Solved

Are these DNS Requests Excessive?

Posted on 2013-06-07
2
300 Views
Last Modified: 2013-06-10
Our UTM Firewall is alerting us to the fact that a number of DNS servers are going over set thresholds for DNS communication.

Now, I'm not saying something is wrong - the default threshold could just be set too low for instance - but I want to make sure given the size of the networks (all relatively small), the number of requests do not stand out as excessive.

How can I get a true metric of how many DNS requests are being processed per hour/day?
0
Comment
Question by:bikerhong
2 Comments
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 500 total points
ID: 39230226
On a windows server, the easiest way to collect the statistics would be with Performance Monitor.  The Windows DNS server adds counters for the DNS object.

I assume what you'll want to watch for is recursive queries... I know that's what my security folks have been chattering about lately.  Apparently open DNS servers which accept recursive queries are being used as a distributed denial of service attack against folks.  (I don't have any details, I just know an error was discovered on an edge router which was permitting the traffic on tcp/53... and it's fixed now.   We dropped from ~100 recursive queries/sec to a more normal 20-25.  We have a moderate size network though.)
0
 

Author Comment

by:bikerhong
ID: 39233991
Aha, interesting.

I have set perfmon to display some DNS stats and everything is really low - Ill keep an eye on it.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question