DNS Server Troubleshooting: 3 Free Tools
When troubleshooting application performance issues, network analysts might overlook name servers. Windows Internet Name Service (WINS), Lightweight Directory Access Protocol (LDAP), and Domain Name Service are the most common name servers in the corporate environment. Performance problems associated with name servers include overloaded servers, packet loss, and misconfigured clients.
Network analysts typically test name servers using ping to confirm a server is up and the network isn’t slow, or use Nslookup-type utilities to prove a DNS server is resolving names to IP addresses. There also are tools that perform a UDP or TCP port check for response time measurements, but they won’t actually perform a DNS lookup.
In this video, I focus on methods for troubleshooting DNS performance and demonstrate three free tools: The DNS Benchmark tool from Gibson Research Corporation, Google’s namebench utility, and DNS Jumper from Sordum.
Protocol or packet analysis is the most accurate and through method, but it involves quite a bit of work and isn't really scalable. First, you need to set up your analyzer to capture only DNS traffic (TCP or UDP), then you need to generate some DNS lookups. The simplest way to do this is to go to any news or social media site. Last, you need to review your trace and calculate your results. If you are comfortable with Wireshark, you could add a response time column and export as CSV, but then you need to use another application to calculate and report the results.
When testing DNS server performance, it's important to keep in mind what your goal is. All the tools I demonstrate here test from the first person perspective or the “end-user experience.” If you need to measure DNS performance from another angle, that is a different story altogether.
As I mention in the video, it's important to understand a tool's nuances in order to know what results are worth paying attention to and which to ignore. It's equally important to intentionally cause an error to see what the tool reports. In this case, I simply added a host to the DNS server list that is not a DNS server.
Recommended For You
DNSSEC authentication helps to ensure that a compromised DNS server won't send you to a hijacked server when you point a browser to a specific domain name.
In a world where numerous types of attacks pose as a serious threat to your PC or mobile device, it has always been known that ransomware is among the deadliest.
As with most fledging technologies, containers are constantly plagued by concerns over security.
All good things eventually come to an end. When is it time to create an entirely new network security strategy rather than updating an old one?
Here are six threats that every Wi-Fi system should be able to protect against.
Many companies, as well as 44% of the top SaaS providers, don’t have a fallback DNS option. A single outage could completely take their businesses offline.