On Tue, Nov 03, 2009 at 12:24:33PM -0500, Nathan Gibbs wrote: > * Mike wrote: > > Hey folks, > > > > So I was wondering - what do people use to check their recursive > > resolvers and make sure they're giving out answers? > > Isn't a resolver part of the OS libraries that do DNS lookups, not a > network service that can be checked.
Mike probably used "resolver" meaning "recursive/caching server" There is no sense in monitoring resolver libraries. Yo may want to look at http://cr.yp.to/djbdns/separation.html for explanation. > > I am switching to > > powerdns and could do some things here like make sure it hands out a > > crafted record in response to a TXT query for example, just to 'prove' > > it's running, but I don't know what tool I'd use to do that. Any ideas? > > dns.monitor -caching_only record:TXT:result > > should be able to do it, but doesn't appear to work like the > instructions say. There are too many aspects involved in recursive name resolution and there is no easy way (or sense) to monitor all of them. dns.monitor is only proving that all authoritative DNS servers serve the same zone information. They do not check if published zone is correct, though. One possible way to monitor recursive/caching server would be to resolve a name coming from a known good authritative server. It's fairly easy to script and convert into a monitor. -Kastus _______________________________________________ mon mailing list mon@linux.kernel.org http://linux.kernel.org/mailman/listinfo/mon
