This topic introduces the DNS traffic analysis feature.
Overview
The Domain Name System (DNS) traffic analysis feature is a new form of the feature for collecting statistics on DNS requests. This feature analyzes the characteristics of DNS requests for the domain names and subdomain names hosted on the public authoritative DNS servers of Alibaba Cloud DNS. This helps you perform efficient O&M on the DNS servers. In addition, this feature stores the raw DNS logs of the last 90 days to meet the requirements for log auditing and compliance. The DNS traffic analysis feature provides the following capabilities:
statistics on DNS requests, including the trend and ranking of the numbers of DNS requests
analysis of DNS request sources
analysis of matched DNS lines
analysis of DNS response characteristics
query for DNS response details logs
The DNS traffic analysis feature collects statistics on DNS requests that are sent from the local DNS servers of Internet service providers (ISPs) to the public authoritative DNS servers of Alibaba Cloud DNS. After the local DNS servers obtain the resolution results for the domain names from the public authoritative DNS servers, the local DNS servers do not send DNS requests for these domain names to the public authoritative DNS servers within the time-to-live (TTL) periods of the cached DNS records configured for these domain names. Therefore, the number of DNS requests counted by the DNS traffic analysis feature is not equivalent to the website page view but can reflect the website access situation. Similarly, the distribution of DNS request sources by region refers to the distribution of local DNS servers that send DNS requests by region.
Scenarios
1. Check whether DNS resolution takes effect after DNS record migration
After you migrate the DNS records added for your domain names from the DNS servers of third-party DNS service providers to the public authoritative DNS servers of Alibaba Cloud DNS, you can use the DNS traffic analysis feature to collect statistics on the DNS requests for the domain names sent to the public authoritative DNS servers. If the number of DNS requests gradually increases, the DNS requests are gradually sent to the public authoritative DNS servers of Alibaba Cloud DNS after migration. You can also use the DNS traffic analysis feature to observe from which regions the DNS requests are sent to the public authoritative DNS servers of Alibaba Cloud DNS. If some regions do not have DNS requests sent to the public authoritative DNS servers, the possible cause is that the DNS servers of ISPs in these regions still cache valid DNS records for the domain names.
2. Check whether DNS records take effect after modification
After you modify DNS records, you can use the DNS traffic analysis feature to check whether the DNS records take effect. For example, after you add a DNS record for a subdomain name for online business, you can use the DNS traffic analysis feature to observe the trend for the number of DNS requests for the subdomain name and evaluate the business status. If you select a fine-grained line in a DNS record for a domain name for intelligent DNS resolution, for example, return 1.1.X.X to the DNS request from China Telecom in East China, you can use the DNS traffic analysis feature to check whether a DNS request for the domain name matches the resolution line. This way, you can determine whether a DNS request from the resolution line is sent and responded to.
3. Troubleshoot DNS resolution accuracy issues
To check whether DNS resolution results are accurately returned to clients such as personal computers (PCs) and mobile phones, you can use the DNS traffic analysis feature to query corresponding DNS response details logs. For example, after a client sends a DNS request for a special subdomain name, you can query the DNS response details log by using the subdomain name. In the log, you can view the IP address of the DNS request source and check whether the DNS resolution inaccuracy exists based on the regional ISP of the IP address.
Limits
To use the DNS traffic analysis feature, you must first activate Authoritative DNS Advanced Service (Pay-as-you-go). The service is billed based on a pay-as-you-go basis. After you activate the service, you can enable the DNS traffic analysis feature for specific domain names within the current account. For more information, see Pricing.
If you have not activated Authoritative DNS Advanced Service (Pay-as-you-go) but have purchased a paid Alibaba Cloud DNS instance and bound the instance to multiple domain names, you can still use the DNS traffic analysis feature to only collect statistics on DNS requests. However, you cannot use other advanced capabilities of the DNS traffic analysis feature, such as analysis of DNS request sources, analysis of matched DNS lines, analysis of DNS response characteristics, and query for DNS response details logs. The DNS traffic analysis feature does not apply to the domain names that are bound to free Alibaba Cloud DNS instances.
The DNS traffic analysis feature can analyze and collect statistics on the DNS resolution data only within the last 90 days, and can store raw DNS logs only within the last 90 days.
When DNS servers are attacked by a very high volume of traffic, some DNS logs may not be recorded due to excessive usage of resources such as bandwidth.