FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DNS lookup monitoring

ben_wrightson
Dynatrace Champion
Dynatrace Champion

‎02 Mar 2022 12:05 PM

Occasionally, customers ask about doing regular DNS lookups of certain domains so they know whether these domains are still reachable.

 

Since the out-of-the-box Synthetic monitors only allow HTTP(S), one way of doing this is with an extension (see https://www.dynatrace.com/news/blog/monitor-your-whole-infrastructure-using-synthetic-monitors/).

 

However, some customers have to overcome organizational challengers with this, because the extensions run on an ActiveGate, and if you want to run an ActiveGate outside of your corporate network (because you want to test the DNS lookup outside of your corporate network), then there may be additional hurdles to jump.

 

Another way of doing this is by using a DNS-over-HTTPS (DoH) service and just sending an HTML request and doing a DNS lookup that way. That can be done with the built-in functionality of HTTP Monitors (be sure to validate the result!) and has the advantage that it will work both inside your corporate network (with Private Locations) and outside (with Public synthetic locations).

Labels:
Reply
8 REPLIES 8

Peter_Ralston
Advisor

‎07 Mar 2022 06:55 AM

Hi Ben, 

There is an Active Gate extension that can be used for DNS monitoring if required. 
dynatrace-api/third-party-synthetic/active-gate-extensions at master · Dynatrace/dynatrace-api · Git...

In Addition, there are also ones for TCP / Port & Ping checks.


Hope this helps.  Just deploy it in the same way as a standard extension.
These then appear under your Synthetics Tab. 

Hope it helps.

Reply

ben_wrightson
Dynatrace Champion
Dynatrace Champion
In response to Peter_Ralston

‎14 Mar 2022 03:19 PM

Hi Peter,

 

I know. These are the same ones that are linked to in the blog post I linked above.

Problem is, if you want to run a DNS test from outside your company's network, you'll need an ActiveGate outside your company's network to run these extensions.
Using DoH will work without having to run an external ActiveGate, but can simply run on Public Synthetic locations instead.

Reply

r_weber
DynaMight Champion
DynaMight Champion
In response to ben_wrightson

‎05 May 2022 08:22 AM

Hi @ben_wrightson ,

you do not need to run any DNS validation plugin outside your company's network to perform a DNS validation "from the outside".
If I got you right you can use any DNS lookup from the inside and just perform the lookup against an external DNS server?
Just like with "dig" against different NS servers:
(I do have a split DNS setup, where FQDNs resolve to different IPs while in the LAN or if queried on the public Internet)

 

% dig unifi.dy.natrace.it @8.8.8.8 | grep "ANSWER SECTION" -A 1
;; ANSWER SECTION:
unifi.dy.natrace.it.	285	IN	A	46.244.228.59
% dig unifi.dy.natrace.it @192.168.1.252 | grep "ANSWER SECTION" -A 1
;; ANSWER SECTION:
unifi.dy.natrace.it.	0	IN	A	192.168.1.254

 

Certified Dynatrace Master, Dynatrace Partner - 360Performance.net
0 Kudos
Reply

ben_wrightson
Dynatrace Champion
Dynatrace Champion
In response to r_weber

‎05 May 2022 02:13 PM

Hi,

true, and a good point.
However, there may be restrictions on outside communication sometimes.

0 Kudos
Reply

r_weber
DynaMight Champion
DynaMight Champion
In response to ben_wrightson

‎06 May 2022 12:18 AM

In my experience DNS queries (via UDP/TCP 53) is almost never blocked in connected infrastructure that is not completely isolated. So it's more likely that you can do DNS queries than DNS over HTTP queries in my opinion.


(I remember the times where I used DNSTX - tunneling data over DNS TXT queries in expensive public WiFi Hotspots without paying because DNS queries were always allowed 🙂

Another way could be to perform queries to the authoritative DNS server of the (public) DNS entry by determining the AUTH DNS server from whatever DNS server is available on an Activegate (assuming plugin solution) and then using the solution above.
But this would still require to be able to perform DNS queries to the outside.

Certified Dynatrace Master, Dynatrace Partner - 360Performance.net
0 Kudos
Reply

DavorinKrivak
Helper

‎03 May 2022 01:11 PM

Hi Ben,

I'm curious about this part: 

@ben_wrightson wrote:

Occasionally, customers ask about doing regular DNS lookups of certain domains so they know whether these domains are still reachable.

So the customer is not interested if the DNS server is operating, but if the record has been (or not) propagated? Or is it a case of records being deleted?

0 Kudos
Reply

ben_wrightson
Dynatrace Champion
Dynatrace Champion
In response to DavorinKrivak

‎05 May 2022 02:10 PM

Hi,

 

@DavorinKrivak wrote:
So the customer is not interested if the DNS server is operating, but if the record has been (or not) propagated? Or is it a case of records being deleted?

Yes, exactly. They want to make sure their DNS record hasn't expired or been deleted accidentally.

0 Kudos
Reply

techean
Dynatrace Champion
Dynatrace Champion
In response to ben_wrightson

‎06 May 2022 11:47 AM

A shell script can be kept on their network premise server which belongs to a DMZ. The execution script can consist list of domain names which needed to be checked on scheduled basis and output can be generated as required in  a log file. We can the try pulling this logs in Dynatarce. Script executing triggers and backup renaming of logs or deleting it will be required to be schedule using some cron jobs. Below is jsut a simple example hope you can do something similar terms to help with the required data.

{...........

while read ADDR
do
nslookup ${ADDR} | tee -a mylookup.log
done < mylookup

...where 'mylookup' is a file with one IP or FQDN per line:

10.10.11.12
host01.xyz.net
host02.xyz.net

...........}

KG
0 Kudos
Reply
Ask a question

Featured Posts