Are these DNS Requests Excessive?

Our UTM Firewall is alerting us to the fact that a number of DNS servers are going over set thresholds for DNS communication.

Now, I'm not saying something is wrong - the default threshold could just be set too low for instance - but I want to make sure given the size of the networks (all relatively small), the number of requests do not stand out as excessive.

How can I get a true metric of how many DNS requests are being processed per hour/day?
Who is Participating?
Rich WeisslerConnect With a Mentor Professional Troublemaker^h^h^h^h^hshooterCommented:
On a windows server, the easiest way to collect the statistics would be with Performance Monitor.  The Windows DNS server adds counters for the DNS object.

I assume what you'll want to watch for is recursive queries... I know that's what my security folks have been chattering about lately.  Apparently open DNS servers which accept recursive queries are being used as a distributed denial of service attack against folks.  (I don't have any details, I just know an error was discovered on an edge router which was permitting the traffic on tcp/53... and it's fixed now.   We dropped from ~100 recursive queries/sec to a more normal 20-25.  We have a moderate size network though.)
bikerhongAuthor Commented:
Aha, interesting.

I have set perfmon to display some DNS stats and everything is really low - Ill keep an eye on it.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.