DNS Analytics

Available on: Free Plus (limited) Pro Elite (full access)

1. What This Feature Does

DNS Analytics displays query volume, geographic distribution, and network (ASN) data for your DNS domains. The system tracks how many DNS queries your domains receive, which countries the queries originate from, and which networks are querying them. Every DNS query is logged with the query name, query type (A, AAAA, MX, TXT, etc.), client IP, country code, timestamp, and response time.

Basic summary data is available on all plans. Detailed per-domain breakdowns, real-time query logs, geographic distribution, and data export require higher tier plans. Query data is stored in PostgreSQL partitioned tables with monthly partitions and aggregated hourly and daily statistics.

2. When You Should Use It

You want to understand how often your DNS domains are being queried and detect traffic patterns.
You need to identify which countries or networks are querying your domains for security or compliance analysis.
You are investigating DNS-based attacks (amplification, enumeration) or abnormal query volume.
You need to monitor query response times to diagnose DNS performance issues.
You want to analyze query type distribution (A vs AAAA vs MX) to optimize DNS configurations.
You need to export historical query data for auditing or compliance reporting (Elite plan).

3. When You Should Not Use It

Application-level monitoring: DNS Analytics tracks DNS queries only. For monitoring HTTP uptime or application availability, use Uptime Monitoring.
Zone-level DNS management: For managing DNS records and zone configurations, use Managed DNS Zones.
Real-time alerting: DNS Analytics provides historical and near-real-time data. It does not trigger alerts or notifications based on query volume thresholds.
Detailed packet inspection: The feature logs query metadata (name, type, source IP, country) but does not capture full DNS packet payloads.

4. Prerequisites

A registered CertaDNS account with a verified email address.
At least one active DNS domain created under your account.
For detailed analytics (per-domain breakdowns, geographic data, real-time logs): Pro or Elite plan.
For data export: Elite plan.
Query data begins accumulating after domains are created. Historical data prior to domain creation is not available.

5. How It Works (Brief)

When a DNS query reaches CertaDNS's authoritative nameservers (PowerDNS), the query metadata is logged asynchronously to a PostgreSQL database. Each query record includes the domain name, query type, client IP, country code (resolved via MaxMind GeoIP), autonomous system number (ASN), response code, response time, and timestamp.

Data is stored in monthly partitioned tables (dns_queries_{YYYY}_{MM}). Aggregation jobs process raw queries into hourly and daily statistics tables (dns_stats_hourly, dns_stats_daily), and geographic and ASN statistics (dns_geo_stats, dns_asn_stats). The dashboard queries these aggregated tables for performance and retrieves raw queries from the current month's partition for real-time logs.

Trend calculations compare the current period (24h, 7d, or 30d) to the previous period of the same length. The trend is classified as "up" (more queries), "down" (fewer queries), or "stable" (similar volume within a threshold). Trend percentage indicates the magnitude of change.

6. How to Use It

Viewing the analytics dashboard

Navigate to Dashboard > Analytics.
The summary view displays:
- Total Queries: Total query count with trend indicator (arrow up, down, or right) and percentage change.
- Active Domains: Number of domains that have received queries in the selected timeframe.
- Countries: Number of unique countries from which queries originated.
Select a timeframe from the dropdown: 24h, 7d, or 30d. Data refreshes automatically.

Viewing per-domain breakdowns (Pro/Elite)

Below the summary cards, view the Queries by Domain bar chart.
Each bar represents a domain with the percentage of total queries it received.
Domains are sorted by query count descending. Only the top 5 domains are displayed by default.
Click a domain name to navigate to the detailed domain analytics page.

Viewing geographic distribution (Pro/Elite)

Scroll to the Top Countries section below the domain chart.
Each country is listed with a flag emoji (converted from ISO country code), country name, and query count.
Only the top 10 countries by query volume are displayed.

Viewing top networks (Pro/Elite)

Scroll to the Top Networks section.
Each entry shows the autonomous system number (AS number), organization name, and query count.
Only the top 5 networks by query volume are displayed.

Viewing real-time queries (Pro/Elite)

Navigate to Dashboard > Analytics > Real-Time Queries.
The table displays the last 10 to 100 queries (configurable limit).
Columns: Query Name, Query Type, Response Code, Client IP, Client Country, Timestamp, Response Time (ms), Domain.
Data refreshes automatically every 10 seconds while the page is open.

Exporting data (Elite only)

On the Analytics dashboard, click the Export Data button in the top right.
Select the export format: CSV or JSON.
Select the date range for the export.
Click Export. The file downloads to your browser.

Note: Data export is currently a placeholder feature on Elite plans. Full export functionality will be available in a future release.

7. Inputs and Settings

Field	Description	Constraints
Timeframe	Select the period for which to display analytics data.	Options: 24h, 7d, 30d. Default: 24h. Free/Plus users see total query counts only. Pro/Elite users see full breakdowns.
Real-Time Query Limit	Number of recent queries to display in the real-time log.	Minimum: 10. Maximum: 100. Default: 50. Only available on Pro/Elite plans.
Export Format	File format for exported data (Elite only).	CSV or JSON. CSV is recommended for spreadsheet analysis. JSON is recommended for programmatic processing.
Export Date Range	Start and end dates for exported query data (Elite only).	Maximum range: 90 days. Data is only available from the current and previous month's partitions.

8. Outputs and Results

Summary cards (all plans)

Card	Description
Total Queries	Total number of DNS queries received in the selected timeframe. Includes a trend indicator (green up arrow, red down arrow, or gray right arrow) and percentage change compared to the previous period.
Active Domains	Number of domains that received at least one query in the selected timeframe.
Countries	Number of unique countries from which queries originated (Pro/Elite only; Free/Plus users see 0 or "Upgrade required").

Per-domain bar chart (Pro/Elite)

Each bar displays:

Domain FQDN on the Y-axis.
Horizontal bar scaled to percentage of total queries.
Query count displayed inside or adjacent to the bar.

Top countries list (Pro/Elite)

Each country entry shows:

Flag emoji (e.g., 🇺🇸 for United States).
Country name in plain text.
Query count as an integer.

Top networks list (Pro/Elite)

Each network entry shows:

AS number (e.g., AS15169).
Organization name (e.g., Google LLC).
Query count as an integer.

Query type distribution (Pro/Elite)

Displayed in the per-domain detail view. Shows counts for each query type:

A (IPv4 address queries)
AAAA (IPv6 address queries)
MX (mail exchanger queries)
TXT (text record queries)
Other (all other query types combined)

API response example (GET /dns-analytics/summary)

{
  "total_queries_24h": 14523,
  "total_queries_7d": 98765,
  "total_queries_30d": 432100,
  "query_trend": "up",
  "trend_percent": 12.4,
  "queries_by_domain": [
    { "domain": "example.certadns.com", "query_count": 8234, "percentage": 56.7 },
    { "domain": "demo.certadns.com", "query_count": 6289, "percentage": 43.3 }
  ],
  "top_countries": [
    { "country_code": "US", "country_name": "United States", "query_count": 7823 },
    { "country_code": "DE", "country_name": "Germany", "query_count": 3421 }
  ],
  "top_asns": [
    { "asn": "AS15169", "organization": "Google LLC", "query_count": 4521 },
    { "asn": "AS16509", "organization": "Amazon.com, Inc.", "query_count": 3210 }
  ]
}

Real-time query log columns

Column	Description
Query Name	The domain name queried (FQDN).
Query Type	DNS record type (A, AAAA, MX, TXT, etc.).
Response Code	DNS response code (NOERROR, NXDOMAIN, SERVFAIL, etc.).
Client IP	Source IP address of the query (IPv4 or IPv6).
Client Country	Country code and flag emoji (e.g., 🇺🇸 US).
Timestamp	Date and time the query was received (UTC).
Response Time	Time in milliseconds to process the query.
Domain	The domain that was queried (for multi-domain accounts).

9. How to Interpret Results

Normal

Total queries increase steadily over time as your domains receive traffic. Trend indicator shows "stable" or modest "up" trend.
Most queries are type A or AAAA, indicating typical hostname lookups.
Top countries reflect the geographic distribution of your user base or service audience.
Response times are under 50ms for most queries, indicating healthy DNS performance.

Unexpected or worth investigating

Sudden spike in total queries: May indicate a traffic surge, DNS amplification attack, or misconfigured client retrying queries rapidly. Check the real-time query log for patterns.
High percentage of NXDOMAIN responses: Indicates queries for non-existent subdomains. May be normal (clients probing for subdomains) or abnormal (DNS enumeration attack).
Queries from unexpected countries: If your service is region-specific but queries originate from unrelated countries, investigate for unauthorized access or DNS leakage.
Queries for unusual record types (e.g., ANY, AXFR): These query types are often associated with reconnaissance or zone transfer attempts. Review the client IP and ASN for suspicious activity.
Response times consistently above 100ms: May indicate DNS server performance degradation or network latency issues. Contact support if sustained.

Common interpretation mistakes

Confusing query count with unique visitors: DNS queries do not equate to unique users. A single user may generate multiple queries due to DNS caching behavior, retries, or multiple applications querying the same domain.
Expecting real-time data on Free/Plus plans: Free and Plus plans only display summary totals and trend calculations. Detailed per-domain, geographic, and real-time data require Pro or Elite.
Assuming trend "up" always means growth: A trend "up" indicates more queries than the previous period, but this could be due to abnormal activity (e.g., attack traffic) rather than legitimate growth. Always review the query types and sources.

10. Common Issues and Explanations

"Detailed analytics require Pro or Elite" error

You are on the Free or Plus plan and attempted to access per-domain breakdowns, geographic data, or real-time query logs. Upgrade to Pro or Elite to unlock these features.

"Real-time query data requires Pro or Elite" error

The real-time query log is only available on Pro and Elite plans. Free and Plus users see summary statistics only. Upgrade to access live query logs.

"Data export requires Elite" error

Data export functionality is restricted to Elite plan users. Upgrade to Elite to download historical query data in CSV or JSON format.

"Domain not found" error when accessing domain detail

The domain ID in the URL does not exist or does not belong to your account. Verify the domain still exists in your domain list and that you have not deleted it.

No data displayed for a domain

DNS Analytics only tracks queries received after the feature was enabled for your account. If you recently created a domain or recently upgraded to a Pro/Elite plan, data may not be available yet. Wait for DNS queries to accumulate (typically within a few hours of active use).

Country or ASN data shows "Unknown"

If the client IP cannot be resolved to a country or ASN (e.g., private IP ranges, recent IP allocations not yet in the GeoIP database), the country or ASN will display as "Unknown". This is expected for internal or private network queries.

Trend indicator shows "stable" despite large query count difference

The trend calculation uses a threshold to determine "stable". If the percentage change is below the threshold (e.g., within ±5%), the trend is classified as "stable" even if the absolute query count difference is large. This prevents noise from minor fluctuations.

11. Limits and Constraints

Constraint	Free	Plus	Pro	Elite
Summary totals (24h, 7d, 30d)	Yes	Yes	Yes	Yes
Trend calculation	Yes	Yes	Yes	Yes
Per-domain breakdowns	No	No	Yes	Yes
Geographic distribution (top countries)	No	No	Yes	Yes
Network distribution (top ASNs)	No	No	Yes	Yes
Real-time query log	No	No	Yes (max 100)	Yes (max 100)
Query type distribution	No	No	Yes	Yes
Hourly and daily statistics	No	No	Yes	Yes
Data export	No	No	No	Yes (placeholder)

Top countries displayed: 10 maximum.
Top networks (ASNs) displayed: 5 maximum.
Top domains displayed: 5 maximum in summary view.
Real-time query limit: 10 to 100 queries.
Data retention: Query data is stored in monthly partitions. Retention depends on partition lifecycle policy (typically 12 months for active accounts).
Export date range: Maximum 90 days per export (Elite only).
Timeframe options: 24h, 7d, 30d. Custom date ranges are not supported.
Real-time queries are only retrieved from the current month's partition. Queries older than the current month are not included in the real-time log.

12. Related Features

Dynamic DNS Domains — The domains being queried and tracked by DNS Analytics.
Uptime Monitoring — Monitors domain availability and HTTP/HTTPS uptime (different from DNS query analytics).
Managed DNS Zones — Zone-level DNS management and analytics for imported domains.
DNS Record Management — Create and manage DNS records (A, AAAA, MX, TXT, etc.) for analytics tracking.

13. Updates and Behavior Changes

DNS Analytics was introduced with basic summary totals available on all plans.
Per-domain breakdowns, geographic distribution, and real-time query logs were added as Pro/Elite features.
Data export was introduced as an Elite-only placeholder feature. Full export functionality will be available in a future update.
Top countries list was expanded from top 5 to top 10 to provide more granular geographic insights.
Query data retention was extended from 30 days to monthly partitions with 12-month retention for active accounts.

1. What This Feature Does

2. When You Should Use It

3. When You Should Not Use It

4. Prerequisites

5. How It Works (Brief)

6. How to Use It

Viewing the analytics dashboard

Viewing per-domain breakdowns (Pro/Elite)

Viewing geographic distribution (Pro/Elite)

Viewing top networks (Pro/Elite)

Viewing real-time queries (Pro/Elite)

Exporting data (Elite only)

7. Inputs and Settings

8. Outputs and Results

Summary cards (all plans)

Per-domain bar chart (Pro/Elite)

Top countries list (Pro/Elite)

Top networks list (Pro/Elite)

Query type distribution (Pro/Elite)

API response example (GET /dns-analytics/summary)

Real-time query log columns

9. How to Interpret Results

Normal

Unexpected or worth investigating

Common interpretation mistakes

10. Common Issues and Explanations

"Detailed analytics require Pro or Elite" error

"Real-time query data requires Pro or Elite" error

"Data export requires Elite" error

"Domain not found" error when accessing domain detail

No data displayed for a domain

Country or ASN data shows "Unknown"

Trend indicator shows "stable" despite large query count difference

11. Limits and Constraints

12. Related Features

13. Updates and Behavior Changes

More in Monitoring & Analytics

Still stuck?