Distributed DNS/etc checking

Mailman List Mirror (Read Only)
1

Good day all,

There have been a few instances where we've wanted to check our external
DNS servers from various external networks, so we've utilized the existing
looking glass tools provided by many of you. However, it's a very manual
process, given that all LG's I've found say no automating/scripting. If we
want to check from a couple dozen sites around the world, it's a lot of
clicking and typing and collecting. If we wanted to create an tool that
our NOC could use to verify our services, we would need something we could
script. Ideally, we'd be able to run this constantly to do health checks
on our services, but one step at a time.

I've been googling, but so far I'm unable to find any larger scale
projects/toolsets that we could use to simplify this process. Is anyone
aware of something that would allow for me to submit a "job" to some sort
of distributed service (I care about DNS, but others may care about
traceroutes, pings, bgp information, etc), that will then run run the "job"
and give me back an answer?

Similarly, but perhaps differently, those of you who may run large anycast
DNS services, how do you gather "external" stats about routing, response
time, availability, and so on? It seems like this sort of thing would be a
fairly common requirement (lets see how my network looks to those outside
of it) but everything I can find is very manual at this point.

This looks like a somewhat promising option, however I don't think I could
get buy-in to run a node in our network, so it's not on the table for now:
https://ring.nlnog.net/

This same functionality would likely be very helpful internal to large
networks as well.

I would love to know if I'm missing something obvious, or pieces of
something obvious we could work with. Failing something already existing,
I'd value any information people care to share about how they do this now,
either on or off list. I can summarize any findings if the community is
interested.

Cheers,

Todd.

2

Good day all,

There have been a few instances where we've wanted to check our external
DNS servers from various external networks, so we've utilized the existing
looking glass tools provided by many of you. However, it's a very manual
process, given that all LG's I've found say no automating/scripting. If we
want to check from a couple dozen sites around the world, it's a lot of
clicking and typing and collecting. If we wanted to create an tool that
our NOC could use to verify our services, we would need something we could
script. Ideally, we'd be able to run this constantly to do health checks
on our services, but one step at a time.

I've been googling, but so far I'm unable to find any larger scale
projects/toolsets that we could use to simplify this process. Is anyone
aware of something that would allow for me to submit a "job" to some sort
of distributed service (I care about DNS, but others may care about
traceroutes, pings, bgp information, etc), that will then run run the "job"
and give me back an answer?

Similarly, but perhaps differently, those of you who may run large anycast
DNS services, how do you gather "external" stats about routing, response
time, availability, and so on? It seems like this sort of thing would be a
fairly common requirement (lets see how my network looks to those outside
of it) but everything I can find is very manual at this point.

This looks like a somewhat promising option, however I don't think I could
get buy-in to run a node in our network, so it's not on the table for now:
https://ring.nlnog.net/

This same functionality would likely be very helpful internal to large
networks as well.

I would love to know if I'm missing something obvious, or pieces of
something obvious we could work with. Failing something already existing,
I'd value any information people care to share about how they do this now,
either on or off list. I can summarize any findings if the community is
interested.

The usual technique is to buy a few cheap virtual private servers at
points of interest around the net and then do whatever you please.

The problem is that your network will have a different monitoring
system than our network, so if you want something that integrates
cleanly with your Nagios based system, it'll be different than what
integrates cleanly with our WhatsUp system. So it's usually easier
to just go with some cheap virtual private servers.

If you're clever, you might see if you can exchange services with a
few other small networks.

... JG

3

Try:
http://live.icmynet.com/icmynet-dns/
http://www.zonecut.net/dns/index.cgi

Regards,
Hank

4

Todd Snyder(todd@borked.ca)@Mon, Apr 02, 2012 at 12:08:06PM -0400:

Good day all,

There have been a few instances where we've wanted to check our external
DNS servers from various external networks, so we've utilized the existing
looking glass tools provided by many of you. However, it's a very manual
process, given that all LG's I've found say no automating/scripting. If we
want to check from a couple dozen sites around the world, it's a lot of
clicking and typing and collecting. If we wanted to create an tool that
our NOC could use to verify our services, we would need something we could
script. Ideally, we'd be able to run this constantly to do health checks
on our services, but one step at a time.

To suggest a service that I have no relation to (other than being a happy
customer), have you looked at Pingdom [http://www.pingdom.com/\] ? I'm not
using the DNS check type, but I have a dozen or so HTTP checks there.
Their system is super simple, no frills, and is priced like it :slight_smile: It
looks like you can list a domain to test, a server to check and what
result you expect. They run checks from a bunch of different places (40
servers, seemingly half in the US, right now). Pricing at the low scale
is $6/check/year, which is pretty compelling even against running some
VPSes if you aren't checking too many sites.

5

Todd Snyder(todd@borked.ca)@Mon, Apr 02, 2012 at 12:08:06PM -0400:

Good day all,

There have been a few instances where we've wanted to check our
external DNS servers from various external networks, so we've utilized
the existing looking glass tools provided by many of you. However,
it's a very manual process, given that all LG's I've found say no
automating/scripting. If we want to check from a couple dozen sites
around the world, it's a lot of clicking and typing and collecting.
If we wanted to create an tool that our NOC could use to verify our
services, we would need something we could script. Ideally, we'd be
able to run this constantly to do health checks on our services, but one step at a time.

A happy customer report for http://www.whatsmydns.net/ not scriptable as such, but very useful, and free into the bargain.

I use it to check our GeoIP DNS is responding as expected.

Matthew