openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
baf8ff9bb80e5e5a0bc419b004a2f1d0223eda68
openshift-docs/modules/network-observability-dns-tracking.adoc
Michael Ryan Peter 2b6ff1704a OSDOCS#15857: Change *OperatorHub* to *Software Catalog* &tc.
2025-10-07 12:26:32 -04:00

50 lines
2.5 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// network_observability/observing-network-traffic.adoc
:_mod-docs-content-type: PROCEDURE
[id="network-observability-dns-tracking_{context}"]
= Working with DNS tracking
Using DNS tracking, you can monitor your network, conduct security analysis, and troubleshoot DNS issues. You can track DNS by editing the `FlowCollector` to the specifications in the following YAML example.
[IMPORTANT]
====
CPU and memory usage increases are observed in the eBPF agent when this feature is enabled.
====
.Procedure
. In the web console, navigate to *Ecosystem* -> *Installed Operators*.
. Under the *Provided APIs* heading for *Network Observability*, select *Flow Collector*.
. Select *cluster* then select the *YAML* tab.
. Configure the `FlowCollector` custom resource. A sample configuration is as follows:
+
[id="network-observability-flowcollector-configuring-dns_{context}"]
.Configure `FlowCollector` for DNS tracking
[source, yaml]
----
apiVersion: flows.netobserv.io/v1beta2
kind: FlowCollector
metadata:
name: cluster
spec:
namespace: netobserv
agent:
type: eBPF
ebpf:
features:
- DNSTracking <1>
sampling: 1 <2>
----
<1> You can set the `spec.agent.ebpf.features` parameter list to enable DNS tracking of each network flow in the web console.
<2> You can set `sampling` to a value of `1` for more accurate metrics and to capture *DNS latency*. For a `sampling` value greater than 1, you can observe flows with *DNS Response Code* and *DNS Id*, and it is unlikely that *DNS Latency* can be observed.
. When you refresh the *Network Traffic* page, there are new DNS representations you can choose to view in the *Overview* and *Traffic Flow* views and new filters you can apply.
.. Select new DNS choices in *Manage panels* to display graphical visualizations and DNS metrics in the *Overview*.
.. Select new choices in *Manage columns* to add DNS columns to the *Traffic Flows* view.
.. Filter on specific DNS metrics, such as *DNS Id*, *DNS Error* *DNS Latency* and *DNS Response Code*, and see more information from the side panel. The *DNS Latency* and *DNS Response Code* columns are shown by default.
[NOTE]
====
TCP handshake packets do not have DNS headers. TCP protocol flows without DNS headers are shown in the traffic flow data with *DNS Latency*, *ID*, and *Response code* values of "n/a". You can filter out flow data to view only flows that have DNS headers using the *Common* filter "DNSError" equal to "0".
====
View Git Blame Copy Permalink