visibility (DNS, NTP, ActiveDirectory)
  • Network device visibility (hosts, switches, routers, storage devices)

If you need to monitor other DNS servers, please let us know. Feel free to post your feedback to Dynatrace Answers, or contact me directly at dariusz.glugla@dynatrace.com.

Stay updated