What we learned from five billion DNS queries 

More than ever, CIOs are called to be more than just the heads of technology – they drive business initiatives by enabling the delivery of services…

More than ever, CIOs are called to be more than just the heads of technology – they drive business initiatives by enabling the delivery of services and applications.

These changes impact networking professionals as well, forcing them to deal with a much more complex network environment and a growing emphasis on speed and agility.  To empower digital transformation, NetOps teams and CIOs need to find new ways to use the information about the network at their disposal to optimize operations and improve network performance. 

DNS data:  An untapped resource

In our new 2020 Networking Trends Report, BlueCat illustrates how CIOs can use DNS data to uncover potential efficiencies, minimize security threats, and improve overall customer experience.  The report analyzes more than 5 billion DNS queries spanning North America and Asia.  When taken together, these queries provide a level of visibility into activity on the network that can be used to find everything from cost savings to operational efficiencies.

Here are some of the key recommendations and conclusions from the report:

Optimize performance with insights from DNS:  Visibility into DNS queries enable IT teams to discover network and query performance degradation, identify root cause, and speed up remediation.  It allows organizations to gain meaningful insights into usage levels of applications and cloud services, to better understand user adoption and behaviors, and measure ROI.

Change KPIs of network performance:  Legacy metrics such as uptime and latency are still relevant, but service delivery is a growing focus as IT departments move toward new business models.  In this context, DNS data offers a wide range of meaningful business metrics that can assess the value of a NetOps team in delivering services.  

Develop a cross-functional approach:  DNS data often holds the context that threat hunters and security operators need for a smart, focused response to malicious activity.  The ability to collect and analyze that data often originates with the network team, however.  A collaborative, cross-departmental approach is required to truly reap the rewards of this valuable data set.

Leverage DNS data for security policies:  Periodic analysis of DNS traffic (and internal DNS traffic in particular) can uncover significant threats to network security.  That traffic should inform targeted security policies to lock down critical systems.  Only by digging into the data and mapping it against business requirements can you discover how it can best serve network security in your particular context.

Tactical lessons

At a tactical level, our analysis revealed many insights which network teams can use to optimize performance and improve security.    

For example, we found that many organizations fail to optimize query resolution paths for DNS, adding significant latency to each query and unnecessary load to internal networks.  The result is poor end-user experience, as queries are routed to a “local” external service that may be half a world away in the company’s primary data center.  In the case of one BlueCat customer, when they found that 80% of all network traffic was being routed to external trusted services, they began routing it directly to the internet.  As a result, they were able to optimally route network traffic, save on WAN costs, and improve user experience. 

DNS can also be leveraged to improve network visibility.  Our researchers uncovered information surrounding cloud and application usage rates as well as what activities our customers’ employees are performing online.  Of the queries for non-business activity related websites, roughly 54% of these domains were from social media sites, while more than a quarter of the domains were for news sites.  When broken down by vertical, there were some noticeable differences. The education sector, for example, had higher use of social media than other sectors (accounting for nearly 61% of the vertical’s non-business activity).  This same level of visibility can be used to determine what services and applications employees are using.  In addition to determining worker productivity, knowing how regularly employees are using certain applications and services can help organizations uncover areas of improvement as it relates to efficiencies and cost savings.

Driving NetOps 2.0

DNS underlies every action across the enterprise, making it a critical point of leverage for network administrators as they look to find their place in this new IT landscape.  Using the right metrics and the right technology, NetOps teams can make DNS the common thread between security and DevOps teams and help organizations maintain the speed and agility business operations demand. 


For an in depth look our analysis of 5 billion DNS queries, read the 2020 Network Trends Report

Critical conversations on critical infrastructure

Find out how your peers are managing their networks through profound change. Watch this series of live interactive discussions with IT pros & join the debate in Slack.

Join the conversation

Read more

Six non-hype network automation lessons from IT pros

Five IT pros get real about network automation during the first Critical Conversation on Critical Infrastructure hosted in the Network VIP community.

Read more
BlueCat’s DDI Adaptive Plugins and Applications help IT teams better leverage ServiceNow, Ansible, Microsoft, and more

A growing suite of Adaptive Plugins and Applications will help automate existing BlueCat capabilities along with adjacent customer technologies.

Read more
BlueCat Overlay for Microsoft

With BlueCat Overlay for Microsoft, get visibility into Microsoft DNS and DHCP servers by relaying information back to your BlueCat Address Manager server.

Read more

With the ServiceNow Adaptive Plug-in, enable self-service IT requests with automated fulfillment, such as hostname and IP address provisioning.

Read more

Subscribe to our blog