The Domain Name System (DNS) is at the core of the engine that keeps the internet running. We have explained how DNS works and why it is critical to the functioning of the internet in our Synthetic Monitoring Guide. The DNS resolution relies on various components, such as the DNS resolvers, name servers, authoritative servers, and zone files, to function properly and the process typically takes milliseconds to complete. If there is an error or an issue with the network, then the website will take longer to load, or may even be rendered inaccessible.
Monitoring DNS performance provides much-needed insight into the DNS resolution process, it helps identify latency, mapping anomalies, and other end user impacting issues in the application delivery chain. DNS monitoring can also serve as the first line of defense in case of cyberattacks such as DDoS or man-in-the-middle attacks.
There are several different DNS monitoring types and methodologies that are offered by monitoring platforms. Although all these monitoring solutions provide “performance” data, how and where the data is collected from, can make a big difference in DNS performance analysis. So, are you monitoring DNS the right way?
Is The Data Accurate?
If you are wondering whether there is ever a wrong way to monitor DNS, then yes there is. One of the DNS test types offered by a monitoring vendor was recently deprecated as it was leveraging open DNS resolvers to check availability and measure performance. Such a DNS monitoring strategy that uses public or open DNS resolvers overlooks some key indicators:
- The public DNS servers may not be optimally configured.
- The data does not indicate “real” latency as the DNS server may have caching enabled.
- The public DNS server may fail to resolve so it is not a true indicator of domain reachability and availability.
In an ideal situation, the end user is redirected to the closest server but when there is a public DNS resolver involved then it does not represent optimal mapping.
For example, the image below (Fig 1) illustrates how an end user located in Taiwan (TW) is redirected to a CDN server in the US. The end user query hits the OpenDNS in the US, based on which the user location is determined to be the US instead of Taiwan. Eventually, the response is served from the CDN server located in the US. This results in higher latency and degraded performance.
If you are monitoring using a DNS test type that relies on public DNS resolvers then the data is questionable. It does not provide an accurate picture of DNS performance, availability, or reliability.
Now, this brings us to the next question, how do you ensure your DNS monitoring strategy is effective?
Effective DNS Monitoring
DNS is multi-layered and complex with multiple routing options (anycast and unicast), public resolvers, and multi-DNS configurations. It is important to understand the DNS architecture that is being used by your organization before defining a monitoring strategy.
Managed DNS services are preferred by most enterprises and businesses as it provides access to a global infrastructure that is completely managed and maintained by the service provider. DNS providers have also moved to the edge for faster results. CDN providers follow a similar process mapping end users to the optimal edge server while ISPs manipulate DNS configuration to improve end-user experience.
The different DNS components, the third-party providers, DNS configuration, and mapping possibilities have a significant impact on the digital end-user experience. Your DNS monitoring strategy must account for these third-party variables to gain visibility into every step in the DNS resolution process.
DNS Monitoring requires advanced tools that can effectively trace queries through a complex hierarchy of servers, networks, and services. Three important points to consider when monitoring DNS are:
- Checking DNS mapping based on end-user proximity.
- Evaluating DNS Records integrity.
- Measuring latency and DNS Performance based on resolution time.
When testing each of these, it is important to understand how the DNS test works. Going back to the example we discussed, is the test querying an open DNS resolver? If yes, then the performance data may not be accurate, and any data analysis will be futile.
DNS resolution is a critical step in the end user journey that can have an immediate impact on the end-user experience. To maintain and guarantee a secure and seamless digital experience, it is necessary to proactively monitor DNS performance. But proactively monitoring DNS without understanding how exactly it is being monitored will only result in poor data analysis.
For effective DNS monitoring, it is critical that the data gathered is accurate and represents true end-user experience.
Catchpoint offers an array of different DNS monitors to provide full visibility through the entire resolution process from multiple vantage points. With Catchpoint’s last mile and backbone nodes, you can measure DNS performance from the end user’s perspective.
In addition to verifying whether DNS records are mapped correctly, you can also monitor DNS resolvers or even evaluate public DNS resolvers by overriding specific DNS resolvers. You can also ensure security by validating that DNSSEC is configured correctly and analyze every hop with a traceroute test.
Watch this video series on DNS to learn more about DNS monitoring with Catchpoint.