The Sysadmin's Daily Grind: Dnsgraph

Graph Master

A partly overloaded DNS server can slow down all the workstations on the network. Dnsgraph is an early warning system that gives administrators a graph of critical values. Your Dnsgraph charts will help you keep your systems serving names.

By Charly Kühnast

Just recently I heard about a memory genius who could remember the value of pi to several thousand decimal figures; at the same time, this person couldn't explain the practical value of this exercise. People like that don't need a DNS server; instead they could just memorize a few thousand IP addresses. But normal folks prefer DNS. And if you run a name resolution service yourself, I'm sure you will appreciate Dnsgraph [1].

The project name indicates a similarity with projects such as Mailgraph and Queuegraph, and Dnsgraph is actually based on Mailgraph. The tool parses a file for the status information generated by my Bind 9 DNS server [2], and converts the figures into a graph.

To access the information, I use Rndc, a control program from the Bind package that lets me send digitally signed commands to the name server. This gives me the ability to tell the server to write the status information to a file, which Dnsgraph can then process. I also need RRDtool and the Perl File::Tail module.

Configuration Time

My Bind configuration file, named.conf, already had an options section, as is typically the case. I added the following line

statistics-file "/path_to/named-stats.log";

and then the blocks from Listing 1 to support Rndc communications. The counterpart to this, given in Listing 2, belongs in the Rndc configuration file, typically /etc/rndc.conf. This should give Rndc the ability to pass commands to Bind. The following command

rndc stats

tells Bind to create the previously configured logfile and add some information.

Listing 1: named.conf addon

01 key "rndc-key" {
02     algorithm hmac-md5;
03     secret "<I>secretpassword<I>";
04 };
05
06 controls {
07     inet 127.0.0.1 port 953
08     allow { 127.0.0.1; } keys { "rndc-key"; };
09 };

Listing 2: Rndc Configuration

01 key "rndc-key" {
02     algorithm hmac-md5;
03     secret "<I>secretpasswort<I>";
04 };
05
06 options {
07     default-key "rndc-key";
08     default-server 127.0.0.1;
09     default-port 953;
10 };

Customizing Dnsgraph Scripts

I need to add the path to the logfile, or to RRD, to dnsanalise.pl and dnsreport.pl. In dnsgraph.pl, I need to modify the output path (TARGET) and the path to the Dnsgraph scripts. The final configuration concerns the cron entries. The package comes with a dnsgraph.cron sample file, so I just need to modify the path entries to match my environment.

The final step is to launch the evaluation process. Fifteen minutes later, RRDtool gives me the results (Figure 1).

Figure 1: Admins who run a Bind server will probably appreciate any information Dnsgraph can give them.

INFO

[1] Dnsgraph: dnsgraph.sourceforge.net
[2] Bind: http://www.isc.org/index.pl?/sw/bind/

THE AUTHOR

Charly Kühnast is a Unix System Manager at the data-center in Moers, near Germany's famous River Rhine. His tasks include ensuring firewall security and availability and taking care of the DMZ (demilitarized zone).