Custom DNS

Custom DNS enables you to specify the IP address of the DNS server that you want Kentik to use to perform reverse DNS lookups. Custom DNS is covered in the following topics:

• About Custom DNS
• Custom DNS Page
• Custom DNS Dialogs
• Verify Reverse DNS Lookup
• Configuring Custom DNS

Note: Custom DNS involves query-side operations that have no impact on the data that is stored in KDE.

The Advanced pane of the Query sidebar in Data Explorer (see Advanced Query Settings) includes a switch labeled Enable Reverse DNS Lookups. When this switch is on and the dimensions in the Dimensions pane include IP/CIDR, Kentik will look up the host name corresponding to each IP address returned in the IP/CIDR column of the query results. The name will be shown in parentheses after the IP address, e.g. "123.45.210.12/32 (www.host_name.com)."

The DNS server that Kentik uses by default for reverse DNS lookup can find the host name only for a public IP address; for private IP addresses (RFC 1918) a hyphen is displayed instead of a name. Using Custom DNS, however, you can specify the IP of one or more alternate DNS servers to use for the lookup instead of the default server. If a Custom DNS server is specified, the host names displayed in the IP/CIDR column of query results are sourced from the specified alternate server.

Because Custom DNS involves only query-side operations, it has no impact on what data is stored in KDE. This means that the host name displayed for a given IP address will always be the current value returned from a DNS lookup. For queries that involve tracking an IP's host name changes over time, you can send flow to Kentik via kproxy (see About the Proxy Agent) and enable the host name to be stored in your KDE flow records using the -dns argument that is explained in kproxy Proxy Agent Arguments.

Notes:
- To enable parallel lookups, you may have multiple Custom DNS server(s) registered simultaneously.
- Your Custom DNS server(s) must be available to query from Kentik. To ensure secure access, the IP address used by Kentik to connect to the server is shown on your Custom DNS page in the Kentik portal.
- Lookups are done at query-time rather than at ingest, which means that there is currently no host name dimension available for group-by or filtering. We are evaluating the use cases for a future update that would enable a host name dimension.
- Any delay in reaching a Custom DNS server will add to query response time. If the response of a Custom DNS server is sufficiently delayed (e.g. in case of "Internet weather"), timeouts may result.

The Custom DNS page, accessed via the Organization Settings menu, is used to specify the IP address of one or more alternate DNS servers to be used for reverse DNS lookup instead of the default servers used for this purpose by Kentik. While Kentik users whose level is Member can view the content of the Custom DNS page, only Administrators can add, edit, verify, or remove a Custom DNS server.

The Custom DNS page is made up of the following UI elements:

• Add Custom DNS Server: A button that opens the Custom DNS dialog (see Custom DNS Dialogs).
• Verify Reverse DNS Lookup: A button that opens the Verify Reverse DNS Lookup dialog (see Verify Reverse DNS Lookup).
• Info field (indicated by info icon): Provides an explanation of Custom DNS as well as the IP address from which Kentik will query the Custom DNS servers added to the DNS Servers list. The listed servers must allow reverse DNS lookup from this IP.
• Filter field: Enter text to filter the Custom DNS list. The list will show only servers for which there is a match in the Name and IP Address columns for the string entered in this field.
• Custom DNS Servers list: A list of the IP addresses of servers to use for reverse DNS lookups. May contain multiple servers. See Custom DNS List.

The Custom DNS list is a table that lists the custom DNS servers configured in Kentik for your organization. By default, the list is ordered alphabetically by name. To change the sort order of the list, click a heading to select a column, and click the resulting blue up or down arrow to choose the sort direction (ascending or descending).

The Custom DNS list includes the following columns (left to right):

• Name: The name of the Custom DNS server.
• IP Address: The IP address of the Custom DNS server.

The following actions (far-right columns) are available only to admin-level users:

• Edit Custom DNS: Clicking the pencil icon opens the Custom DNS dialog that allows you to review and edit the Custom DNS server’s information. See Custom DNS Dialogs.
• Remove: Removes the Custom DNS server from the list. There is no confirming dialog box before removal; when you click the trash can icon, the server is removed from the list.

The custom DNS dialogs (Add Custom DNS and Edit Custom DNS) are used to create or modify a Custom DNS for your account. The dialogs are made up of the following UI elements:

• Close button: Click the X in the upper right corner to close the dialog. All elements will be restored to their values at the time the dialog was opened.
• Name field: Enter a DNS server alias to label the DNS Server within the Kentik system.
• IP Address field: Enter an IP address upon which to perform a reverse DNS lookup using the Custom DNS servers in the DNS Servers list.
• Cancel button: Cancel the add DNS operation and exit the dialog. All elements will be restored to their values at the time the dialog was opened.
• Add Custom DNS button (Add dialog only): Add the new DNS Server to the list of Custom DNS servers.
• Save (Edit dialog only): Save any changes you made to the existing DNS Server.

Note: For more information on using the dialogs, see Add a Custom DNS Server and Edit a Custom DNS Server.

Use the Verify Reverse DNS Lookup dialog to verify the IP address for a DNS server and confirm the hostname of the DNS service provider at that address.

The dialog is made up of the following UI elements:

• Close button: Click the X in the upper right corner to close the dialog.
• IP Address field: Enter the IP address you want to verify.
• Resolve button: Enabled when an IP address has been entered in the Add DNS IP field. Click to resolve the IP address to a host name.
• Result field: Appears after a successful lookup.

For more information on using the dialog, see Verify a Custom DNS Server.

Configuration of a Custom DNS on the Custom DNS page (Admin » Custom DNS) is covered in the following topics:

• Add a Custom DNS Server
• Edit a Custom DNS Server
• Remove a Custom DNS Server
• Verify a Custom DNS Server

To add a Custom DNS server:

1. Open the Custom DNS page (Settings » Custom DNS).
2. Click the Add Custom DNS Server button to open the Add Custom DNS dialog.
3. Enter an alias for the DNS Server in the Name field.
4. Enter the IP address of a DNS server into the IP Address field.
   - If valid, the Add Custom DNS button is enabled.
   - If the IP address is not valid, a notification appears under the field asking you to enter a valid IP address.
5. Click the Add Custom DNS button. The Custom DNS is added to the list.

To edit an existing Custom DNS server:

1. Open the Custom DNS page (Settings » Custom DNS).
2. In the DNS Server list, find the row corresponding to the DNS Server you’d like to edit, then click the Edit button at the right of that row. The Edit Custom DNS dialog opens.
3. Modify the alias of the DNS Server as needed.
4. Modify the IP Address as needed.
   - If valid, the Save button is enabled.
   - If the IP address is not valid, a notification appears under the field asking you to enter a valid IP address.
5. Click the Save button. The Custom DNS list should reflect the changes immediately.

To remove an existing Custom DNS server:

1. Open the Custom DNS page (Settings » Custom DNS).
2. In the DNS Server list, find the row corresponding to the DNS Server you’d like to remove, then click the Remove button (trash icon) at the right of that row.
3. In the resulting confirmation dialog, click Cancel to abort the server removal or Remove to proceed with removal of the server.
4. The Custom DNS list should reflect the change immediately.

To verify that an IP address works for reverse DNS lookup:

1. Open the Custom DNS page (Settings » Custom DNS).
2. Click the Verify Reverse DNS Lookup button to open the Verify Reverse DNS Lookup dialog.
3. In the IP Address field, enter an IP address. The Resolve button at the right of the field is enabled.
4. Click the Resolve button:
   - If reverse DNS lookup is successful a "Success" notification appears in the dialog.
   - If you enter a valid IP but the reverse DNS lookup is not successful, a "Fail" notification appears in the dialog.
   - If you enter an invalid IP, an "Invalid IP Address" notification appears at the top of the page.