Custom DNS

Custom DNS enables customers to specify the IP address of the DNS server that they want used to perform reverse DNS lookups. Custom DNS is covered in the following topics:

• About Custom DNS
• Custom DNS Page
• Verify DNS Dialog
• Configuring Custom DNS

Note: Custom DNS involves query-side operations that have no impact on what data is stored in KDE. For a

One of the options available in the Advanced Options section of the Query pane in Data Explorer (see Query Advanced Options) is Enable Reverse DNS Lookups. When this switch is on and IP/CIDR is a dimension of the query then Kentik Detect will look up the host name corresponding to each IP address returned in the IP/CIDR column of the query results. The name will be shown in parentheses after the IP address, e.g. “123.45.210.12/32 (www.host_name.com).”

The DNS server that Kentik uses by default for reverse DNS lookup can find the host name only for a public IP address; for private IP addresses (RFC 1918) a hyphen will be displayed instead of a name. Using Custom DNS, however, you can specify the IP of one or more alternate DNS servers to be used for the lookup instead of the default server. If a Custom DNS server is specified then the host names displayed in the IP/CIDR column will be sourced from the specified alternate server.

Because Custom DNS involves only query-side operations, it has no impact on what data is stored in KDE. This means that the host name displayed for a given IP address will always be the current value returned from a DNS lookup. For queries that involve tracking an IP’s host name changes over time, you can send flow to Kentik via kproxy (see About the Proxy Agent) and enable the host name to be stored in your KDE flow records using the -dns argument that is explained in kproxy Proxy Agent Arguments.

Notes:
- To enable parallel lookups, you may have multiple Custom DNS server(s) registered simultaneously.
- Your Custom DNS server(s) must be available to query from Kentik Detect. To ensure secure access, the IP address that will be used by Kentik to connect to the server is shown on your Custom DNS page in the Kentik Detect portal.
- Lookups are done at query-time rather than at ingest, which means that there is currently no host name dimension available for group-by or filtering. We are evaluating the use cases for a future update that would enable a host name dimension.
- Any delay in reaching a Custom DNS server will add to query response time. If the response of a Custom DNS server is sufficiently delayed (e.g. in case of “Internet weather “) then timeouts may result.

The Custom DNS page (Admin » Custom DNS) is used to specify the IP address of one or more alternate DNS servers to be used for reverse DNS lookup instead of the default servers used for this purpose by Kentik Detect.

The Custom DNS page is made up of the following UI elements:

• Info field (indicated by info icon): Provides the IP address from which Kentik Detect will query the Custom DNS servers added to the DNS Servers list. The listed servers must allow reverse DNS lookup from this IP.
• Add DNS IP field: Enter the IP address of an alternate server to use for reverse DNS lookups.
• Add button: Enabled when an IP address has been entered in the Add DNS IP field. Click to add the IP address to the DNS Servers list.
• DNS Servers list: A list of the IP addresses of servers to use for reverse DNS lookups. May contain multiple servers.
• Verify Reverse DNS Lookup button: Opens the Verify Reverse DNS Lookup dialog (see Verify DNS Dialog).

The Verify Reverse DNS Lookup dialog is used to confirm that the Custom DNS servers at the IPs listed in the DNS Servers list are working for reverse DNS lookup.

The dialog is made up of the following UI elements:

• Close button: Click the X in the upper right corner to close the dialog.
• IP Address field: Enter an IP address upon which to perform a reverse DNS lookup using the Custom DNS servers in the DNS Servers list.
• Resolve button: Enabled when an IP address has been entered in the Add DNS IP field. Click to resolve the IP address to a host name.
• Result field: Appears after a lookup has been attempted with the Resolve button, and indicates the result, either Success or Fail.

For more information on using the dialog, see Verify a Custom DNS Server.

Configuration of a Custom DNS on the Custom DNS page (Admin » Custom DNS) is covered in the following topics:

• Add a Custom DNS Server
• Verify a Custom DNS Server
• Remove a Custom DNS Server

To add a Custom DNS server:

1. On the Custom DNS page, enter the IP of a DNS server into the Add DNS IP field. The Add button at the right of the field will be enabled.
2. Click the Add button:
   - If valid, the IP address will be added to the DNS Servers list at right.
   - If the IP is not valid, a notification will appear and the IP will not be added to the list.

To confirm that the Custom DNS servers at the IPs listed in the DNS Servers list are working for reverse DNS lookup:

1. On the Custom DNS page, click the Verify Reverse DNS Lookup button. The Verify Reverse DNS Lookup dialog will open.
2. In the IP Address field, enter an IP address. The Resolve button at the right of the field will be enabled.
3. Click the Resolve button:
   - If reverse DNS lookup is successful a “Success” notification will appear in the dialog.
   - If reverse DNS lookup is not successful, a “Fail” notification will appear.

To remove a Custom DNS server from the DNS Servers list on the Custom DNS page, click the X at the right of the listed IP address. The IP will be removed from the list and a notification will appear, confirming the removal.