06-13-2019 12:01 AM - edited 06-13-2019 01:19 AM
06-14-2019 02:39 AM
4 weeks ago - last edited 4 weeks ago
You can see the DNS query is stored in the index called"ib_dns/ib_dns_summary", where the DNS query capture stored in the ib_dns_capture.
The DNS Query store all the DNS statistic information including the top clients, qps trend, requested domain, CHR etc. However, this category is a summary of DNS utilization only.
If you would like to obtains "DNS Top Clients Per Domain", "DNS Query Trend Per IP Block Group", and "DNS RPZ Rule Hit Configuration", you need to enable the feature in the "DNS" under Reporting properties.
If you are looking for the the detail relationship between clients and the requested DNS RR, you need to turn on the DNS query Capture. for examples: "DNS Top Clients by Query Type", "DNS Domains Queried by Client".
Please remind that if the DNS query capture category is enabled, it may use a large number of indexing capacity and storage.