DNS Monitoring Kit

This is a simple kit that allows you to monitor your DNS infrastructure. It relies on software we extensively use on our infrastructure. This kit contains a simple script and some guidelines how to change the configuration of the other software components. We have tested it with the following software:

Bind 8.2.2
Cricket 0.70
UCD/SNMP 4.1.2

The UCD/SNMP daemon must be running on the host where you also run Bind.

How it works

Bind 8 writes its statistics to a log file every minute. The snmp daemon is configured to read this statistics file on demand. The Cricket collector fetches SNMP data on regular intervals, and graphs the data.

Figure 1: DNS monitoring overview

Installation

The DNS logging facility

Add a few lines to named.conf to enable logging of statistics:


options {
        statistics-interval 1;
};

logging {
        channel stat_file {
                file "/var/log/named/stats.log" versions 3 size 1k;
        };
        category statistics {
                stat_file;
        };
};

Reload the nameserver with ndc reconfig.

Look in /var/log/named to check if a file named stats.log appears. Every minute it should log three lines, starting with USAGE, NSTATS and XSTATS. Named takes care of rotating the log file itself, so you do not have to worry about the disk filling up.

The collector script

Change the first line in the script getdnsstats to the location of your Perl executable. Copy the script to /usr/local/bin. Test the script by running it. If all goes well the script returns 41 lines, each containing one number.

The snmpd configuration file

Add the following line to the snmpd.conf file:


exec .1.3.6.1.4.1.4502.1.4 dnsstats /usr/local/bin/getdnsstats

Test the snmpd daemon by running:

snmpwalk -v 1 localhost public .1.3.6.1.4.1.4502.1.4

You should see the statistics appear in the output of snmpwalk:


enterprises.4502.1.4.1.1 = 1
enterprises.4502.1.4.2.1 = "dnsstats"
enterprises.4502.1.4.3.1 = "/usr/local/bin/getdnsstats"
enterprises.4502.1.4.100.1 = 0
enterprises.4502.1.4.101.1 = "21068700."
enterprises.4502.1.4.101.2 = "8506900."          
.
.
.
enterprises.4502.1.4.101.40 = "3571156."
enterprises.4502.1.4.101.41 = "10521912."
enterprises.4502.1.4.102.1 = 0

The Cricket configuration

Copy the Defaults and Targets file to your Cricket configuration directory and change the names in the Targets file to point to your DNS servers. Now wait until Cricket has gathered enough samples to show a decent graph. Figure 2 shows an example graph of one of our internal DNS server, plotting the most common lookup types.

Figure 2: Sample DNS graph

Credits

Thanks to Bert Driehuis for assistance on how to relay the DNS statistics to the UCD/SNMP daemon, and also for providing the DNS section in the Playbeing MIB.

Patrick Schoo <pschoo@playbeing.com>