The goal here is to monitor DNS servers running BIND version 9 and graph the various statistics that it records about itself. The statistics will be made available to the Net-SNMP daemon by a script. From there, the data can be polled by whatever NMS you choose to use.
Table of Contents
- Getting Stats from BIND
- Serving Stats via SNMP
- Download for BIND 9.4
- Download for BIND 9.6 and Newer
Getting Stats from BIND
BIND stores a number of statistics internally. In earlier versions of BIND there were only a handful of statistics available. In more recent versions (9.6 and newer), there are some very detailed statistics present. To retrieve stats, issue the rndc stats command. This will instruct BIND to dump the stats to the statistics-file as configured in named.conf.
A quick look at the statistics file from BIND version 9.4:
+++ Statistics Dump +++ (1293359406) success 21553 referral 0 nxrrset 864 nxdomain 10869 recursion 15348 failure 65 --- Statistics Dump --- (1293359406)
In BIND version 9.6 the format of the statistics file has been changed.
+++ Statistics Dump +++ (1293402423) ++ Incoming Requests ++ 407104 QUERY 29 NOTIFY ++ Incoming Queries ++ 57244 A 15 SOA 10504 PTR 664 MX 314258 TXT 24068 AAAA 351 SRV ++ Outgoing Queries ++ [View: default] 60597 A 11 NS 28 SOA 244 PTR 3 MX 1008 TXT 36861 AAAA 190 SRV ...... (output trimmed)
I’ve created one set of scripts for each file format. There is a single script for BIND 9.4. It gets called directly by Net-SNMP where it will tell BIND to write its stats to disk (by using rndc). The script will then parse out the specific statistic that Net-SNMP asked it for. For BIND 9.6 and newer, there are two scripts. The first script is meant to run from cron where it will dig through the statistics file for the most recently saved statistics. It writes those stats to a second file in a machine parsable format. The second script is then called by Net-SNMP where it will fetch the requested statistic from the machine parsable file.
The crontab entry for the BIND 9.6+ script should look something like this:
*/5 * * * * /usr/sbin/rndc stats; bind96-stats-parse.pl \
< /var/named/tmp/named.stats > /tmp/named.stats
The script reads the statistics file on stdin and will write its output to stdout. Make sure that wherever you direct the output of the script to is readable by the user that the Net-SNMP daemon runs as. Also make sure you adjust the bind96-stats-get.sh script to read from this same file.
Serving Stats via SNMP
Since the goal is to use SNMP to monitor the DNS server, the data in the statistics file must be made available via SNMP. The Net-SNMP SNMP daemon allows for data to be retrieved using local shell scripts or programs. The data retrieved from these scripts is made available under the .188.8.131.52.4.1.2021.8.1 MIB table. More information on how this works is available in the snmpd.conf manual page (look for the exec keyword).
The following lines are added to snmpd.conf:
# for bind 9.4 exec bind9-ok /var/net-snmp/bind94.sh ok exec bind9-fail /var/net-snmp/bind94.sh fail # for bind 9.6+ exec bind9-query /var/net-snmp/bind96-stats-get.sh incoming_requests:query
The first line will return the number of successful queries, the second the number of failed. The /var/net-snmp/bind94.sh shell script has the task of taking data from BIND’s statistics file and passing it to the SNMP daemon. The script is available here: bind94.sh.
A fellow network person who read this page contributed a second version of the script which will also return stats for “referral”, “nxrrset”, “nxdomain”, etc, queries. That script is here: bind94v2.sh. This script is called with the desired query type as its argument, e.g.:
exec bind9-success /var/net-snmp/bind94v2.sh success exec bind9-failure /var/net-snmp/bind94v2.sh failure exec bind9-nxdomain /var/net-snmp/bind94v2.sh nxdomain exec bind9-recursion /var/net-snmp/bind94v2.sh recursion
The possible arguments to bind96-stats-get.sh can be seen by looking at the output of the bind96-stats-parse.pl script.
Sun Dec 26 21:05:05 2010
Statistics such as outgoing_queries+internet_view:a are related to a particular view (in this case, a view called internet_view). Everything else is either related to the default view or is a global statistic.
Once snmpd.conf is updated and snmpd is restarted, a walk of the .184.108.40.206.4.1.2021.8.1 MIB will show the script in action.
enterprises.ucdavis.extTable.extEntry.extIndex.1 = 1
enterprises.ucdavis.extTable.extEntry.extIndex.2 = 2
enterprises.ucdavis.extTable.extEntry.extNames.1 = bind9-ok
enterprises.ucdavis.extTable.extEntry.extNames.2 = bind9-fail
enterprises.ucdavis.extTable.extEntry.extCommand.1 = /var/net-snmp/bind94.sh ok
enterprises.ucdavis.extTable.extEntry.extCommand.2 = /var/net-snmp/bind94.sh fail
enterprises.ucdavis.extTable.extEntry.extResult.1 = 0
enterprises.ucdavis.extTable.extEntry.extResult.2 = 0
enterprises.ucdavis.extTable.extEntry.extOutput.1 = 268814
enterprises.ucdavis.extTable.extEntry.extOutput.2 = 78
enterprises.ucdavis.extTable.extEntry.extErrFix.1 = 0
enterprises.ucdavis.extTable.extEntry.extErrFix.2 = 0
Of interest are the extOutput lines which return the output from the scripts.
Download for BIND 9.4
- Author: Joel Knight
Returns number of successful or failed queries.
- bind94v2.sh (recommended)
- Author: Evgeny Zislis (aka Kesor) <evgeny.zislis..gmail.com>
Returns stats for all query types.
$ bind94v2.sh <success|referral|nxrrset|nxdomain|recursion|failure>
Download for BIND 9.6 and Newer
- Author: Joel Knight
Parses the BIND statistics file and outputs them in a machine parsable format.
$ bind96-stats-parse.pl < /path/to/named.stats > /tmp/parsable.stats
- Author: Joel Knight
Pulls out a certain statistic from the machine parsable file. Make sure you edit this script and tell it where that parsable file is located.
$ bind96-stats-get.sh <statistic>
Be aware that when rndc stats is run, the statistics file isn’t overwritten, it’s appened-to. This means the file will continue to grow larger in size once you start using these scripts. A good idea may be to add a weekly cron job to delete the file so that its size can be kept in check or use your system’s log rotation utility to rotate or trim the file.
As explained in the snmpd.conf manpage, when snmpd runs external commands such as bind94.sh, it caches the results in the file /var/net-snmp/.snmp-exec-cache. This file must be writeable by the user that snmpd is running as or else it will not return the output from the external script being ran.