monitoring BIND
Hello comunity please what is the most recommended tool for BIND monitoring and especially display response time and latency thank you in advance. Regards Sami -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: monitoring BIND
Maybe start with https://kb.isc.org/docs/monitoring-recommendations-for-bind-9 On Thu, Aug 3, 2023 at 9:07 AM wrote: > > > Hello comunity > > please what is the most recommended tool for BIND monitoring and > especially display response time and latency thank you in advance. > > Regards Sami > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- - Andrew "lathama" Latham - -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
dnssec-policy syntax error in options but not in view
My understanding from the ARM is that the dnssec-policy can be in the
"options", "view" or "zone". I have mine in "view" and when I try to move
into "options" I get a syntax error that I cannot seem to understand what
is wrong. I stripped out all other statements and reduced the
dnssec-policy to just a handful of items to KISS and I still do not see why
why I get the error from named-checkconf. I can move the block from under
"options" to the "view" and it just works so I am not sure why
named-checkconf thinks there is a missing semicolon? Bind 9.16.23-RH.
# named-checkconf 1.conf
1.conf:3: missing ';' before '{'
1.conf:3: '}' expected near '{'
# cat 1.conf
options {
dnssec-policy "mydefault" {
keys {
csk key-directory lifetime unlimited algorithm ecdsa256;
};
};
};
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: dnssec-policy syntax error in options but not in view
You can’t define a policy there. You can tell named to use the policy. Move the
definition outside of options.
--
Mark Andrews
> On 4 Aug 2023, at 08:26, E R wrote:
>
>
> My understanding from the ARM is that the dnssec-policy can be in the
> "options", "view" or "zone". I have mine in "view" and when I try to move
> into "options" I get a syntax error that I cannot seem to understand what is
> wrong. I stripped out all other statements and reduced the dnssec-policy to
> just a handful of items to KISS and I still do not see why why I get the
> error from named-checkconf. I can move the block from under "options" to the
> "view" and it just works so I am not sure why named-checkconf thinks there is
> a missing semicolon? Bind 9.16.23-RH.
>
> # named-checkconf 1.conf
> 1.conf:3: missing ';' before '{'
> 1.conf:3: '}' expected near '{'
>
> # cat 1.conf
> options {
>dnssec-policy "mydefault" {
> keys {
> csk key-directory lifetime unlimited algorithm ecdsa256;
> };
>};
> };
>
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
> this list
>
> ISC funds the development of this software with paid support subscriptions.
> Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: monitoring BIND
> On 3 Aug 2023, at 17:07, sami.ra...@sofrecom.com wrote: > > Hello comunity > please what is the most recommended tool for BIND monitoring and especially > display response time and latency thank you in advance. For latency, your friend is Dnstap. The implementation on Bind is superb. When Dnstap reports a RESOLVER_RESPONSE event it includes *both* the query timestamp and the received response timestamp. It doesn´t work on CLIENT_REPONSE right now, although it may with a small caveat (I am going to lobby a bit: issue 3695). Other DNS servers are not so complete so you should keep track of those timestamps yourself. Borja. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
