Measuring DNS Performance & Graphing Logs
Hello! This is my first message to NANOG's mailing list. I hope someone can help me. I was wondering which tool(s) can I use to measure the performance of my 3 DNS servers (1 primary, 1 secondary, 1 solely cacheDNS)? From the stats I would like to know if my DNS server is serving as it should be or if any of it's options are set inappropriately and others alike. I looked for a while but could not find any. Any help would be highly appreciated. I am running bind9 on UNIX platform. Question 2) I would also like to know how can I graph my DNS logs? And how can I integrate it to my CACTI server as well? I couldn't find any suitable plugin. Any suggestion? -- -- Best Regards, *Zayed Mahmud* *Senior Core & IP Network Team,* *Banglalion Communications Limited, Bangladesh.*
http://docs.cacti.net/usertemplate%3ahost%3abind9.7 http://forums.cacti.net/about6332.html those are like result 1 and 5 of "cacti graph dns server" in the googles... (the second is even the 1st result in a bingz search) On Tue, May 19, 2015 at 1:34 PM, Zayed Mahmud <zayed.mahmud@gmail.com> wrote:
Hello! This is my first message to NANOG's mailing list. I hope someone can help me.
I was wondering which tool(s) can I use to measure the performance of my 3 DNS servers (1 primary, 1 secondary, 1 solely cacheDNS)? From the stats I would like to know if my DNS server is serving as it should be or if any of it's options are set inappropriately and others alike.
I looked for a while but could not find any. Any help would be highly appreciated. I am running bind9 on UNIX platform.
Question 2) I would also like to know how can I graph my DNS logs? And how can I integrate it to my CACTI server as well? I couldn't find any suitable plugin. Any suggestion?
--
-- Best Regards,
*Zayed Mahmud*
*Senior Core & IP Network Team,*
*Banglalion Communications Limited, Bangladesh.*
Smokeping (http://oss.oetiker.ch/smokeping/) can graph DNS response latency via dig. ThousandEyes (https://www.thousandeyes.com/) has some commercial options for monitoring DNS server responsiveness, and zone performance from different vantage points throughout the globe. On Tue, May 19, 2015 at 12:34 PM, Zayed Mahmud <zayed.mahmud@gmail.com> wrote:
Hello! This is my first message to NANOG's mailing list. I hope someone can help me.
I was wondering which tool(s) can I use to measure the performance of my 3 DNS servers (1 primary, 1 secondary, 1 solely cacheDNS)? From the stats I would like to know if my DNS server is serving as it should be or if any of it's options are set inappropriately and others alike.
I looked for a while but could not find any. Any help would be highly appreciated. I am running bind9 on UNIX platform.
Question 2) I would also like to know how can I graph my DNS logs? And how can I integrate it to my CACTI server as well? I couldn't find any suitable plugin. Any suggestion?
--
-- Best Regards,
*Zayed Mahmud*
*Senior Core & IP Network Team,*
*Banglalion Communications Limited, Bangladesh.*
I was wondering which tool(s) can I use to measure the performance of my 3 DNS servers (1 primary, 1 secondary, 1 solely cacheDNS)? From the stats I would like to know if my DNS server is serving as it should be or if any of it's options are set inappropriately and others alike.
Perhaps http://dns.measurement-factory.com/tools/dsc/ (used by AS112) can help. Denis
Thanks a lot to Denis Fondras, Zachary, Andrew Smith, Christopher Morrow for your valuable advice. I've tried cacti but failed to get desired logs. i've also tried bind graph...but it consumes too much memory in the long run. can u suggest some suitable tools that i can measure the performance of the dns servers? like what shud b active and what shud not be in general safe dns server practice and check against my own settings or whatever the tool can query, something like nmap. this would be really helpful. i just need to make a report about my dns servers for my boss...and i'm clueless what to point out and what not to or how to evaluate it's performance. i'm running bind9 under unix environment. thanks in advance. On Tue, May 19, 2015 at 11:34 PM, Zayed Mahmud <zayed.mahmud@gmail.com> wrote:
Hello! This is my first message to NANOG's mailing list. I hope someone can help me.
I was wondering which tool(s) can I use to measure the performance of my 3 DNS servers (1 primary, 1 secondary, 1 solely cacheDNS)? From the stats I would like to know if my DNS server is serving as it should be or if any of it's options are set inappropriately and others alike.
I looked for a while but could not find any. Any help would be highly appreciated. I am running bind9 on UNIX platform.
Question 2) I would also like to know how can I graph my DNS logs? And how can I integrate it to my CACTI server as well? I couldn't find any suitable plugin. Any suggestion?
--
-- Best Regards,
*Zayed Mahmud*
*Senior Core & IP Network Team,*
*Banglalion Communications Limited, Bangladesh.*
-- -- Best Regards, *Zayed Mahmud.*
Hi Zayed, I think you're more likely to get good answers to your BIND-specific questions on the bind-users mailing list. See: https://lists.isc.org/mailman/listinfo/bind-users BIND9 has the capability to produce a vast variety and volume of logs, and dealing with logs in general is something that there are solutions for. Maybe look at logstash/elasticsearch as a starting point. Other BIND9 users on the bind-users list will no doubt have advice about what types logs they think are important. Recent releases of BIND9 can export a variety of statistics in XML and JSON formats using HTTP. Pulling those out and sending them to cacti/graphite/whatever is also a fairly non-DNS-specific problem to have. Advice for tuning a BIND9 recursive resolver's cache can be found in a tech note published by ISC; if that's not especially relevant to modern releases (I seem to think it was published some time ago) you could again look to the bind-users list for advice. For authority-only servers, your main concern is whether you have enough RAM to hold all your zone data. If you do, and if your server was built this decade and has no hardware faults, chances are you're good. Deciding whether your servers struggling to keep up with the load of the software you're running on it is another problem that is not specific to the DNS. Check with whoever provides your operating system for advice; look in to system statistics collection using things like collectd and publish somewhere you can record data and identify long-term trends so you know what looks normal (since until you know what normal looks like, you can't tell what a problem looks like). You can use commercial services like catchpoint and thousandeyes to check that your authoritative nameservers are suitably responsive. You can use non-commercial services like Atlas to do the same thing. If you've connected your nameservers to the network in such a way that there's a stateful firewall between the server and its clients, the report to your boss could be very brief and accurate; something like "service expected to fail at any time; explosion imminent" would do it. Joe On 21 May 2015, at 7:15, Zayed Mahmud wrote:
Thanks a lot to Denis Fondras, Zachary, Andrew Smith, Christopher Morrow for your valuable advice.
I've tried cacti but failed to get desired logs. i've also tried bind graph...but it consumes too much memory in the long run.
can u suggest some suitable tools that i can measure the performance of the dns servers? like what shud b active and what shud not be in general safe dns server practice and check against my own settings or whatever the tool can query, something like nmap. this would be really helpful. i just need to make a report about my dns servers for my boss...and i'm clueless what to point out and what not to or how to evaluate it's performance. i'm running bind9 under unix environment.
thanks in advance.
On Tue, May 19, 2015 at 11:34 PM, Zayed Mahmud <zayed.mahmud@gmail.com> wrote:
Hello! This is my first message to NANOG's mailing list. I hope someone can help me.
I was wondering which tool(s) can I use to measure the performance of my 3 DNS servers (1 primary, 1 secondary, 1 solely cacheDNS)? From the stats I would like to know if my DNS server is serving as it should be or if any of it's options are set inappropriately and others alike.
I looked for a while but could not find any. Any help would be highly appreciated. I am running bind9 on UNIX platform.
Question 2) I would also like to know how can I graph my DNS logs? And how can I integrate it to my CACTI server as well? I couldn't find any suitable plugin. Any suggestion?
--
-- Best Regards,
*Zayed Mahmud*
*Senior Core & IP Network Team,*
*Banglalion Communications Limited, Bangladesh.*
--
-- Best Regards, *Zayed Mahmud.*
Zayed, What issues did you run into when trying to monitor Bind with Cacti ? here is a nice write up on this: http://gregsowell.com/?p=4763 If you don't find yourself getting far with this, then you can always use the Captain James T. Kirk's way of solving "Kobayashi Maru" ........ (Use powerdns instead of bind, powerdns has stats built in). Regards. Faisal Imtiaz Snappy Internet & Telecom ----- Original Message -----
From: "Zayed Mahmud" <zayed.mahmud@gmail.com> To: nanog@nanog.org Sent: Thursday, May 21, 2015 7:15:41 AM Subject: Re: Measuring DNS Performance & Graphing Logs
Thanks a lot to Denis Fondras, Zachary, Andrew Smith, Christopher Morrow for your valuable advice.
I've tried cacti but failed to get desired logs. i've also tried bind graph...but it consumes too much memory in the long run.
can u suggest some suitable tools that i can measure the performance of the dns servers? like what shud b active and what shud not be in general safe dns server practice and check against my own settings or whatever the tool can query, something like nmap. this would be really helpful. i just need to make a report about my dns servers for my boss...and i'm clueless what to point out and what not to or how to evaluate it's performance. i'm running bind9 under unix environment.
thanks in advance.
On Tue, May 19, 2015 at 11:34 PM, Zayed Mahmud <zayed.mahmud@gmail.com> wrote:
Hello! This is my first message to NANOG's mailing list. I hope someone can help me.
I was wondering which tool(s) can I use to measure the performance of my 3 DNS servers (1 primary, 1 secondary, 1 solely cacheDNS)? From the stats I would like to know if my DNS server is serving as it should be or if any of it's options are set inappropriately and others alike.
I looked for a while but could not find any. Any help would be highly appreciated. I am running bind9 on UNIX platform.
Question 2) I would also like to know how can I graph my DNS logs? And how can I integrate it to my CACTI server as well? I couldn't find any suitable plugin. Any suggestion?
--
-- Best Regards,
*Zayed Mahmud*
*Senior Core & IP Network Team,*
*Banglalion Communications Limited, Bangladesh.*
--
-- Best Regards, *Zayed Mahmud.*
On 2015-05-21 06:15, Zayed Mahmud wrote:
I've tried cacti but failed to get desired logs. i've also tried bind graph...but it consumes too much memory in the long run.
How constrained are your servers? What is "too much memory"? What logs are you looking for? Have you tried looking at the syslog? What is your level of experience with system/network administration? (Not trying to be insulting, genuinely curious).
can u suggest some suitable tools that i can measure the performance of the dns servers?
What sort of performance? What metrics are you trying to track? Please provide more details about exactly what you want. That will help us give you very specific suggestions. (We provide advice for free, have very busy schedules, the more specific you are the better). Deploy smokeping as has already been referenced in this thread. Zenoss also has graphing/monitoring of DNS. (I stay away from cacti/nagios personally for small deployments). Cati/Nagios are PHENOMANAL tools if you have a fully programmatic/automated deployment process that can populate cacti/nagios automatically. like what shud b active and what shud not be in general safe
dns server practice
As with the vast majority of widely deployed software packages (Microsoft,debian,cisco etc), the vendor provides support/documentation right on their website: https://www.isc.org/support/ I always recommend to people that they spend about 70% of implementation time on reading the docs/understanding/researching terms/concepts they don't know for the system they are deploying, 20% on testing, 10% on actual go live. I've seen way too many operators rush to deploy something and thoroughly break a production network. and check against my own settings or whatever the tool
can query, something like nmap.
I recommend openvas.org if you want a tool for internal use (it's free, very comparable to Nessus). Not that Nessus isn't a good product, it's just a pain to deal with the licensing system etc (requires too much sysadmin time to maintain at least in my deployment). this would be really helpful. i just need
to make a report about my dns servers for my boss...and i'm clueless what to point out and what not to or how to evaluate it's performance. i'm running bind9 under unix environment.
What are the requirements of the report?
thanks in advance.
On May 21, 2015, at 12:00 PM, charles@thefnf.org wrote:
can u suggest some suitable tools that i can measure the performance of the dns servers?
What sort of performance? What metrics are you trying to track? Please provide more details about exactly what you want. That will help us give you very specific suggestions. (We provide advice for free, have very busy schedules, the more specific you are the better).
At the recent DNS-OARC meeting there was an interesting discussion about a new tool called DNSDIST. It’s part of PowerDNS and there is also a independent tar one can fetch. What is interesting about it is it can report on a lot of data about the performance of your DNS servers. Some people use a load balancer, and this will do that but be application aware and can easily route certain types of queries to another server. (e.g.: arpa requests to dedicated servers, same as domains that may be used/abused). It provides realtime graphs of CPU usage and query rates as well as average response times. You can set query rate limits and it will balance as you specify. This is useful as many people who know/use Linux have seen the issues with UDP kernel performance. If you’re not aware, do this: UDP: iperf -s -u iperf -u -c localhost -b 25000m eg: [ 3] 0.0-10.0 sec 4.50 GBytes 3.87 Gbits/sec 0.000 ms 84054/3374408 (2.5%) vs TCP: iperf -s iperf -c localhost [ 3] 0.0-10.0 sec 56.1 GBytes 48.2 Gbits/sec - Jared
Hello Zayed, I noticed you have already received some answers regarding how to integrate it to Cacti. Regarding the tools to measure DNS performance I usually use two: resperf and dnsperf, both are from Nominum and can be found here: https://nominum.com/measurement-tools/ Some years ago I posted this in Spanish: http://blog.acostasite.com/2010/02/realizar-estudios-de-performance-sobre.ht..., probably it can help you: Regards, Alejandro, El 5/19/2015 a las 1:04 PM, Zayed Mahmud escribió:
Hello! This is my first message to NANOG's mailing list. I hope someone can help me.
I was wondering which tool(s) can I use to measure the performance of my 3 DNS servers (1 primary, 1 secondary, 1 solely cacheDNS)? From the stats I would like to know if my DNS server is serving as it should be or if any of it's options are set inappropriately and others alike.
I looked for a while but could not find any. Any help would be highly appreciated. I am running bind9 on UNIX platform.
Question 2) I would also like to know how can I graph my DNS logs? And how can I integrate it to my CACTI server as well? I couldn't find any suitable plugin. Any suggestion?
There is also a windows utility from Steve Gibson. https://www.grc.com/dns/benchmark.htm Dustin -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Alejandro Acosta Sent: Saturday, August 8, 2015 4:25 PM To: nanog@nanog.org Subject: Re: Measuring DNS Performance & Graphing Logs Hello Zayed, I noticed you have already received some answers regarding how to integrate it to Cacti. Regarding the tools to measure DNS performance I usually use two: resperf and dnsperf, both are from Nominum and can be found here: https://nominum.com/measurement-tools/ Some years ago I posted this in Spanish: http://blog.acostasite.com/2010/02/realizar-estudios-de-performance-sobre.ht..., probably it can help you: Regards, Alejandro, El 5/19/2015 a las 1:04 PM, Zayed Mahmud escribió:
Hello! This is my first message to NANOG's mailing list. I hope someone can help me.
I was wondering which tool(s) can I use to measure the performance of my 3 DNS servers (1 primary, 1 secondary, 1 solely cacheDNS)? From the stats I would like to know if my DNS server is serving as it should be or if any of it's options are set inappropriately and others alike.
I looked for a while but could not find any. Any help would be highly appreciated. I am running bind9 on UNIX platform.
Question 2) I would also like to know how can I graph my DNS logs? And how can I integrate it to my CACTI server as well? I couldn't find any suitable plugin. Any suggestion?
You can also try librenms (http://www.librenms.org/) which has associated agent to monitor bind ( http://librenms.readthedocs.org/Extensions/Agent-Setup/index.html?highlight=... ) On Mon, Aug 10, 2015 at 6:02 AM, Dustin Jurman <dustin@rseng.net> wrote:
There is also a windows utility from Steve Gibson.
https://www.grc.com/dns/benchmark.htm
Dustin
-----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Alejandro Acosta Sent: Saturday, August 8, 2015 4:25 PM To: nanog@nanog.org Subject: Re: Measuring DNS Performance & Graphing Logs
Hello Zayed, I noticed you have already received some answers regarding how to integrate it to Cacti. Regarding the tools to measure DNS performance I usually use two: resperf and dnsperf, both are from Nominum and can be found here: https://nominum.com/measurement-tools/ Some years ago I posted this in Spanish:
http://blog.acostasite.com/2010/02/realizar-estudios-de-performance-sobre.ht... , probably it can help you:
Regards,
Alejandro,
El 5/19/2015 a las 1:04 PM, Zayed Mahmud escribió:
Hello! This is my first message to NANOG's mailing list. I hope someone can help me.
I was wondering which tool(s) can I use to measure the performance of my 3 DNS servers (1 primary, 1 secondary, 1 solely cacheDNS)? From the stats I would like to know if my DNS server is serving as it should be or if any of it's options are set inappropriately and others alike.
I looked for a while but could not find any. Any help would be highly appreciated. I am running bind9 on UNIX platform.
Question 2) I would also like to know how can I graph my DNS logs? And how can I integrate it to my CACTI server as well? I couldn't find any suitable plugin. Any suggestion?
participants (11)
-
Alejandro Acosta
-
Andrew Smith
-
charles@thefnf.org
-
Christopher Morrow
-
Denis Fondras
-
Dustin Jurman
-
Faisal Imtiaz
-
Fakrul Alam Pappu
-
Jared Mauch
-
Joe Abley
-
Zayed Mahmud