DNS Query Analytics
DNS analytics dashboard provides a network administrator with quick insights into the DNS and leased IP activity related to a particular domain or network segment. It helps in monitoring network usage, identifying potential issues, and understanding
traffic patterns.
To access the domain analytics
- Select the Select the DNS menu from the menu bar along the left side of the screen.
- From the submenus that appear, choose Analytics.
- The analytics page appears, showing the current query rate and the total queries handled by all the DNS servers in the cluster. At the top right corner of the analytics Page, choose the type of Zones to view the query analytics.
- All: Displays analytics for all domains.
- Hosted Domains: Shows analytics specifically for domains that are hosted.
- Blocked Domains: Presents analytics for domains that have been blocked.
Moreover, choose the required timeframe along which you want to analyze the performance of domains.
Queries Per Second: Indicates the current rate at which DNS queries are being processed by the server.
Total Queries: Displays the total volume of queries handled over a specific time period.
Below these metrics, you can find the query metrics for a list of Domains and Views. The list also bears the query volume for even the non-hosted- domains un-resolvable by your DNS servers.

Blocked Domain analytics
- Each query made to a blocked domain from within your internal network infrastructure triggers an immediate email notification to the DDI Central administrators identifying the Host with their MAC address, Host name and the IP address of the
host at that point of time.
- To access the blocked domain analytics directly from the DDI Central UI:
- Get into the DNS module, select Analytics menu.
- On the top right corner of the Analytics page,find a drop-down menu and select Blocked Domains from the list of options. This will display all the KPIs like Query per hour, and Hourly query volume.
- Select the blocked zone name of your choice. An analytics page on the selected zone appears on screen as shown below.

- Here, you can see who accessed what type of record pertaining to the blocked zone, with which IP, and specific details about their identity like their host name and the time of access. This way, the admin can quickly identify the host violating
such network security policies. Also, DDI Central gives an overview of the list of IPs trying to reach the said blocked zones and a visual snapshot of the same to identify the major end users involved in security violations.
- To receive prompt email notification make sure the SMTP host has been configured under Settings-> SMTP->Configure SMTP.
Note: Query analytics for all the domains, including hosted, non-hosted, and even the blocked domains, provide detailed information, including essential lease details, the IP address, the host's MAC address, and host device's
vendor data associated with the IP at the time of the lease. This enables DDI Central administrators to quickly and accurately identify the end user attempting to access any domain including a blocked domain from the on-premises network.