You can monitor and report on Edge DNS service availability, traffic, and threats by creating reports in Control Center.

Edge DNS and Infrastructure Security Analytics reports

Edge DNS reports and Infrastructure Security Analytics reports provide real-time and historical reporting about the authoritative DNS service. Each report lets you display data on a dashboard according to selected filters.

The following reports monitor traffic on the service. Use these reports to analyze usage patterns, troubleshoot threats, forecast capacity, and compile information for others. Used together, these reports provide a rich picture of your Edge DNS traffic.

Edge DNS
Edge DNS Today
Edge DNS Zone Detail

Additionally, there are traffic reports that provide details about potential threats. A potential threat is defined as a large relative increase in NXDOMAIN responses, either as a sharp spike or as a sustained increase.

Edge DNS Threats Summary
Edge DNS Threat Details

If you are using Shield NS53 to protect origin infrastructure from DNS resource exhaustion attacks, these Edge DNS reports are available for Shield NS53:

Shield NS53 Proxy Availability
Shield NS53 Proxy Queries
Shield NS53 Proxy Top Usage
Shield NS53 Proxy Traffic
Shield NS53 Proxy Traffic by Region

To learn more about Shield NS53, see Overview of Shield NS53.

There are also four reports related to infrastructure security. These reports let you monitor DNS traffic and provide data on NXDOMAIN responses. If you enable NXDOMAIN spike detection, these reports inform administrators when a threshold for NXDOMAIN responses has been reached. These reports can be found under a separate category called Infrastructure Security Analysis.

Infrastructure Security Analytics - Security Summary
Infrastructure Security Analytics - Edge DNS Summary
Infrastructure Security Analytics - Edge DNS Zone Details
Infrastructure Security Analytics - NXDOMAIN Spike Details
Infrastructure Security Analytics - GTM NXDOMAIN Spike Details

📘
To view the Infrastructure Security Analytics reports with complete data, make sure you configure NXDOMAIN spike thresholds and enable dangling CNAME detection. For more information, see Set up infrastructure security analytics.

The table below summarizes the Edge DNS reports available on Control Center, and provides links to detailed information about each report.

Report	Description
Edge DNS Availability	Tracks availability (uptime) of the service for the selected contract and time frame up to 90 days. The report includes a graphic visualization displaying availability percentages over the selected time frame. Additionally, the report includes metrics for the average, maximum, and minimum availability.
Edge DNS	Includes traffic data on the service for the selected zones and time frame up to 90 days. The report provides graphic visualizations for DNS requests per second and NXDOMAIN responses per second, along with summary metrics for total DNS hits, peak DNS hits per second, total NXDOMAIN hits, and peak NXDOMAIN hits per second. Additionally, the report provides per-zone summary metrics for the number of DNS requests, number of NXDOMAIN responses, and percentage of NXDOMAIN responses.
Edge DNS Today	Includes more detailed traffic data than the Edge DNS report, for the selected zones and time frame up to 14 days. The report provides a heat map of query source locations by geographic region, along with graphic visualizations and metrics of DNS requests and nonexistent domain (NXDOMAIN) responses.
Edge DNS Zone Detail	Includes even more traffic data than the Edge DNS Today report, for one selected zone during the selected time frame up to 14 days. The report provides a heat map of query source locations by geographic region, along with graphic visualizations and analytics of DNS requests. Additionally, the report provides hits per second over time, record-level counts, and top NXDOMAINs for the selected time frame. Record-level counts are helpful to learn about use at the label level. Top NXDOMAINs help characterize and understand a common attack vector known as random subdomain, where an attacker gains control over a subdomain of a target domain.
Edge DNS Threats Summary	Includes summary data about potential threats associated with the selected zones and time frame up to 90 days. The report includes graphic visualizations of DNS requests per second and NXDOMAIN responses per second over time, a table summarizing the graph metrics, and a table listing per-zone metrics of potential threats. Additionally, the report includes a link to each zone's Edge DNS - Threat Details report for further threat analysis.
Edge DNS Threat Details	Provides more data than the Edge DNS - Threats Summary report about potential threats associated with one selected zone for the selected time frame up to 90 days. For the selected zone threat, the report provides threat summary metrics and graphic visualizations of DNS requests per second and NXDOMAIN responses per second, heat maps with DNS request counts and NXDOMAIN response counts by geographic region, and record-level counts of the most-requested existing DNS records and most-requested nonexistent DNS records.
Shield NS53 Proxy Availability	Provides data on Shield NS53 service availability and response times. This data includes DNS response times, the minimum and maximum number of DNS responses within a specific response time, and data on the overall availability of the service. This data is shown for a specific shield configuration.
Shield NS53 Proxy Queries	Provides data on the number of queries that were processed and the number of queries that were blocked by Shield NS53. This data is shown for a specific shield configuration.
Shield NS53 Proxy Top Usage	Provides data on traffic that was directed to Shield NS53. This report includes data on the most requested domains and IP addresses and the top events that occurred for those domains and IP addresses. This data is shown for a specific shield configuration.
Shield NS53 Proxy Traffic	Provides data on DNS requests and responses directed to Shield NS53. This data includes the total number of DNS requests and responses, the number of DNS requests and responses based on autonomous system (AS) region, the number of DNS responses served from the resolver’s cache, and the number of DNS responses that were positive or negative. This data is shown for a specific shield configuration.
Shield NS53 Proxy Traffic by Region	Provides graphical data on DNS requests and responses based on autonomous system (AS) regions. This data is shown for a specific shield configuration.

The next table summarizes the Infrastructure Security Analytics reports available on Control Center, and provides links to detailed information about each report.

Report	Description
Infrastructure Security Analytics - Security Summary	Provides an overview of the security posture of your infrastructure security products. It includes data visualizations for events across these delivery and security products: Edge DNS, Prolexic, Shield NS53, GTM, and App & API Protector.
Infrastructure Security Analytics - Edge DNS Summary	Provides details on DNS requests and NXDOMAIN responses. This report shows the total number of DNS responses, NXDOMAIN spikes, and the percentage of traffic that contains NXDOMAIN responses. It also shows the countries where most requests and NXDOMAIN responses occurred.
Infrastructure Security Analytics - Edge DNS Zone Details	Provides data on DNS traffic, NXDOMAIN responses, and NXDOMAIN spikes in a selected zone or in multiple zones. This report shows the countries where most DNS requests and NXDOMAIN responses occurred.
Infrastructure Security Analytics - NXDOMAIN Spike Details	Provides additional information on NXDOMAIN spikes. This data includes overall DNS traffic, NXDOMAIN responses, NXDOMAIN spikes, the countries where most DNS request and NXDOMAIN responses occurred, and the peak rate of DNS traffic and NXDOMAIN responses. The report also identifies the most requested domain and the most requested NXDOMAIN record.
Infrastructure Security Analytics - GTM NXDOMAIN Spike Details	Provides additional information on NXDOMAINS spikes for Global Traffic Management (GTM) DNS traffic. This data includes overall DNS traffic, NXDOMAIN responses, NXDOMAIN spikes, the countries where most DNS request and NXDOMAIN responses occurred, and the peak rate of DNS traffic and NXDOMAIN responses.

Configure Edge DNS and Infrastructure Security Analytics reports

The time ranges and details returned by a report varies based on the filter values you choose. By default, the first time you access a report in your account, the report displays data for the current day. When you change the date range, the system remembers your configuration and ties it to your account ID. The next time you access the report with your account, the report displays data for the last configured date range.

Complete the following instructions to configure specific report. For additional information, see also How to use reports.

Log in to Control Center.
📘
Reports are available based on the services you use and your permissions in Control Center.
For Edge DNS reports, in the left sidebar, hover over the Edge DNS icon and from the context menu, select a report from these options:
- Edge DNS
- Edge DNS - Availability
- Edge DNS - Today
- Edge DNS - Zone Detail
- Edge DNS - Threats Summary
- Edge DNS - Threat Details
- Shield NS53 Proxy Availability
- Shield NS53 Proxy Queries
- Shield NS53 Proxy Top Usage
- Shield NS53 Proxy Traffic
- Shield NS53 Proxy Traffic by Region
For Infrastructure Security Analytics reports, in the left sidebar, hover over the Infrastructure Security Analytics (ISA) icon and from the context menu, select a report from these options:
- Infrastructure Security Analytics - Edge DNS Summary
- Infrastructure Security Analytics - Edge DNS Zone Details
- Infrastructure Security Analytics - NXDOMAIN Spike Details
- Infrastructure Security Analytics - Security Summary
- Infrastructure Security Analytics - GTM NXDOMAIN Spike Details
The report panel on the left side of the page appears dimmed, and the Select filters panel on the right is active.

Select filter values to refine the report data. For guidance, see Date ranges and Filters. When you are done, click Apply.

The Select filters panel closes. The report dashboard displays on the page.

Schedule report delivery

After you've configured a report, you can schedule it for email delivery. Select filters and view the report in the browser before scheduling it for delivery. For additional information, see Scheduled reports.

In the browser, open the report you want to schedule for delivery.
Click the graph icon on the top toolbar and select Schedule/Send now.

You see non-editable details for the chosen report.
In the Report Name field, enter the report name.

The name defaults to the metric for the report, which you can edit it.
Enter one or more email addresses for the report recipients. Separate email addresses with a comma; do not insert any spaces.
Select one of the available delivery frequencies:
- Once
- Daily
- Weekly
- Monthly
If you selected a Daily, Weekly, or Monthly frequency, select a date range.
Select one of the following formats.
- HTML
- CSV
From the Visualizations menu, select charts that you want included.
Click Apply.

Get report data with the Reporting API

In addition to using the Reporting service in Control Center, you can use the Akamai Reporting API to retrieve reporting data for Infrastructure Security Analytics reports. The Reporting API allows you to generate data in a range of intervals. For example, based on the time period you define, you can show data in five minute or monthly intervals.

📘
The Reporting API currently has two supported versions, v1 and v2. V2 is the latest version. However, some of the reports have not been migrated to v2. As a result, many reports require that you use v1.

These Infrastructure Security Analytics reports are available in the Reporting API. In the following table, click the provided report link to learn more about each report in the API.

To learn how to set up the API for the first time, see the Get Started section for the Reporting API version you require.

To get data for a v1 report, see the Reporting v1 API documentation.
To get data for a v2 report, see the Reporting v2 API documentation.

Product	Report	Description	API Version	Report Version
Edge DNS	security-analytics-edns-traffic-by-time	Shows Edge DNS traffic based on time.	v1	1
	security-analytics-zone-nxdomain-spikes	Shows NXDOMAIN spikes for Edge DNS zones.	v1	1
	security-analytics-dangling-cnames	Shows dangling CNAME events for Edge DNS zones.	v1	1
	security-anlaytics-hijacked-domains	Shows hijacked domains for Edge DNS zones.	v1	1
	delivery/traffic/current	Shows Edge DNS traffic in bits per second (bps) and packets per second (pps).	v2	-
	dns-analytics-edns-traffic-by-zone	Shows Edge DNS traffic based on zone.	v1	1
Shield NS53	security-analytics-proxy-sps-processed-by-time"	Shows Shield NS53 traffic data such as refused requests, processed requests, and NXDOMAIN spikes.	v1	1
Shield NS53	security-analytics-proxy-nxdomain-spikes	Shows NXDOMAIN spikes for shields.	v1	1
App & API Protector	dns-analytics-aap-traffic-by-time	Shows the number of detected denial-of-service (DoS) attacks, web application firewall (WAF) attacks, and bot attacks.	v1	1
	security-analytics-aap-traffic-by-time	Shows traffic App & API Protector classifies as denial-of-service (DoS) traffic, web application firewall (WAF) attack traffic, and bot attack traffic.	v1	1
	security-analytics-aap-attacks	Shows large spikes in denial-of-service (DoS) traffic and web application firewall (WAF) traffic.	v1	1
	security-analytics-roi-attack-timeseries	Shows attack data across all your infrastructure security products.	v1	1
Global Traffic Management (GTM)	dns-analytics-gtm-domain-traffic-by-time	Shows all DNS requests, requests with NXDOMAIN responses, and requests that do not have NXDOMAIN responses.	v1	3
	dns-analytics-gtm-domain-queries-by-geo	Shows DNS requests by country and NXDOMAIN responses by country geomap.	v1	3
	security-analytics-gtm-nxdomain-spikes	Shows NXDOMAIN spikes for GTM domains.	v1	1
Prolexic	dns-analytics-plx-traffic-by-time	Shows data on Prolexic traffic before it reaches Akamai scrubbing center in bps and pps.	v1	2
Prolexic	dns-analytics-plx-events	Shows Prolexic event data such as type of event, the severity level of the event, when the threat was detected, and more.	v1	2