Monitoring availability of a DNS server

[paulroberts]

Here's a script I use for monitoring DNS availability. I have a graph that runs this script twice, once for an authoritative query, the other for a non-authoritative query (so I can monitor both).

The authoritative query check can be configured with a FQDN on your internal name server to query so you can see the server's availability.

The non-authoritative query check uses a name on our external DNS server and is used to check internet DNS queries are working. Our has a zero TTL so will not be cached by any intermediate servers, therefore the DNS server being tested is completely reliant on internet connectivity which could affect it's non-authoritative availability (this is a good way of identifying when you have internet connectivity issues!).

The script needs "dig" to be in the path.

Put it in <path_cacti>/scripts/dns_avail_check.pl. See attachment for script.

The result will either be 100 or 0 based on whether the query was successful or not. Cacti will average out the availability over time to give you a percentage figure. Useful for SLA reporting.

You'll need to create a new data input method, I'm not sure how to export this, but the input type is script/command, the input string is "perl <path_cacti>/scripts/dns_avail_check.pl <domain_name> <DNS_server>" and there are two input fields "domain_name" and "DNS_server". The "DNS_server" field has special type code set to hostname so it will use whichever system you've associated it with. Finally there's an output field called dns_avail_result which will either be 0 or 100.

See attachment for data template for authoritative queries (you will need to replace the default FQDN with one on your internal authoritative DNS server).

Also see attachment for data template for non-authoritative queries (you can use our external DNS FQDN if you don't have one).

Also see attachment for the graph template that brings these together.

The script just checks for a "NOERROR" response, but if you were really anal and wanted to make sure the authoritative check actually got an authoritative response, you could modify the script to check for the "aa" flag in the response, but you will need two scripts then as the non-authoritative response won't include this. Or you could modify the script to pass a 3rd argument that specifies whether the result needs to be authoritative or not.

Hope this is useful to someone, let me know.

Paul

[BSOD2600]

You should repost the scripts/templates as attachments.

[peecee]

I have VitalQIP in my enterprise with very little visibility into how well it performs. Doing this small check should be helpful. But, I have two questions.

1. Can the query be done using the machine being tested? I have 11 VitalQIP servers, so should I modify the Data Template? It seems a bit odd that I can only check a single DNS server with this template. If I wanted to test each DNS server, it seems like I would need to create 11 separate templates?

2. I've been looking for other metrics I can grab from these servers that might be specific to QIP, but have come up completely empty. Have you had any luck?

[StarLog]

Also, show an example of the graph.

[omoo]

I have VitalQIP in my enterprise with very little visibility into how well it performs. Doing this small check should be helpful. But, I have two questions.

1. Can the query be done using the machine being tested? I have 11 VitalQIP servers, so should I modify the Data Template? It seems a bit odd that I can only check a single DNS server with this template. If I wanted to test each DNS server, it seems like I would need to create 11 separate templates?

2. I've been looking for other metrics I can grab from these servers that might be specific to QIP, but have come up completely empty. Have you had any luck?

QIP has SNMP MIB's that are easily managed by Cacti, you need to do an snmpwalk on the application or ask lucent what MIB's to use.

[peecee]

QIP has SNMP MIB's that are easily managed by Cacti, you need to do an snmpwalk on the application or ask lucent what MIB's to use.

I know QIP has specific OIDs that can be monitored, but my QIP admin swears that the Lucent MIB can not be loaded at the same time as the Windows SNMP stack. To say I've gotten stonewalled within my organization is an understatement. I opened a ticket with Lucent, and support referred me to the QIP admin in my company. The QIP admin is not exactly helpful. I need some pointers to help this person get the snmp mib loaded along with the Windows MIBs. Any ideas?

[paulroberts]

You should repost the scripts/templates as attachments.

Done, thanks.

[paulroberts]

I have VitalQIP in my enterprise with very little visibility into how well it performs. Doing this small check should be helpful. But, I have two questions.

1. Can the query be done using the machine being tested? I have 11 VitalQIP servers, so should I modify the Data Template? It seems a bit odd that I can only check a single DNS server with this template. If I wanted to test each DNS server, it seems like I would need to create 11 separate templates?

2. I've been looking for other metrics I can grab from these servers that might be specific to QIP, but have come up completely empty. Have you had any luck?

1. The test runs dig on the Cacti server but sends the DNS query to whichever server you want to monitor. You don't need to create extra templates, just use the same one. Just go to the device and associate the DNS availability graph template to it and it will send the query to that device. This works because the "DNS_server" input field in the data input method is set to the special type code "hostname".

2. Yes, I've had loads of luck! I use the QIP SNMP module to pull DNS and DHCP stats, e.g. queries per second for DNS and leases per minute for DHCP.

[paulroberts]

Also, show an example of the graph.

See attached. In the example you can see that authoritative availability is 100%, which is good as that's the local DNS query, whereas non-authoritative is down a bit. As it's down on both servers at the same time it was probably an internet connectivity issue.

[paulroberts]

QIP has SNMP MIB's that are easily managed by Cacti, you need to do an snmpwalk on the application or ask lucent what MIB's to use.

I know QIP has specific OIDs that can be monitored, but my QIP admin swears that the Lucent MIB can not be loaded at the same time as the Windows SNMP stack. To say I've gotten stonewalled within my organization is an understatement. I opened a ticket with Lucent, and support referred me to the QIP admin in my company. The QIP admin is not exactly helpful. I need some pointers to help this person get the snmp mib loaded along with the Windows MIBs. Any ideas?

I mainly use it on Linux but I believe it is possible to have both the Lucent and Windows MIB's running at the same time. The problem is that the Lucent stuff wants to use the same SNMP port as Windows as they want to load on a second SNMP agent.

So you need to get the Lucent SNMP agent to listen on a different port. I believe you can do this by setting some environment variables as such:

SR_SNMP_TEST_PORT=<New_Port>

SR_TRAP_TEST_PORT=<New_Port + 1>

You will then need to get Cacti to poll it on the new port. It's been a long time since I've run the QIP SNMP module on Windows so you'll probably need to test this and/or speak to Lucent first.

Good luck.