Please fill the form below up and receive immediately an automated email with the instructions to download and install the trial Virtual Appliance!

This Virtual Appliance will be valid for 15 days from the day the download link is sent.

About you

Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

DNS: top 4 indicators of performance loss


The DNS (Domain Name System), which has been defined in detail in the RFC #1034 and 1035, is key to the good performance of TCP/IP networks. It works in a hierarchical way; This means that if one of the DNS servers is misconfigured or compromised, all the network, which relies on it, is also impacted.Although the DNS protocol is quite simple, it generates a significant number of issues: configuration issues, which affect the performance of the network as well as security issues, which jeopardize the network integrity.


who suffers from a performance degradation due to DNS misconfiguration

The purpose of this article is to cover the main configuration issues you may encounter with DNS when it comes to network performance.

The DNS server(s) need to have a very high availability to resolve all the names into IP addresses that are necessary to good function of applications on the network. An overloaded DNS server will take some time to respond to a name request and will slow down all applications that have no DNS data in their cache. An analysis of the DNS flows on the network will reveal some DNS performance misfunctions like:

1- High DNS resolution times 

If we can observe that the mean time between the client request (which is trying to resolve www.google.com into an IP address) is significantly higher than the average (on a LAN it should remain close to 1 ms), it means that the DNS server has an issue with regards to the caching of DNS names. The cache system makes it possible to resolve a name without requesting the DNS server, which has authority for the DNS zone, the IP address corresponding to the name. Hence, if the response time is high, first the application will be slow from the user’s point of view, and secondly it will incude an unnecessary consumption of bandwidth.  This bandwidth will be wasted both on the LAN and on the Internet link (if we make the hypothesis that the authority server sits on the Internet). If we consider the case of a fairly large organisation, the bandwidth used by the DNS traffic will not be negligeable and will represent an additional charge.

2- Hosts generating abnormal query volumes

If we establish the top hosts making DNS requests, it will be possible to pinpoint misconfigured clients not keeping in a local cache the DNS server responses; this approach makes it possible to distinguish between an issue coming from the user’s workstation and one coming from the general function of the network.  Please note that hosts making a very high volume of DNS requests may correspond to a malicious behaviour; for example, some malwares try to establish connections to Internet by resolving domain names and sometimes the DNS protocol is used in cover channels to escape information.

3- Hosts generating high error volumes

We can also ask for the top hosts receiving most DNS error messages (non existing hosts, etc.). This will also put the light on misconfigured stations, generating an unnecessary traffic and lowering the overall network performance.

4- Updates between primary and secondary DNS servers

By analyzing the traffic coming from the DNS server, we can also verify that the update between primary and secondary DNS servers corresponds to our request. To do this, we need to identify the AXFR and IXFR transactions towards its Autorithy server. If these updates occur too often (and therefore generate an unnecessary traffic), we can conclude that there is an issue. If the bandwidth used is too large, it means that our DNS server requests a full zone transfer (AXFR) when an iterative transfer (IXFR) would have been more adequate. If this is the case, then the network administrator can take some easy steps to improve his network’s performance.

Here is an abstract of frequent findings on the impact of DNS on the network performance.


To learn how to troubleshoot network and application performance degradations in 4 easy steps, you can download our Performance Troubleshooting Guide: 

Performance Troubleshooting Guide

Topics: NPM, APM, DNS

Posted by Boris Rogier on 06 juin 2016
Boris Rogier
Find me on:

Most popular

Receive our Blog Articles