F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP DNS Services: Implementations
  3. Setting Up and Viewing DNS Statistics
Manual Chapter : Setting Up and Viewing DNS Statistics

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP DNS

  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
Manual Chapter

Setting Up and Viewing DNS Statistics

Overview: Setting up and viewing DNS statistics

You can view DNS AVR and DNS global statistics on the BIG-IP system to help you manage and report on the DNS traffic on your network.
DNS AVR Statistics
You must configure an AVR sampling rate on a DNS profile and assign it to a listener or virtual server before the BIG-IP system can gather DNS AVR statistics. An AVR Analytics profile is not required for the BIG-IP system to gather and display DNS AVR statistics. The DNS AVR statistics include DNS queries per:
  • Application
  • Virtual server
  • Query name
  • Query type
  • Client IP address
  • (You can also filter the statistics by time period.)
DNS Global Statistics
The BIG-IP system automatically collects DNS global statistics about the DNS traffic the system processes. The DNS global statistics include:
  • Total DNS queries and responses
  • Details about DNS queries and responses
  • Details about DNS Services rate-limited license
  • The number of wide IP requests
  • Details about BIG-IP DNS rate-limited license
  • The number of DNS Express requests and NOTIFY announcements and messages
  • The number of DNS cache requests
  • The number of DNS IPv6 to IPv4 requests, rewrites, and failures
  • The number of unhandled query actions per specific actions

Creating a DNS profile for AVR statistics collection

Ensure that Application Visibility and Reporting (AVR) is provisioned.
Configure the BIG-IP system to collect AVR statistics on a sampling of the DNS traffic that the BIG-IP system handles.
  1. On the Main tab, click
    DNS
    Delivery
    Profiles
    DNS
    or
    Local Traffic
    Profiles
    Services
    DNS
    .
    The DNS profile list screen opens.
  2. Click
    Create
    .
    The New DNS Profile screen opens.
  3. In the
    Name
     field, type a unique name for the profile.
  4. Select the
    Custom
     check box.
  5. In the Logging and Reporting area, select the
    AVR Statistics Sample Rate
     check box.
    The
    Enabled 1/ 1 queries sampled
     field displays.
  6. In the
    Enabled 1/ 1 queries sample
     field, change the
    1
     to the number of queries from which the system takes one sample.
    0
    No DNS requests are stored in the Analytics database.
    1
    All DNS requests are stored in the Analytics database.
    n>1
    Every nth DNS request is stored in the Analytics database.
  7. Click
    Finished
    .
Assign the DNS profile to a listener or virtual server.

Configuring a BIG-IP DNS listener for DNS AVR statistics collection

Ensure that at least one custom DNS profile configured with an AVR sampling rate exists on the BIG-IP system.
Assign a custom DNS profile to a listener when you want the BIG-IP system to collect AVR statistics on a sampling of the DNS traffic the listener handles.
This task applies only to DNS-provisioned systems.
  1. On the Main tab, click
    DNS
    Delivery
    Listeners
    .
    The Listeners List screen opens.
  2. Click the name of the listener you want to modify.
  3. In the Service area, from the
    DNS Profile
     list, select a custom DNS profile configured with an AVR sampling rate.
  4. Click
    Update
    .

Configuring an LTM virtual server for DNS AVR statistics collection

Ensure that at least one custom DNS profile configured with an AVR sampling rate exists on the BIG-IP system.
Assign a custom DNS profile to a virtual server when you want the BIG-IP system to collect AVR statistics on a sampling of the DNS traffic the virtual server handles.
This task applies only to LTM-provisioned systems.
  1. On the Main tab, click
    Local Traffic
    Virtual Servers
    .
    The Virtual Server List screen opens.
  2. Click the name of the virtual server you want to modify.
  3. From the
    Configuration
     list, select
    Advanced
    .
  4. From the
    DNS Profile
     list, select a DNS profile configured with an AVR sampling rate.
  5. Click
    Update
     to save the changes.

Viewing DNS AVR statistics

Ensure that Application Visibility and Reporting (AVR) is provisioned. Ensure that the BIG-IP system is configured to collect DNS statistics on a sampling of the DNS traffic that the BIG-IP system handles.
View DNS AVR statistics to help you manage the DNS traffic on your network.
  1. On the Main tab, click
    Statistics
    Analytics
    DNS
    .
    The DNS Analytics screen opens.
  2. From the
    View By
     list, select the specific network object type for which you want to display statistics.
    You can also click
    Expand Advanced Filters
     to filter the information that displays.
  3. From the
    Time Period
     list, select the amount of time for which you want to view statistics.
    To display reports for a specific time period, select
    Custom
     and specify beginning and end dates.
  4. Click
    Export
     to create a report of this information.
    The timestamp on the report reflects a publishing interval of five minutes; therefore, a time period request of 12:40-13:40 actually displays data between 12:35-13:35. By default, the BIG-IP system displays one hour of data.

Viewing DNS AVR statistics in tmsh

Ensure that Application Visibility and Reporting (AVR) is provisioned. Ensure that the BIG-IP system is configured to collect DNS statistics on a sampling of the DNS traffic that the BIG-IP system handles.
View DNS analytics statistics to help you manage the DNS traffic on your network.
  1. Log on to the command-line interface of the BIG-IP system.
  2. At the BASH prompt, type
    tmsh
    .
  3. At the
    tmsh
     prompt, type one of these commands and then press Enter.
    show analytics dns report view-by query-name limit 3
    Displays the three most common query names.
    show analytics dns report view-by query-type limit 3
    Displays the three most common query types.
    show analytics dns report view-by client-ip limit 3
    Displays the three client IP addresses from which the most DNS queries originate.
    show analytics dns report view-by query-name drilldown { { entity query-type values {A}}} limit 3
    Displays the three most common query names for query type A records.
    show analytics dns report view-by query-type drilldown { { entity query-name values {www.f5.com}}} limit 3
    Displays the three most common query types for query name
    www.f5.com
    .
    show analytics dns report view-by client-ip drilldown { { entity query-type values {A}}} limit 3
    Displays the three most common client IP addresses requesting query type A records.

Viewing DNS global statistics

Ensure that at least one DNS profile exists on the BIG-IP system and that this profile is assigned to an LTM virtual server or a DNS listener that is configured to use the TCP protocol.
If you want to view AXFR and IXFR statistics, the listener or virtual server must be configured to use the TCP protocol. This is because zone transfers occur over the TCP protocol.
View DNS global statistics to determine how to fine-tune your network configuration or troubleshoot DNS traffic processing problems.
  1. On the Main tab, click
    Statistics
    Module Statistics
    DNS
    Delivery
    .
    The DNS Delivery statistics screen opens.
  2. From the
    Statistics Type
     list, select
    Profiles
    .
  3. In the Global Profile Statistics area, in the Details column of the DNS profile, click
    View
    .

Viewing DNS statistics for a specific virtual server

Ensure that at least one virtual server associated with a DNS profile exists on the BIG-IP system.
If you want to view AXFR and IXFR statistics, the virtual server must be configured to use the TCP protocol. This is because zone transfers occur over the TCP protocol.  
You can view DNS statistics per virtual server when you want to analyze how the BIG-IP system is handling specific DNS traffic.
  1. On the Main tab, click
    Statistics
    Module Statistics
    Local Traffic
    .
    The Local Traffic statistics screen opens.
  2. From the
    Statistics Type
     list, select
    Virtual Servers
    .
  3. In the Details column for the virtual server, click
    View
    .

Implementation result

You now have an implementation in which the BIG-IP® system gathers both DNS AVR and DNS global statistics. You can view these statistics to help you understand DNS traffic patterns and manage the flow of your DNS traffic, especially when your network is under a DDoS attack.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information