This is a quick and dirty writeup of my DNS graphing scripts. Someday I may tar them all up with a README and INSTALL file to make things a little easier. As it is, though, it should be very easy to follow the instructions here and get it up and running at your site.

I use net-snmp, Solaris and Apache. I have made no attempt to describe how to set this up on different systems. In fact, I don't even bother to tell you how to setup CGI execution under Apache, install net-snmp, BIND, tinydns or RRDTool, or modify your crontab. These instructions are meant for experienced UNIX users/administrators.

I now have a script to use on BIND 9. It works the same way the tinydns script works, by parsing the query logs line by line on standard input. I/O can be eliminated by never writing the query logs to disk. I've also recently added support for dnscache in the tinydns script.

I do want feedback. Please email me (nate AT campin DOT net) with any corrections or tips on how to clarify things documented here.

Example graphs

I use the SNMP agent on my nameservers to display my DNS server stats information. I already gather stats for general monitoring via SNMP, so it makes sense to utilize a service I already have running.
It might alarm you when you realize that a SNMP "GET" operation can trigger a stats dump on your nameserver (with the BIND 8 setup). Well, that doesn't bother me, because net-snmp will only run it once every thirty seconds, which is plenty of protection against denial of service.

exec VALUES /bin/echo A PTR ANY MX NS CNAME SOA SRV AAAA TOTAL
exec bindstats /usr/local/sbin/display-bindstats.pl
		

From: rjansen@vub.ac.be

For a Solaris 10 machine running a BIND8 server and which is running the systems snmpdx set of programs,

root 20349     1   0 19:38:48 ?           0:00 /usr/sfw/sbin/snmpd
root 20233     1   0 19:04:25 ?           0:00 /usr/lib/snmp/snmpdx -y -c /etc/snmp/conf

one can add e.g. this:

exec VALUES /bin/echo A PTR ANY MX NS CNAME SOA SRV AAAA TOTAL
exec bindstats /usr/local/packages/bindstats/display-bindstats.pl

One doesn't need to replace the Solaris snmpd system with the net-snmp stuff.

If you're running dnscache, tinydns or BIND 9 you'll need to put this in snmpd.conf (modify paths accordingly):

exec VALUES /bin/echo A PTR ANY MX NS CNAME SOA SRV AAAA TOTAL
exec bindstats /bin/cat /home/zoneaxfr/stats/stats_file
		

The first entry isn't strictly mandatory but it makes the values self explanatory if you walk that branch of the tree (101.1 and 101.2 are the definitions and values, respectively). Don't remove it though, the collection scripts depend on things being set up this way. Pre-declaring the values this way also allows for the scripts to be modified later to dynamically add and remove the query types being graphed - without breaking backward compatibility.

The script display-bindstats.pl for BIND 8 looks like this

I've written a client side script to graph tinydns and dnscache queries/sec as well. I switched from BIND 8 to tinydns and my query graphs continued without interruption - which was very nice. Here's the script to run on your tinydns/dnscache server(s). Instructions on how to run it are included in the script.

The BIND 9 script has usage instructions included. You'll have to modify your BIND startup script, or do it like me and completely ditch a startup script and use daemontools for greater reliability. Here's the script to run on your BIND 9 server(s).

NOTE: The dnscache, tinydns and BIND 9 scripts have a shortcoming which I'll be fixing soon. All three depend on log lines coming into STDIN in order to trigger a statistics flush to disk. I'll be changing them to poll STDIN and regularly flush pending stats regardless of the incoming log flow. Both these scripts are new and will probably be undergoing many changes in the coming months. Check this page regularly to keep up with changes.

Now that you have a means of displaying the BIND stats, you'll need to collect them. This collection of scripts is designed so that only a single host needs the RRDtool utilities and Apache installed. It is from this central host that you monitor the DNS servers and display the graphs upon demand (via CGI).

Because it is designed as a client/server system this scales easily to a large number of hosts. I graph 21 different nameservers with it at work.

Here is a script to do the central collection. The script will gather the stats over SNMP and insert them into a RRD for later display. It takes a config file.

Run it from cron every five minutes on the central collection host:

0,5,10,15,20,25,30,35,40,45,50,55 * * * * /usr/local/sbin/snmp-query-graph.pl
		

*/5 * * * * /usr/local/sbin/snmp-query-graph.pl
		

Here is the primary display CGI, and it runs under mod_perl's Apache::Registry without problems. Put this script into your CGI or Apache::Registry directory as a drop-in replacement for the old scripts ns2.cgi and ns3.cgi, if you still have them.

NOTE: Under BIND 8, the "total" part of the graphs is simply a total of the other parts which are graphed, NOT total queries on the server. It should only leave out a few hits, since the query-types which are graphed should be the vast majority of your nameserver traffic. I keep meaning to go make it a real total, and might actually get to it one day.

If you were to decide that you don't want to use SNMP to gather the stats, it would be trivial to combine the scripts into a single script that gathers the information and graphs it. In fact, that's how I developed this initially, and it's a more appropriate setup if this is only going to be used for a single host.

On Tue, Jun 27, 2006 at 04:39:05PM +0700, Olivier Nicole wrote:
> Hi Nate,
>
> I have been using and abusing your scripts for many years to graph
> many things, including printer, email, zope, whatever.
>
> I recently upgraded DNS from Bind 8 to Bind 9 and I did not like the
> idea of running Bind in foreground, from a shell script.
>
> Instead I configured Bind to log all the queries in a file (it has
> these nice features to rotate the file for you) and I have a Perl
> daemon that read the log file (with File::Tail) and do the stats.
>

LICENSE: Public domain, freeware, whatever. This won't make anyone rich or get you laid if you can't get laid already. Do what you want with it, but use at your own risk.