Solved

Are these DNS Requests Excessive?

Posted on 2013-06-07
2
303 Views
Last Modified: 2013-06-10
Our UTM Firewall is alerting us to the fact that a number of DNS servers are going over set thresholds for DNS communication.

Now, I'm not saying something is wrong - the default threshold could just be set too low for instance - but I want to make sure given the size of the networks (all relatively small), the number of requests do not stand out as excessive.

How can I get a true metric of how many DNS requests are being processed per hour/day?
0
Comment
Question by:bikerhong
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 500 total points
ID: 39230226
On a windows server, the easiest way to collect the statistics would be with Performance Monitor.  The Windows DNS server adds counters for the DNS object.

I assume what you'll want to watch for is recursive queries... I know that's what my security folks have been chattering about lately.  Apparently open DNS servers which accept recursive queries are being used as a distributed denial of service attack against folks.  (I don't have any details, I just know an error was discovered on an edge router which was permitting the traffic on tcp/53... and it's fixed now.   We dropped from ~100 recursive queries/sec to a more normal 20-25.  We have a moderate size network though.)
0
 

Author Comment

by:bikerhong
ID: 39233991
Aha, interesting.

I have set perfmon to display some DNS stats and everything is really low - Ill keep an eye on it.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question