Windows DNS Test

This test measures the workload and processing ability of the DNS component of the AD server.

Target of the test : An Active Directory or Domain Controller on Windows 2008

Agent deploying the test : An internal agent

Outputs of the test : One set of results for every Active Directory that is being monitored

Configurable parameters for the test
Parameters Description

Test period

This indicates how often should the test be executed.

Host

The host for which the test is to be configured.

Port

Refers to the port used by the Windows server.

Measurements made by the test
Measurement Description Measurement Unit Interpretation

Total queries

The rate of queries received by DNS.

Reqs/sec

Indicates the workload of the DNS component of the AD server.

Total responses

The rate of responses from DNS to clients.

Resp/sec

Ideally, the total responses should match the total queries. Significant differences between the two can indicate that DNS is not able to handle the current workload.

Recursive queries

The rate of recursive queries successfully handled by DNS.

Reqs/sec

The ratio of recursive queries to total queries indicates the number of queries that required the DNS component on the AD server to communicate with other DNS servers to resolve the client requests.

Recursive query failures

The rate of recursive queries that could not be resolved by DNS.

Reqs/sec

Query failures can happen due to various reasons - e.g., requests from clients to invalid domain names/IP addresses, failure in the external network link thereby preventing a DNS server from communicating with other DNS servers on the Internet, failure of a specific DNS server to which a DNS server is forwarding all its requests, etc. A small percentage of failures is to be expected in any production environment. If a significant percentage of failures are happening, this could result in application failures due to DNS errors.

Recursive timeouts

The rate of recursive queries that failed because of timeouts.

Reqs/sec

Timeouts can happen because of a poor external link preventing a DNS server from communicating with others. In some cases, improper/invalid domain name resolution requests can also result in timeouts. DNS timeouts can adversely affect application performance and must be monitored continuously.

Zone transfers received

The number of zone transfer requests received by DNS.

Reqs

Zone transfers are resource intensive. Moreover, zone transfers to unauthorized clients can make an IT environment vulnerable to security attacks. Hence, it is important to monitor the number of zone transfer requests and responses on a periodic basis.

Zone transfers failed

The number of zone transfers that were not serviced by DNS in the last measurement period.

Reqs

Zone transfers may fail either because the DNS server does not have resources, or the request is not valid, or the client requesting the transfer is not authorized to receive the results.