DNS Monitor

The DNS monitor uses the DNS (Domain Name System) service to find information about one or more hosts.

The DNS monitor uses either the IP address of the host to search for the host name, or the host name to search for the IP address. The monitor measures the performance of the service by recording the result of the search and the response times. The monitor also records details about each query sent to the server.

Table 1. DNS monitor file summary
Monitor files	Name or Location
Monitor executable	`nco_m_dns`
Properties file	$ISMHOME/etc/props/dns.props
Rules file	$ISMHOME/etc/rules/dns.rules
Log file	$ISMHOME/log/dns.log

Guidelines for configuring DNS Monitor: The DNS monitor can be configured to look up the IP address or host name of the target host. Depending on the type of lookup, the monitor communicates with the DNS server in a different way.

IP address lookup

When performing an IP address lookup test, the monitor is given a host name, which it uses to locate an IP address.

The monitor tests the DNS as follows:

The monitor queries the DNS server by using the fully qualified host name of HostA (hosta.dev.net) to request its IP address.
If the DNS server can locate the IP address of the host, it returns it to the monitor. If the DNS server can’t locate the IP address of the host, it returns a message containing details of the failed search to the monitor.

If the request is timed out, the monitor will retry (if retries are configured). If there are no retries, the monitor will create a failed event.

If the host name specified in the configuration is a domain name, such as mycompany.com, rather than a fully qualified host name, such as hostx.mycompany.com, the monitor retrieves information about the whole domain. This information is stored in two extra elements: $domainNameServer and $domainNameAddr.
If the message returned to the monitor contains a canonical name, the monitor concludes that the name given in the configuration file must have been an alias. The monitor sends the canonical name to the DNS server to request the host’s IP address.
If the DNS server locates the IP address of the host using its canonical name, it returns it to the monitor. If the DNS server can’t locate the IP address of the host, it returns a message containing details of the failed search to the monitor.
If the first two attempts to query the DNS server fail, the monitor sends the IP address of the DNS Server (192.168.n.n) to the DNS server and requests its fully qualified host name.
If the DNS server can locate its own fully qualified host name, it returns it to the monitor. If the DNS server can’t locate its own fully qualified host name, it returns a message containing details of the failed search. The request for the server’s fully qualified host name (a reverse DNS lookup request), isn’t supported on all types of DNS servers. If the target DNS server doesn’t support reverse lookups, you can prevent the DNS monitor from sending this request by setting the LookupServerNameproperty to 0.

Recursive lookup

Non-recursive lookups present a more accurate picture of how the DNS server is performing, whereas recursive lookups give a better indication of the DNS performance that Internet applications (and therefore users) are getting. The DNS monitor supports both recursive and non-recursive lookups.

This is typically how Internet applications making DNS queries work. For example, a web browser always specifies recursive lookups when it’s attempting to resolve the host portion of a URL.

If a DNS server can’t answer a query because it doesn’t contain an entry for the host in its database, it can recursively query DNS servers higher up in the hierarchy.

DNS query types

The DNS monitor supports a range of DNS query types. Use the query code when specifying the type of DNS query.

Table 2. DNS query types
Query Code	Query Type
`A`	Host Address
`NS`	Authoritative name server
`MD`	Mail destination
`MF`	Mail forwarder
`CNAME`	Canonical name for an alias
`SOA`	Start of a zone of authority
`MB`	Mailbox domain name
`MG`	Mail group member
`MR`	Mail rename domain name.
`NULL`	Null RR
`WKS`	Well known service description
`PTR`	Domain name pointer
`HINFO`	Host information
`MINFO`	Mailbox or mail list information
`MX`	Mail exchange
`TXT`	Text strings
`AXFR`	Transfer of an entire zone
`MAILB`	Mailbox-related records
`MAILA`	Mail agent RR
`ANY`	All records

Configuring DNS Monitor Service tests

Use the DNS monitor configuration parameters to define DNS service tests.

Table 3. Table 3. DNS monitor configuration
Field	Description
server	The IP address of the primary DNS server. Example is 192.168.n.n
host	The host name of the target host. Example is www.myconpany.com
description	A text field for providing descriptive information on the element. Example is DNS monitor.
recursivelookups	Enables or disables recursive lookups. `recurse` (use `true` in ismbatch). `norecurse` (use `false` in ismbatch). Default: `recurse`.
port	Port on the DNS server to which the monitor listens and the default value is 53.
localip	Specifies the IP address of the network interface on the host machine to which the monitor binds when it performs the test. If the monitor's `IpAddress` property is set, it overrides the value of this field..
querytype	The DNS query type used in the test. For a list of supported query types see Table 2.
timeout	The time, in seconds, to wait for the server to respond. Default: `10`.
retries	The number of times the monitor should retry to contact the DNS server before quitting.
poll	The time, in seconds, between each poll. Default: `300`.
failureretests	The number of times to retest before indicating a failure. Default: `0`.
retestinterval	The time, in seconds, to wait between each failure retest. Default: `10`.

Monitoring elemets

In addition to the test results common to all elements, the DNS monitor generates a set of test results containing data specific to DNS service tests.

Table 4. Table 4.DNS monitor elements
Element	Description
`$authoritative`	This element is only created if the information retrieved came from an authoritative DNS server. If the DNS server wasn’t authoritative, this element isn’t created.
`$domainEmailAddr`	The contact address of the target domain.
`$domainNameServer`	The name of the DNS server for the target domain.
`$fromAliasTime`	The time between issuing a request for a conical name, received from a previous query, and receiving an IP address.
`$localIP`	The local IP address the monitor is configured to use. This may be blank on a machine with only one interface.
`$lookup*`(`HostLookup`)	The host name or IP address of the target host that the monitor is trying to locate.
`$lookupCName`	The official host name of the target host. This element is only created if the official host name is different from the host name in `$lookupName`.
`$lookupIP*`(`HostIp`)	The IP address of the target host.
`$lookupName*`(`Host`)	The full host name of the target host.
`$mxRecords`	The number of MX records found.
`$port`	The port on which the service is monitored.
`$queryType`	The type of DNS query used in the test. For a list of supported query types. See Table 2.
`$responseTime*`(`ResponseTime`)	The time between the monitor issuing a request to the DNS server and receiving a reply from it.
`$retries`	The maximum number of retries, as specified in the profile element.
`$serverIP`	The IP address of the DNS server.
`$serverName`	The host name of the DNS server.
`$serverTime`	Time for the server to resolve its own name.

MX record handling

Two elements are created for each MX record found by the DNS monitor: $mxHostn and $mxPreferencen.

$mxHostn stores the host name of an MX record. $mxPreferencen contains the preference weighting of the host. The n increments for each record pair to differentiate them. The monitor stores the total number of MX records for a particular host in the element $mxRecords. The record pairs are sorted in descending order of MX preference.

Status message

The DNS monitor provides status messages in the ResultMessage attribute when using IBM® Application Performance Management . These messages indicate the result of the test.

Table 5. Table 5.DNS monitor status messages
Message	Description
`Domain information received`	Request for a domain name succeeded.
`Success`	The request succeeded.
`Invalid Response`	Unrecognized response from the DNS server.
`Connection failed`	The server name specified is invalid.
`No Response from server`	Request timed out.
`Failed to send DNS request`	There’s a problem with the network.
`No such domain (no recursion)`	The domain name is incorrect.

Properties

The properties specific to the DNS monitor are described in the following table.

Table 6. DNS monitor properties
Property name	Property parameter	Description
`AcceptCNAME`	`0\|1`	If enabled, the DNS monitor accepts the canonical name in the DNS response and doesn’t perform any further lookups.
`DNSQueryType`	string	The DNS query type used in tests. See Table 2 for a list of supported query types. Default: `ANY`.
`LookupServerName`	`0\|1`	Enables reverse DNS lookup on the DNS server IP address. `0` - disabled `1` - enabled