06-19-2013 12:40 PM
We just received our reporting server, installed it, and are starting to get data out of it. Right off the bat, we're finding some outliers to look at. Good, right? Well, maybe.
1: DNS Top clients - We found one client generating 40% of the total queries.
2: DNS Top requested domain names - found one domain name (internal) that's getting 10 million requests per day, etc...
However, we can't seem to be able to go to the next logical step and find out details, and this is killing us.
For #1 - What is this client querying for??
For #2 - Who is querying for this domain name??
This type of detail is what we MUST have before contacting any of the other groups looking for resolution, or it'll just get put in the "when I get around to looking for it" pile. Is there no way to get this detailed information? For the cost of the tool, I assume it's just something we're missing.