Applies To:

Show Versions Show Versions

Manual Chapter: Setting Up and Viewing DNS Statistics
Manual Chapter
Table of Contents   |   << Previous Chapter

Overview: Setting up and viewing DNS statistics

You can view DNS AVR and DNS global statistics on the BIG-IP system to help you manage and report on the DNS traffic on your network.

DNS AVR Statistics
You must configure an AVR sampling rate on a DNS profile and assign it to a virtual server before the BIG-IP system can gather DNS AVR statistics. An AVR Analytics profile is not required for the BIG-IP system to gather and display DNS AVR statistics.
Important: When the Protocol Security module is licensed and provisioned, the DNS AVR statistics that display include Protocol Security statistics.
The DNS AVR statistics include DNS requests per:
  • Virtual server
  • Query name
  • Query type
  • Client IP address
  • (You can also filter the statistics by time period.)
DNS Global Statistics
The BIG-IP system automatically collects DNS global statistics about the DNS traffic the system processes. The DNS global statistics include:
  • Total DNS requests and responses
  • Details about the DNS queries and responses
  • The number of wide IP requests
  • The number of DNS Express requests and NOTIFY announcements and messages
  • The number of DNS cache requests
  • The number of DNS IPv6 to IPv4 requests, rewrites, and failures
  • The number of unhandled query actions per specific actions

Task summary

Perform these tasks to set up DNS AVR statistics and to view DNS AVR and DNS global statistics on the BIG-IP system.

Viewing DNS AVR statistics

Ensure that Application Visibility and Reporting (AVR) is provisioned. Ensure that the BIG-IP system is configured to collect DNS statistics on a sampling of the DNS traffic that the BIG-IP system handles.
View DNS AVR statistics to help you manage the DNS traffic on your network.
  1. On the Main tab, click Statistics > Analytics > DNS. The DNS Analytics screen opens.
    Important: When the Protocol Security Module is licensed and provisioned, the DNS AVR statistics that display include Protocol Security statistics.
  2. From the View By list, select the specific network object type for which you want to display statistics. You can also click Expand Advanced Filters to filter the information that displays.
  3. From the Time Period list, select the amount of time for which you want to view statistics.
    Tip: To display reports for a specific time period, select Custom and specify beginning and end dates.
  4. Click Export to create a report of this information.
    Note: The timestamp on the report reflects a publishing interval of five minutes; therefore, a time period request of 12:40-13:40 actually displays data between 12:35-13:35. By default, the BIG-IP system displays one hour of data.

Viewing DNS AVR statistics in tmsh

Ensure that Application Visibility and Reporting (AVR) is provisioned. Ensure that the BIG-IP system is configured to collect DNS statistics on a sampling of the DNS traffic that the BIG-IP system handles.
View DNS analytics statistics to help you manage the DNS traffic on your network.
Important: When the Protocol Security module is licensed and provisioned, the DNS AVR statistics that display include Protocol Security statistics.
  1. Log on to the command-line interface of the BIG-IP system.
  2. At the BASH prompt, type tmsh.
  3. At the tmsh prompt, type one of these commands and then press Enter.
    Option Description
    show analytics dns report view-by query-name limit 3 Displays the three most common query names.
    show analytics dns report view-by query-type limit 3 Displays the three most common query types.
    show analytics dns report view-by client-ip limit 3 Displays the three client IP addresses from which the most DNS queries originate.
    show analytics dns report view-by query-name drilldown { { entity query-type values {A}}} limit 3 Displays the three most common query names for query type A records.
    show analytics dns report view-by query-type drilldown { { entity query-name values {www.f5.com}}} limit 3 Displays the three most common query types for query name www.f5.com.
    show analytics dns report view-by client-ip drilldown { { entity query-type values {A}}} limit 3 Displays the three most common client IP addresses requesting query type A records.

Viewing DNS global statistics

Ensure that at least one DNS profile exists on the BIG-IP system and that this profile is assigned to an LTM virtual server or a GTM listener that is configured to use the TCP protocol.
Note: If you want to view AXFR and IXFR statistics, the listener or virtual server must be configured to use the TCP protocol. This is because zone transfers occur over the TCP protocol.
View DNS global statistics to determine how to fine tune your network configuration or troubleshoot DNS traffic processing problems.
  1. On the Main tab, click Statistics > Module Statistics > Local Traffic. The Local Traffic statistics screen opens.
  2. From the Statistics Type list, select Profiles Summary.
  3. In the Details column for the DNS profile, click View.

Viewing DNS statistics for a specific virtual server

Ensure that at least one virtual server associated with a DNS profile exists on the BIG-IP system.
Note: If you want to view AXFR and IXFR statistics, the virtual server must be configured to use the TCP protocol. This is because zone transfers occur over the TCP protocol.  
You can view DNS statistics per virtual server when you want to analyze how the BIG-IP system is handling specific DNS traffic.
  1. On the Main tab, click Statistics > Module Statistics > Local Traffic. The Local Traffic statistics screen opens.
  2. From the Statistics Type list, select Virtual Servers.
  3. In the Details column for the virtual server, click View.

Implementation result

You now have an implementation in which the BIG-IP system gathers both DNS AVR and DNS global statistics. You can view these statistics to help you understand DNS traffic patterns and manage the flow of your DNS traffic, especially when your network is under a DDoS attack.

Table of Contents   |   << Previous Chapter

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)