DNS Redirector
 Return to FAQ List


FAQ 160: Why DNS Redirector doesn't produce graphical statistics

Category: Everything else | Updated: 03/24/2014 7:15 PM


Statistics based on DNS filtering don't actually tell you useful information; in fact it's quite misleading...

Let's say you were trying to see how much time a user spends on Facebook (assuming for the moment that Facebook is allowed on your network). If we were to aggregate all the daily log files on the DNS Redirector server and graph the most popular sites, you would see that Facebook is very near the top - however that graph doesn't indicate some or all your users are purposefully visiting www.facebook.com in a browser. The many DNS lookups for facebook.com are also generated by the thousands of "like this" buttons, or "login with your Facebook account" options that appear on many other websites, also many mobile apps will lookup Facebook domains regardless of the user actually using Facebook or not. Similarly, if you were to block Facebook, according to the graph it would still be one of the most popular sites, not because people are actually getting to it, but because other 3rd part sites are still trying to look it up, even though you can't visit it. The same is true for other sites that use a 3rd party CDN, or incorporate buttons like "tweet this" or "share this" or "blog this" ? all of those stats would be inflated, and not representing user visits.

Another example is let's say you were trying to determine how long a user was on reddit.com in a browser. DNS would be queried initially when the user first visits the site, but you have no way to correlate the next lookup to persistent user activity. A user's machine may lookup the reddit.com domain, and then not look it up again for a long time, perhaps because they are just sitting on a particular page or reading an article. When they close the browser there is no feedback via DNS they are "done" browsing. Refreshing a page on the site, or navigating to a different one won't always trigger another DNS lookup due to different browser's internal DNS cache or the OS DNS cache.

These so called "gaps" in the DNS lookups can also be exacerbated by internal DNS server cache, if that server then forwards DNS onto your DNS Redirector server, as is commonly done with DNS Redirector cloud server implementations.

Since server-wide graphical statistics can't provide insight as to which user is using which sites most frequently, what you really want to see is the daily log file. This way you can watch in real time, or reverse engineer, a particular IP's (end-user device) DNS activity over the course of the day.

See sample reporting files which should be unblocked and copied to the C:\DNSREDIR\Reporting directory.

With DNS Redirector cloud servers only the public IP of your NAT device (router/firewall) is shown in the logs, there is no technical way to fingerprint a user's device in this implementation. With DNS Redirector software running inside your network the logfile can provide the private IPs of end-user devices (laptop, desktop PC, phone, tablet, etc.)



Related articles
FAQ 71  Useful 3rd party software
FAQ 111  Using Log Parser with DNS Redirector
FAQ 97  Query the number of clients online via DNS
FAQ 157  Monitor your DNS Redirector server with PRTG

 
DNS Redirector | Legal Information | 2003-2017