Archive
Posts in Networking
Exporting Bind query statistics though XML and JSON
Bind 9.10 introduced a statistics server which exports a number of useful metrics through a web UI, XML and JSON. The statistics server is configured via the "statistics-channels" directive which contains the ip and port to export statistics on and an ACL to control who can read statistics from the server. Here is a sample configuration for reference: Once the statistics server is enabled you can view the statistics in a web browser by surfing to the IP:PORT the server is configured to export statistics through. To retrieve statistics through XML or JSON you can append "/xml" or "/json" to the URL: Retrieve statistics through XML: $ Retrieve statistics through JSON: $ The statistics server exports several useful metrics…
$ read more →Monitoring DNS domain name expiration with dns-domain-expiration-checker
Several years ago I wrote a simple bash script to check the expiration date of the DNS domains I own. At the time I wrote this purely for my own needs but after receiving 100s of e-mails from folks who were using it (and submitting patches) I decided to enhance it to be more useful. As time has gone on Registrar WHOIS data formats have changed and I came to the realization that there is no standard time format for expiration records. I needed a more suitable solution so I spent last weekend re-writing my original script in Python…
$ read more →Creating Bind query log statistics with dnsrecon
A month or two back I was investigating a production issue and wanted to visualize our Bind query logs. The Bind statistics channel looked useful but there wasn't enough data to help me troubleshoot my issue. In the spirit of software re-use I looked at a few opensource query log parsing utilities. The programs I found used MySQL and once again they didn't have enough data to fit my needs…
$ read more →The subtleties between the NXDOMAIN, NOERROR and NODATA DNS response codes
This past weekend I spent some time troubleshooting a DNS timeout issue. During my debugging session I noticed some subtle differences when querying an A and AAAA record with dig: When I was interpreting the results I was expecting dig to provide a response code of NODATA when I asked the DNS server for a resource record that didn't exist. Obviously that didn't happen. This led me to ask myself what is the technical difference between NODATA, NOERROR and NXDOMAIN…
$ read more →Bind's strict zone checking feature is part of CentOS 6
I recently moved a bind installation from CentOS 5 to CentOS 6. As part of the move I built out a new server with CentOS 6, staged the bind chroot packages and then proceeded to copy all of the zone files from the CentOS 5 server to the CentOS 6 server. Once all the pieces were in place I attempted to start up bind. This failed, and I was greeted with the following error: There wasn't anything in /var/log/messages to specifically state what the problem was, though when I reviewed the bind log file I noticed there were several "not loaded due to errors" messages in it: After reviewing the errors I noticed that the problematic zone files (I was not the original author of these) were configured to use forward references to entries in subzone files…
$ read more →