NOERR in Graphs

dns

#1

When I look at my dashboard I see a lot of NOERR things on the graph. What causes them and what can I do about them?

Thanks,

Glenn


#2

Hi there. Are you referring to the DNS traffic graph? If so, here’s a excerpt from the help text:

The response code NOERROR means everything is fine, it’s the HTTP 200 of DNS response codes. NXDOMAIN is the HTTP 404 of DNS response code. It is returned when a client queries Cloudflare for a DNS record that doesn’t exist on your zone. Sometimes you’ll see a spike in NXDOMAIN queries on your zone. This can mean you have a broken link on your site, or it can be a common type of DNS attack where attackers try to exhaust server resources by asking for a bunch of names that don’t exist.

Hope this helps!


#3

ah, that makes sense now. I thought I had errors on my servers somewhere and couldn’t figure out why that would be.

Thanks for the quick response.

Glenn


#4

I do have one more question:

NXDOMAIN initially states that it is for DNS queries against cloudflare for domains that don’t exist. However, it further states that it could be from 404 broken links on our site, or a dns attack. I’m still trying to get my head wrapped around what cloudflare is doing but…

I am confused about them showing DNS traffic and site 404 errors on the same graph. ie: Do I have a problem on my site I need to be attending to or are those rogue dns queries that they’re blocking for me?

Also, is there somewhere I can see what specifically they blocked? ie: click something to see detail of the 50 NX items.

Totally confused.


#5

The DNS analytics are fairly new feature, but this article is pretty in-depth and may answer some of your questions.


#6

Thanks, if I am reading that correctly then I have to pay even more money to see what records are being queried to get the NX on the graph.

The reason I’m so interested is that I have 10 time more NX records than I have NOERR and that seems really odd. Would like to see what they are.

Glenn


#7

That is my understanding as well…

Could you provide numbers as an example? Is it e.g. 10 NX for every 1 NOERR or is significantly higher than that? Percentages can be a bit ambiguous at times…


#8

394 NX to 30 NOERR

And it is consistently high like that. Of course it is Sunday and not a lot of real traffic hitting the site. Tomorrow I’m sure it will reverse drastically.

Glenn