Cloud Visibility
Application Performance
Network Performance Optimization
Industries
Platform
About Us
Learn
Blogs
Improved delivery, better visibility: How Accedian and VMware are working together to help CSPs navigate the 5G world
Adding a new dimension of visibility to the Cisco Full-Stack Observability portfolio with Accedian Skylight
Tools & Support
DNS and network performance issues
The Domain Name System (DNS), defined in detail in RFCs #1034 and 1035, is key to the proper functioning and good performance of TCP/IP networks. DNS works in a hierarchical way, meaning that if one of the DNS servers is misconfigured or compromised, each of the network components that relies on it is also impacted. Although the DNS protocol is quite simple, it can lead to a significant number of network performance issues, particularly configuration issues that affect network performance, as well as security issues that jeopardize network integrity.
The purpose of this article is to cover the main configuration issues you may encounter with DNS when it comes to network performance issues.
4 network performance issues due to incorrectly configured DNS
DNS servers require very high availability to resolve all the names into IP addresses that are necessary for the proper functioning of applications on the network. An overloaded DNS server will take some time to respond to a name request and will slow down all applications that have no DNS data in their cache. An analysis of the DNS flows on the network will reveal some DNS performance issues such as:
1) Elevated DNS resolution times
If we observe that the mean time between the client request—which is trying to resolve www.google.com into an IP address—is significantly higher than average (i.e., on a LAN it should remain close to 1 ms), it means that the DNS server has an issue with regards to the caching of DNS names. The DNS cache system makes it possible to resolve a name without a new request to the DNS server, which has authority for the DNS zone, for the IP address corresponding to the name. Hence, if the response time is high, first the application will be slow from the user’s point of view, and secondly, it will include an unnecessary consumption of bandwidth. This bandwidth will be wasted on both the LAN and the Internet link (if we hypothesize that the authority server sits on the Internet). If we consider the case of a fairly large organization, the bandwidth used by DNS traffic will not be negligible and will represent an additional charge.
2) Hosts generating abnormal query volumes
If we determine the top hosts making DNS requests, it will be possible to pinpoint misconfigured clients not keeping the DNS server responses in a local cache; this approach makes it possible to distinguish between an issue coming from the user’s workstation and one coming from the general functioning of the network. Please note that hosts making a very high volume of DNS requests may correspond to a malicious behaviour; for example, some malware tries to establish connections to the Internet by resolving domain names and sometimes the DNS protocol is used in cover channels to exfiltrate information.
3) Hosts generating high error volumes
We can also ask for the top hosts receiving most DNS error messages (i.e., non-existing hosts, etc.). This will also shine a light on misconfigured workstations—generating an unnecessary traffic and lowering the overall network performance.
4) Updates between primary and secondary DNS servers
By analyzing traffic coming from the DNS server, we can also verify that the updates between primary and secondary DNS servers correspond to our request. To do this, we need to identify the full zone transfer (AXFR) and iterative transfer (IXFR) transactions towards its Authority server. If these updates occur too often—and therefore generate an unnecessary volume of traffic—we can conclude that there is an issue. If the bandwidth used is too high, it means that our DNS server requests a full zone transfer (AXFR) when an iterative transfer (IXFR) would have been more adequate. If this is the case, then the network administrator can take some easy steps to improve network performance.
See “DNS query types and application troubleshooting: an introduction“, the first in a series of articles covering some important aspects to know about the DNS protocol, including the DNS query and DNS response, when troubleshooting application performance issues.