Out of the box, SolarWinds Server Application Monitor (SAM) has the ability to monitor metrics of a BIND 9 DNS server. This article will cover how this monitoring is implemented on both the DNS server as well as the monitor.
For this example, we will be running SAM v6.8.0, SolarWinds v12.4, and BIND v9.9.4 on CentOS 7.
How it works
The components of this check consist of a series of Perl scripts that are run locally on the DNS server.
SolarWinds will use SSH to remotely connect to the server, and then execute these scripts to gather the required data.
It is not necessary to upload any files to the DNS server directly.
The requirements for these checks are:
1) An valid SSH user
2) A working installation of Perl
3) A working installation of RNDC
Configuring RNDC
Generate the RNDC key using “rndc-confgen”
This will produce an output similar to the following.
[root@centos7 ~]# rndc-confgen
# Start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "8IEcSsPKZ5sUGKW8kypFEA==";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "8IEcSsPKZ5sUGKW8kypFEA==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
Install the RNDC key
There are two files that must be updated with this information.
1) The RNDC configuration file located at “/etc/rndc.conf”.
Copy the entire contents of this output to this file.
2) The main BIND configuration located at “/etc/named.conf”
Copy the second portion of this output into the main named configuration and uncomment it.
For these checks to work, we only need access from localhost allowed.
Verify functionality
Reload named to apply the new configuration.
To verify that RNDC is working, run “rndc status”.
This should produce an output similar to the following.
[root@centos7 ~]# rndc status
version: 9.9.4-RedHat-9.9.4-74.el7_6.1 <id:8f9657aa>
CPUs found: 4
worker threads: 4
UDP listeners per interface: 4
number of zones: 101
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 2/150
server is up and running
Ensure the scripts can successfully execute
Some systems may need additional steps in order to successfully execute the Perl scripts.
In order to avoid modifying built-in SAM components or making unnecessary duplicates, we can handle these extra requirements on the BIND server itself.
The components expect the BIND status file to be in located at “/var/named/named.stats”.
In our case, this file was configured to be “/var/named/data/named_stats.txt” by default.
We can work around this issue without modifying the BIND configuration file by using a symbolic link.
ln -s /var/named/data/named_stats.txt /var/named/named.stats
Further, the components also expected the “rndc” command to be installed under “/usr/local/sbin/rndc”
Once again, we can address this with a symbolic link.
ln -s /usr/sbin/rndc /usr/local/sbin/rndc
It should now be possible to apply these SAM components to this node.