DNS Check
Overview
DNS Check is a Sensu Metrics Check for monitoring dns resolver performance and behavior.
Output Metrics
Name |
Description |
dns_response_time |
Response time for a given dns query. |
dns_resolved |
Binary signal returns 0 when the record can be resolved. Otherwise 1. |
dns_secure |
Binary signal returns 0 when the server response indicates that DNSSEC signatures have been validated for all records. Otherwise 1. |
Usage examples
➜ dns-check -s "8.8.8.8,8.8.4.4" -d "google.com"
# HELP dns_resolved binary result 0 when the query can be resolved, otherwise 1
# TYPE dns_resolved gauge
dns_resolved{servername="8.8.8.8", domain="google.com", record_class="IN", record_type="A"} 0.000000 1639497858941
dns_resolved{servername="8.8.4.4", domain="google.com", record_class="IN", record_type="A"} 0.000000 1639497858941
# HELP dns_response_time round trip response time to resolve the query in seconds
# TYPE dns_response_time gauge
dns_response_time{servername="8.8.8.8", domain="google.com", record_class="IN", record_type="A"} 0.014646 1639497858941
dns_response_time{servername="8.8.4.4", domain="google.com", record_class="IN", record_type="A"} 0.014858 1639497858941
# HELP dns_secure binary result 0 when the server indicates dnssec signatures were validated, otherwise 1
# TYPE dns_secure gauge
dns_secure{servername="8.8.8.8", domain="google.com", record_class="IN", record_type="A"} 1.000000 1639497858941
dns_secure{servername="8.8.4.4", domain="google.com", record_class="IN", record_type="A"} 1.000000 1639497858941
DNSSEC
The DNS Check tool does no signature validation or verification of its own, but instead relies solely on the upstream resolver to inform the dns_secure
metric. dns_secure
is set 0 (OK) when the AD Bit is set in the response regardless of response status or answer.