Overview
The DNS traffic analysis feature is a major upgrade to the Query Volume Statistics feature of Internet Authoritative DNS. It analyzes DNS query traffic characteristics for domain names hosted on Alibaba Cloud DNS to help you achieve efficient DNS O&M. This feature also provides a 90-day raw log archive service to meet your log audit and compliance needs. DNS traffic analysis includes the following features:
DNS query volume statistics, including query volume trends and rankings by domain name.
DNS query source analysis.
DNS line hit analysis.
DNS response characteristic analysis.
Detailed DNS response log query.
To use the DNS traffic analysis feature, see Enable or disable traffic analysis for a domain name. If your DNS query volume is high, we recommend that you purchase Authoritative DNS Traffic Analysis (Data Transfer Plan).
DNS query volume statistics count the number of DNS queries initiated from a carrier's local DNS to Alibaba Cloud DNS. This count is not the same as website traffic. This is because after a carrier's local DNS queries Alibaba Cloud DNS and receives a result, it does not send another query for the same domain name until the TTL cache expires. However, the statistics can indirectly reflect website access patterns. Similarly, the geographic distribution of query sources refers to the location of the carrier's local DNS that sends the queries.
Scenarios
1. Observe DNS resolution status during migration
When you migrate your domain name resolution service from another provider to Alibaba Cloud DNS, you can determine whether DNS query traffic has been migrated to Alibaba Cloud DNS. You can use the Query Volume Statistics feature of DNS traffic analysis to check the query data for the domain name. If the query volume gradually increases, this indicates that query traffic is being sent to Alibaba Cloud DNS. You can also use the query source analysis feature to see which regions are gradually sending queries to Alibaba Cloud DNS. For carriers in regions with no traffic, the local carrier's DNS cache may not have expired. This prevents query traffic from local networks from being directed to Alibaba Cloud DNS servers.
2. Observe status after a DNS record change
After you change a DNS record, you can use the DNS traffic analysis service to determine whether the change has taken effect. For example, after you add a subdomain record for an online service, you can use the Query Volume Statistics feature to observe the query traffic trend for the new subdomain and determine the service's online status. If you configure split-zone resolution for a domain name, for example, by adding a fine-grained line policy (such as resolving China East (Telecom) to 1.1.X.X), you can use the line hit analysis feature. This lets you check if the new line for the domain name is receiving query hits and confirm that the policy is receiving DNS traffic.
3. Troubleshoot DNS resolution accuracy
When you troubleshoot issues with the accuracy of DNS query scheduling for endpoints such as PCs or mobile phones, you can use the detailed DNS response log feature of DNS traffic analysis to find the corresponding response logs. For example, you can access a special, non-public service subdomain from an endpoint and then use that subdomain to find its detailed DNS response log. From the log, you can check the source IP of the DNS query and use the IP's region and carrier properties to confirm whether there is a scheduling inaccuracy.
Limits
You must subscribe to the Alibaba Cloud DNS (Pay-As-You-Go) product before you can use the DNS traffic analysis feature. After you subscribe, you can enable the feature for any domain name. For more information about the billing rules, see Billing.
If you have not activated the Authoritative DNS Advanced Service (Pay-As-You-Go), you can still use the Query Volume Statistics feature for domain names that are attached to a purchased Authoritative Hosted Domain Name (Subscription) plan. However, you cannot use other advanced features of DNS traffic analysis, such as query source analysis, line hit analysis, response characteristic analysis, or detailed response log query. Domain names using the Free Edition of DNS cannot use any DNS traffic analysis features.
The DNS traffic analysis feature only supports analysis and statistics for resolution data from the last 90 days. The underlying raw DNS resolution logs are also stored for only 90 days.
If a DNS server is under a large-scale flood attack, a sharp increase in resource usage, such as bandwidth, may prevent the complete recording of domain name resolution traffic logs during the attack.