Viewing additional DNS query response details - BlueCat Edge - Service Point v4.x.x

BlueCat Edge User Guide

Locale
English
Product name
BlueCat Edge
Version
Service Point v4.x.x

When a query is received by DNS resolver service and the service point, the query information logged in the DNS activity table displays the answer that was processed by the DNS resolver service. When viewing the query information, you can also see additional information about the original DNS answer and matching elements that led to a policy match or action.

  1. To view detailed information about a DNS query, click the query.

    Click Inspect Client Activity to retrieve additional query information from the source IP of the current query. For more information, refer to Client activity.

  2. Under Applied configuration, you can view the following details:
    • The site what received the query.
    • The policies that were matched and applied based on specific criteria.
    • The results of the policy action, specifically the action taken on the query or response.
    • The trace of namespaces that the query passed through to get to the final answer. Each section contains detailed responses received from each namespace.
    • If a redirect policy is enacted, you can view detailed information about the redirection.
  3. Click View additional details under the list of Matched policies to open details about which criteria the applied policies matched the query or response.

    From the Matched policy details window, you can view the following information about the query:
    • Query time: The time of the query.
    • Query question: The query question information, including the query type, the domain queried, and the source IP address.
    • Query answer: The query answer information, including the response IP address, the domains in the response, and the authoritative name servers that responded.
    • Threats: The threats associated with the query, including any threat indicator.

    When additional policy detail information is available, fields are added to the details window to include that information, such as the query code and source client IP address.

  4. Click ... next to the namespace under the list of Namespace traces to open details about the responses that Edge receives with the specified namespace..

    From the Response details window, you can view the following information about the query:
    • Name: The namespace that received the query.
    • Response code: The response code returned for the query.
    • Time: The timestamp of the query response.
    • Latency: The time taken to respond to the query, in milliseconds.
    • Questions: The original question of the query, including the domain name, the record type, and the class ID.
    • Answers: The original answer of the query, including the domain name, the record type, and the rdata.
    • Authority: The original authoritative service that provided the answer, including the server name, the record type, and the rdata.
    • Additional: Any additional sections of the DNS response provided to the namespace by downstream forwarders.
    • EDNS: Additional information embedded in the EDNS section of the query. The content is base64 encoded with the raw information.