[dns-operations] Monitoring DNS Servers

Michael Friedrich michael.friedrich at univie.ac.at
Wed Jun 8 13:34:58 UTC 2011


Hi,

david klein wrote:
> I have just inherrited my company's DNS infrastructure, which uses
> turn-key BIND-based appliances, with Windows 2008 servers running
> Microsoft's DNS service as bind-slave-style backups (the reasons for
> this are purely political). The appliances provide a robust monitoring
> capability, using SNMP. Does anyone here provide DNS services using
> the DNS service in Windows 2008, and if so, how do you monitor it? For
> many of the same political reasons, monitoring with MOM/SCOM would not
> be an option.  I have considered using System Edge agent and
> monitoring in our NMS, though a lower-cost, easier to manage solution
> would be preferable. I come from a mostly Cisco and Linux background,
> so the idea of a platform not having an SNMP agent is a little
> surprising.

As the discussion lead into, you should split that up into various 
monitoring topics:

* OS related
** linux/unix/embedded
** windows
* Service related
** Bind
** MS DNS

Given that, you should find a monitoring tool which could achieve such 
things easily and modular.

I'd show with using Icinga, a Nagios fork which I am working on and 
which we use in production. (http://www.icinga.org)

Icinga be installed on a variety of Linuxes/Unixes
https://www.icinga.org/download/ https://www.icinga.org/download/packages/

It provides the Classic UI (enhanced Nagios CGIs) or a new web interface 
based on IDOUtils data source.

First off - everything being checked can be organized via plugins, even 
written your own - but still fitting the plugin api 
http://docs.icinga.org/latest/en/pluginapi.html
http://nagiosplug.sourceforge.net http://www.monitoringexchange.org 
(Nagios plugins remain compatible)


As you said, the appliances allow SNMP which makes it rather good to get 
the basic OS monitoring from the SNMP tree.
Basically this http://docs.icinga.org/latest/en/monitoring-routers.html
You could use different plugins, they only need to fit the plugin api 
definitions though.
http://docs.icinga.org/latest/en/plugins.html
Another alternative on especially SNMP based checks would be the checkmk 
inventory functionality over snmp
http://mathias-kettner.de/checkmk_snmp.html


For MS Windows, I'd suggest using a combination of NRPE+NSClient++ 
allowing calls to local script checking basically the same plus services.
http://docs.icinga.org/latest/en/monitoring-windows.html
Or as an alternative, keep an eye on the checkmk client in Python
http://mathias-kettner.de/checkmk_windows.html

Basically, on the hosts and basic service monitoring, keep an eye on

- load
- ram/swap
- filesystems
- interface traffic
- running processes like ssh, snmpd, httpd, named, etc
- backups
- scm versioning systems in case


Having that installed and configured for the startup, you should think 
about the real service application monitoring, e.g. what you might wanna 
check on your nameserver (authoritative and/or recursive).

- check_dns for asking a nameserver for a domain record
- check if nameserver is authoritative for the provided domain record
- check for recursion
- check for rcodes on different queries
- check soa
- check md5 sum of serials
- etc...

You can either run those checks as active (maybe even clustered with 
check_multi or nagiosbp and returning conditional checkresult values) or 
passive, e.g. if it's a longer lasting reporting pushing a summarized 
report to the monitoring core system.

Also, it's quite a common idea to not only check the nameserver from a 
single location, but to use a variety of satellites to do the checks 
from external locations. this can be achieved with check_nrpe, 
mod_gearman or with distributed setups, if you prefer the "big solution".

If you require statistics and/or SLA reporting, make sure the 
checkplugins actually return performance data, and use addons like 
pnp4nagios (rrd graphing) or icinga reporting based on jasper reports 
and icinga idoutils.


If you happen to have specific questions, just keep in touch.

Kind regards,
Michael

-- 
DI (FH) Michael Friedrich

Vienna University Computer Center
Universitaetsstrasse 7 A-1010 Vienna, Austria

email: 	michael.friedrich at univie.ac.at
phone: 	+43 1 4277 14359
mobile: +43 664 60277 14359
fax: 	+43 1 4277 14338
web:	http://www.univie.ac.at/zid
	http://www.aco.net

Icinga Core&  IDOUtils Developer
http://www.icinga.org




More information about the dns-operations mailing list