Manual Chapter : Setting Up and Viewing DNS Statistics

Applies To:

Show Versions Show Versions

BIG-IP GTM

  • 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1

BIG-IP LTM

  • 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
Manual Chapter

Overview: Setting up and viewing DNS statistics

You can view DNS AVR and DNS global statistics on the BIG-IP system to help you manage and report on the DNS traffic on your network.

DNS AVR Statistics
You must configure an AVR sampling rate on a DNS profile and assign it to a listener or virtual server before the BIG-IP system can gather DNS AVR statistics. An AVR Analytics profile is not required for the BIG-IP system to gather and display DNS AVR statistics. The DNS AVR statistics include DNS queries per:
  • Application
  • Virtual server
  • Query name
  • Query type
  • Client IP address
  • (You can also filter the statistics by time period.)
DNS Global Statistics
The BIG-IP system automatically collects DNS global statistics about the DNS traffic the system processes. The DNS global statistics include:
  • Total DNS queries and responses
  • Details about DNS queries and responses
  • Details about DNS Services rate-limited license
  • The number of wide IP requests
  • Details about GTM rate-limited license
  • The number of DNS Express requests and NOTIFY announcements and messages
  • The number of DNS cache requests
  • The number of DNS IPv6 to IPv4 requests, rewrites, and failures
  • The number of unhandled query actions per specific actions

Task Summary

Creating a DNS profile for AVR statistics collection

Ensure that Application Visibility and Reporting (AVR) is provisioned.
Configure the BIG-IP system to collect AVR statistics on a sampling of the DNS traffic that the BIG-IP system handles.
  1. On the Main tab, click DNS > Delivery > Profiles > DNS or Local Traffic > Profiles > Services > DNS. The DNS profile list screen opens.
  2. Click Create. The New DNS Profile screen opens.
  3. In the Name field, type a unique name for the profile.
  4. Select the Custom check box.
  5. Select the AVR Statistics Sample Rate check box. The Enabled 1/ 1 queries sampled field displays.
  6. In the Enabled 1/ 1 queries sample field, change the 1 to the number of queries from which the system takes one sample.
    Option Description
    0 No DNS requests are stored in the Analytics database.
    1 All DNS requests are stored in the Analytics database.
    n>1 Every nth DNS request is stored in the Analytics database.
  7. Click Finished.
Assign the DNS profile to a listener or virtual server.

Viewing DNS AVR statistics

Ensure that Application Visibility and Reporting (AVR) is provisioned. Ensure that the BIG-IP system is configured to collect DNS statistics on a sampling of the DNS traffic that the BIG-IP system handles.
View DNS AVR statistics to help you manage the DNS traffic on your network.
  1. On the Main tab, click Statistics > Analytics > DNS. The DNS Analytics screen opens.
  2. From the View By list, select the specific network object type for which you want to display statistics. You can also click Expand Advanced Filters to filter the information that displays.
  3. From the Time Period list, select the amount of time for which you want to view statistics.
    Tip: To display reports for a specific time period, select Custom and specify beginning and end dates.
  4. Click Export to create a report of this information.
    Note: The timestamp on the report reflects a publishing interval of five minutes; therefore, a time period request of 12:40-13:40 actually displays data between 12:35-13:35. By default, the BIG-IP system displays one hour of data.

Viewing DNS AVR statistics in tmsh

Ensure that Application Visibility and Reporting (AVR) is provisioned. Ensure that the BIG-IP system is configured to collect DNS statistics on a sampling of the DNS traffic that the BIG-IP system handles.
View DNS analytics statistics to help you manage the DNS traffic on your network.
  1. Log on to the command-line interface of the BIG-IP system.
  2. At the BASH prompt, type tmsh.
  3. At the tmsh prompt, type one of these commands and then press Enter.
    Option Description
    show analytics dns report view-by query-name limit 3 Displays the three most common query names.
    show analytics dns report view-by query-type limit 3 Displays the three most common query types.
    show analytics dns report view-by client-ip limit 3 Displays the three client IP addresses from which the most DNS queries originate.
    show analytics dns report view-by query-name drilldown { { entity query-type values {A}}} limit 3 Displays the three most common query names for query type A records.
    show analytics dns report view-by query-type drilldown { { entity query-name values {www.f5.com}}} limit 3 Displays the three most common query types for query name www.f5.com.
    show analytics dns report view-by client-ip drilldown { { entity query-type values {A}}} limit 3 Displays the three most common client IP addresses requesting query type A records.

Viewing DNS global statistics

Ensure that at least one DNS profile exists on the BIG-IP system and that this profile is assigned to an LTM virtual server or a GTM listener that is configured to use the TCP protocol.
Note: If you want to view AXFR and IXFR statistics, the listener or virtual server must be configured to use the TCP protocol. This is because zone transfers occur over the TCP protocol.
View DNS global statistics to determine how to fine-tune your network configuration or troubleshoot DNS traffic processing problems.
  1. On the Main tab, click Statistics > Module Statistics > DNS > Delivery. The DNS Delivery statistics screen opens.
  2. From the Statistics Type list, select Profiles.
  3. In the Global Profile Statistics area, in the Details column of the DNS profile, click View.

Viewing DNS statistics for a specific virtual server

Ensure that at least one virtual server associated with a DNS profile exists on the BIG-IP system.
Note: If you want to view AXFR and IXFR statistics, the virtual server must be configured to use the TCP protocol. This is because zone transfers occur over the TCP protocol.  
You can view DNS statistics per virtual server when you want to analyze how the BIG-IP system is handling specific DNS traffic.
  1. On the Main tab, click Statistics > Module Statistics > Local Traffic. The Local Traffic statistics screen opens.
  2. From the Statistics Type list, select Virtual Servers.
  3. In the Details column for the virtual server, click View.

Implementation result

You now have an implementation in which the BIG-IP system gathers both DNS AVR and DNS global statistics. You can view these statistics to help you understand DNS traffic patterns and manage the flow of your DNS traffic, especially when your network is under a DDoS attack.