takizo, not takezo

Most user who are new to Nagios doesn’t know there is a hidden plug-in called check_dns in Nagios Monitoring system. On FreeBSD server, the binary can be found at /usr/local/libexec/nagios. List the directory and you should see check_dns.

check_dns usage is as below

$ ./check_dns -H host [-s server] [-a expected-address] [-A] [-t timeout] [-w warn] [-c crit]

Try to run the command as below and you will get the query result

$ ./check_dns -H systems.takizo.com -s 8.8.8.8
DNS OK: 0.012 seconds response time. systems.takizo.com returns 70.32.103.130|time=0.011703s;;;0.000000

(more…)

Grab this 747 pages DNS eBook for Free; Written by Jan-Piet Mens, titled “Alternative DNS Servers”. I glance through at the eBook and found several interesting topics for DNS deployments.

• Bind DLZ – The Bind extension which can store your data in database MySQL, PostgreSQL and etc.
• NSD – A lot people didn’t know about Name Server Daemon, find out more from the eBook.
• DNS Planning – Name Server deployment planning, capacity planning and how to scale.
• PowerDNS – Configure and master it.
• LDAP DNS – Deploy DNS server with LDAP.

Alright, enough with the talks, where to download the eBook? It’s FREE for Download here

Reverse DNS, in simple explanation it means that resolve your IP address into hostname. Nowaday it became a must have requirement for mail server’s IP address. It is also one of the method to determine your mail server IP is glue to the hostname.

Here is how to find out the reverse DNS IP address is pointed to which DNS server for zone delegation.

dig -x 175.136.188.90

; <<>> DiG 9.6.0-APPLE-P2 <<>> -x 175.136.188.90
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21938
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;90.188.136.175.in-addr.arpa.   IN      PTR

;; AUTHORITY SECTION:
136.175.in-addr.arpa.   10800   IN      SOA     ns1.tm.net.my. dnsadm.tmnet.com.my. 2011012113 10800 3600 604800 86400

;; Query time: 37 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Sat Jan 22 19:39:12 2011
;; MSG SIZE  rcvd: 111

The result above shown

• The SOA record shown the IP Address is pointed to ns1.tm.net.my for reverse DNS delegation.
• The zone 136.175.in-addr.arpa is delegating the IP 175.136.188.90

This command is pretty useful when you want to find out is the reverse DNS delegation works correctly.

Just notice one of the DNS server has the error message

28-Jun-2010 16:28:24.283 general: max open files (3520) is smaller than max sockets (4096)

It’s something to do with kernel setting, on FreeBSD, configure the following

shell> sysctl kern.maxfiles=4096
shell> sysctl kern.maxfilesperproc=4096

Alternatively, put the above configuration on /etc/sysctl.conf in order to configure it at start up level.

You are running a recursive DNS server and would like to find out the statistic of your user browser behavior (Whether they browse Facebook or Google?). Turn on DNS query logs will allow you to find out the statistic. To turn on DNS query log in Bind, configure lines below on named.conf

logging{
        channel query_logging {
                file "/var/log/query.log" versions 3 size 10m;
                severity debug 3;
                print-time yes;
                print-severity yes;
                print-category yes;
        };

        category queries {
                query_logging;
        };
};

To turn on query logging while DNS service is running; you need to to rndc querylog and check the status with rndc status

shell> rndc querylog
shell> rndc status
version: 9.x.x
number of zones: 1200
debug level: 3
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running

query logging is ON indicates that DNS query logging is activated.