Solved

Are these DNS Requests Excessive?

Posted on 2013-06-07
2
296 Views
Last Modified: 2013-06-10
Our UTM Firewall is alerting us to the fact that a number of DNS servers are going over set thresholds for DNS communication.

Now, I'm not saying something is wrong - the default threshold could just be set too low for instance - but I want to make sure given the size of the networks (all relatively small), the number of requests do not stand out as excessive.

How can I get a true metric of how many DNS requests are being processed per hour/day?
0
Comment
Question by:bikerhong
2 Comments
 
LVL 29

Accepted Solution

by:
Rich Weissler earned 500 total points
ID: 39230226
On a windows server, the easiest way to collect the statistics would be with Performance Monitor.  The Windows DNS server adds counters for the DNS object.

I assume what you'll want to watch for is recursive queries... I know that's what my security folks have been chattering about lately.  Apparently open DNS servers which accept recursive queries are being used as a distributed denial of service attack against folks.  (I don't have any details, I just know an error was discovered on an edge router which was permitting the traffic on tcp/53... and it's fixed now.   We dropped from ~100 recursive queries/sec to a more normal 20-25.  We have a moderate size network though.)
0
 

Author Comment

by:bikerhong
ID: 39233991
Aha, interesting.

I have set perfmon to display some DNS stats and everything is really low - Ill keep an eye on it.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now