Guide

Monitor and report on service, traffic, and threats

Suggest Edits

You can monitor and report on Edge DNS service availability, traffic, and threats by creating reports in ​Control Center.

Alternatively, you can monitor traffic programmatically using the ​Akamai​ Reporting API. With this API, you can retrieve DNS hit information to monitor traffic in real time.

Edge DNS and Infrastructure Security Analytics reports

Edge DNS reports and Infrastructure Security Analytics reports provide real-time and historical reporting about the authoritative DNS service. Each report lets you display data on a dashboard according to selected filters.

The following reports monitor traffic on the service. Use these reports to analyze usage patterns, troubleshoot threats, forecast capacity, and compile information for others. Used together, these reports provide a rich picture of your Edge DNS traffic.

  • Edge DNS
  • Edge DNS Today
  • Edge DNS Zone Detail

Additionally, there are traffic reports that provide details about potential threats. A potential threat is defined as a large relative increase in NXDOMAIN responses, either as a sharp spike or as a sustained increase.

  • Edge DNS Threats Summary
  • Edge DNS Threat Details

If you are using Shield NS53 to protect origin infrastructure from DNS resource exhaustion attacks, these Edge DNS reports are available for Shield NS53:

  • Shield NS53 Proxy Availability
  • Shield NS53 Proxy Queries
  • Shield NS53 Proxy Top Usage
  • Shield NS53 Proxy Traffic
  • Shield NS53 Proxy Traffic by Region

To learn more about Shield NS53, see Overview of Shield NS53.

There are also four reports related to infrastructure security. These reports let you monitor DNS traffic and provide data on NXDOMAIN responses. If you enable NXDOMAIN spike detection, these reports inform administrators when a threshold for NXDOMAIN responses has been reached. These reports can be found under a separate category called Infrastructure Security Analysis.

  • Infrastructure Security Analytics - Security Summary
  • Infrastructure Security Analytics - Edge DNS Summary
  • Infrastructure Security Analytics - Edge DNS Zone Details
  • Infrastructure Security Analytics - NXDOMAIN Spike Details

📘

To view the Security Analytics reports with complete data, make sure you configure NXDOMAIN spike thresholds and enable dangling CNAME detection. For more information, see Set up security analytics.

The table below summarizes the Edge DNS reports available on ​Control Center​, and provides links to detailed information about each report.

ReportDescription
Edge DNS AvailabilityTracks availability (uptime) of the service for the selected contract and time frame up to 90 days.

The report includes a graphic visualization displaying availability percentages over the selected time frame. Additionally, the report includes metrics for the average, maximum, and minimum availability.

Edge DNSIncludes traffic data on the service for the selected zones and time frame up to 90 days.

The report provides graphic visualizations for DNS requests per second and NXDOMAIN responses per second, along with summary metrics for total DNS hits, peak DNS hits per second, total NXDOMAIN hits, and peak NXDOMAIN hits per second. Additionally, the report provides per-zone summary metrics for the number of DNS requests, number of NXDOMAIN responses, and percentage of NXDOMAIN responses.

Edge DNS TodayIncludes more detailed traffic data than the Edge DNS report, for the selected zones and time frame up to 14 days.

The report provides a heat map of query source locations by geographic region, along with graphic visualizations and metrics of DNS requests and nonexistent domain (NXDOMAIN) responses.

Edge DNS Zone DetailIncludes even more traffic data than the Edge DNS Today report, for one selected zone during the selected time frame up to 14 days.

The report provides a heat map of query source locations by geographic region, along with graphic visualizations and analytics of DNS requests. Additionally, the report provides hits per second over time, record-level counts, and top NXDOMAINs for the selected time frame.

Record-level counts are helpful to learn about use at the label level. Top NXDOMAINs help characterize and understand a common attack vector known as random subdomain, where an attacker gains control over a subdomain of a target domain.

Edge DNS Threats Summary Includes summary data about potential threats associated with the selected zones and time frame up to 90 days.

The report includes graphic visualizations of DNS requests per second and NXDOMAIN responses per second over time, a table summarizing the graph metrics, and a table listing per-zone metrics of potential threats. Additionally, the report includes a link to each zone's Edge DNS - Threat Details report for further threat analysis.

Edge DNS Threat Details Provides more data than the Edge DNS - Threats Summary report about potential threats associated with one selected zone for the selected time frame up to 90 days.

For the selected zone threat, the report provides threat summary metrics and graphic visualizations of DNS requests per second and NXDOMAIN responses per second, heat maps with DNS request counts and NXDOMAIN response counts by geographic region, and record-level counts of the most-requested existing DNS records and most-requested nonexistent DNS records.

Shield NS53 Proxy AvailabilityProvides data on Shield NS53 service availability and response times. This data includes DNS response times, the minimum and maximum number of DNS responses within a specific response time, and data on the overall availability of the service. This data is shown for a specific shield configuration.
Shield NS53 Proxy QueriesProvides data on the number of queries that were processed and the number of queries that were blocked by Shield NS53. This data is shown for a specific shield configuration.
Shield NS53 Proxy Top UsageProvides data on traffic that was directed to Shield NS53. This report includes data on the most requested domains and IP addresses and the top events that occurred for those domains and IP addresses. This data is shown for a specific shield configuration.
Shield NS53 Proxy TrafficProvides data on DNS requests and responses directed to Shield NS53. This data includes the total number of DNS requests and responses, the number of DNS requests and responses based on autonomous system (AS) region, the number of DNS responses served from the resolver’s cache, and the number of DNS responses that were positive or negative. This data is shown for a specific shield configuration.
Shield NS53 Proxy Traffic by RegionProvides graphical data on DNS requests and responses based on autonomous system (AS) regions. This data is shown for a specific shield configuration.

The next table summarizes the Infrastructure Security Analytics reports available on ​Control Center​, and provides links to detailed information about each report.

ReportDescription
Infrastructure Security Analytics - Security SummaryProvides data on DNS traffic, NXDOMAIN responses, and based on configured thresholds, the NXDOMAIN spikes in your selected zone or zones. This report also correlates data to show information on DNS traffic across these delivery and security products: Prolexic, App & API Protector, and Web Security.
Infrastructure Security Analytics - Edge DNS SummaryProvides details on DNS requests and NXDOMAIN responses. This report shows the total number of DNS responses, NXDOMAIN spikes, and the percentage of traffic that contains NXDOMAIN responses. It also shows the countries where most requests and NXDOMAIN responses occurred.
Infrastructure Security Analytics - Edge DNS Zone DetailsProvides data on DNS traffic, NXDOMAIN responses, and NXDOMAIN spikes in a selected zone or in multiple zones. This report shows the countries where most DNS requests and NXDOMAIN responses occurred.
Infrastructure Security Analytics - NXDOMAIN Spike DetailsProvides additional information on NXDOMAIN spikes. This data includes overall DNS traffic, NXDOMAIN responses, NXDOMAIN spikes, the countries where most DNS request and NXDOMAIN responses occurred, and the peak rate of DNS traffic and NXDOMAIN responses. The report also identifies the most requested domain and the most requested NXDOMAIN record.

Configure Edge DNS and Infrastructure Security Analytics reports

The time ranges and details returned by a report varies based on the filter values you choose. By default, the first time you access a report in your account, the report displays data for the current day. When you change the date range, the system remembers your configuration and ties it to your account ID. The next time you access the report with your account, the report displays data for the last configured date range.

Complete the following instructions to configure specific report. For additional information, see also How to use reports.

  1. Log in to ​Control Center​.

  2. Go to > COMMON SERVICES > Traffic reports.

    📘

    Reports are available based on the services you use and your permissions in ​Control Center​.

  3. For Edge DNS reports, in the left sidebar, hover over the Edge DNS icon and from the context menu, select a report from these options:

    • Edge DNS
    • Edge DNS - Availability
    • Edge DNS - Today
    • Edge DNS - Zone Detail
    • Edge DNS - Threats Summary
    • Edge DNS - Threat Details
    • Shield NS53 Proxy Availability
    • Shield NS53 Proxy Queries
    • Shield NS53 Proxy Top Usage
    • Shield NS53 Proxy Traffic
    • Shield NS53 Proxy Traffic by Region

  4. For Infrastructure Security Analytics reports, in the left sidebar, hover over the Infrastructure Security Analytics (ISA) icon and from the context menu, select a report from these options:

    • Infrastructure Security Analytics - Edge DNS Summary
    • Infrastructure Security Analytics - Edge DNS Zone Details
    • Infrastructure Security Analytics - NXDOMAIN Spike Details
    • Infrastructure Security Analytics - Security Summary

  5. The report panel on the left side of the page appears dimmed, and the Select filters panel on the right is active.

    Select filter values to refine the report data. For guidance, see Date ranges and Filters. When you are done, click Apply.

    The Select filters panel closes. The report dashboard displays on the page.

Schedule report delivery

After you've configured a report, you can schedule it for email delivery. Select filters and view the report in the browser before scheduling it for delivery. For additional information, see Scheduled reports.

  1. In the browser, open the report you want to schedule for delivery.

  2. Click the graph icon on the top toolbar and select Schedule/Send now.

    You see non-editable details for the chosen report.

  3. In the Report Name field, enter the report name.

    The name defaults to the metric for the report, which you can edit it.

  4. Enter one or more email addresses for the report recipients. Separate email addresses with a comma; do not insert any spaces.

  5. Select one of the available delivery frequencies:

    • Once
    • Daily
    • Weekly
    • Monthly

  6. If you selected a Daily, Weekly, or Monthly frequency, select a date range.

  7. Select one of the following formats.

    • HTML
    • CSV

  8. From the Visualizations menu, select charts that you want included.

  9. Click Apply.

Updated 7 months ago