DNSQuery tracks flows to/from campus by host and domain as determined by PTR lookup. Domain names are determined by PTR lookups, which do not have high
reliability. Domains can only be tracked with a PTR lookup; hosts are
tracked either way.
Key fields are
day, host, class and type. Based on this, you can determine the max value and
well as daily average per host or domain. In order to be eligible for this
report, over a five minute period, the combined in/out must be above
1Mbps. This is a defensive mechanism to help prevent against DoS of
You can mix and match FQDN and Subnet parameters.
Stats are available by total, ipv4 or ipv6. As of 2012/08/10, per family stats are hidden by default to make the table smaller.
Toggling 'local' or 'external' under 'Categories' examines hosts either local or external to campus.
Click 'hide_ip_only_hosts' to see only stats for which the PTR lookup succeeded, or 'only_ip_hosts' to see stats for which the PTR lookup didn't succeed.
fqdn depth min/max enables you to look at stats for a specific domain depth. Enter 1 into the 'max' box to enable a tree like view of DNS.
Under 'Family', click require_v4, require_v6, no_v4 or no_v6 to well, take the requested action.
Clicking on column
headers sorts by that column. Click twice to switch between ascending
an descending sort order. You can also sort by time and by values by
clicking a dataset column first followed by a time column.
Clicking on a value inserts that value into the search query.
column describes what percentage of datapoint intervals a row
represents. For example, if host/domain A was only above 1Mbps 50%
of the time, the value of this column will be 50%. You can force
sorting to respect this column above all else by checking 'prefer
cardinality' in the options box.
If graphs of the host are available, there will be a hyperlink displayed in the 'FQDN' column labeled 'graphs(s)'.
If perusing domains and information about hosts or other subdomains are available, there will
be a hyperlink displayed in the 'FQDN' column labeled 'subdomain(s)'