DSC is the DNS Statistics Collector, a program by The Measurement Factory, written by Duane Wessels and Ken Keys. It is designed to collect and aggregate statistics from busy authoritative servers, such as those used by TLD and root server operators, but you can use it to collect statistics for any DNS servers you use. The program consists of two major components, called the collector and the presenter.

The collector process sniffs DNS messages received and sent on a network interface, and as such it is server-agnostic – it works with any DNS server. You typically run it either on the machine on which your DNS server is located or on a system connected to a switch port configured with port mirroring. A configuration file specifies which datasets the collector should collect. The collector dumps the datasets to XML files every 60 seconds.

The presenter component receives the XML files from collectors. It uses an extractor process to parse and convert them to a different text-based format. The presenter then uses a CGI script to display the data in a Web browser, where you select time scales or particular nodes within a server cluster you are interested in.

(Diagram: Jan-Piet Mens.)

Each machine on which DNS is monitored is called a node and nodes that have something in common (e.g. a common location) are called a system or system cluster. For example, you could group your recursive resolvers into a system called resolvers, or your authoritative DNS servers located in the data center in Austria to a system called Austria.

The presenter CGI lets you view your DNS traffic in many different ways, including: by node; by query type (including DNSSEC types); by client geography; by Rcode; by queried TLD; by IP version; by transport (UDP or TCP).

dsc provides scripts for uploading the XML files from your collectors to the presenter. These include upload via SSH and HTTP PUT requests, but you are free to use any means at your disposal.

I’m currently deploying dsc in a largish environment, and I cannot have the collector_s upload the files to the presenter – I must retrieve the files _from the collectors. In order to do this, I’ve created a small program which parses the dsc-grapher.cfg file to determine the system_s and _node_s and it runs off and rsyncs the files into the _presenter machine, using the --remove-source-files (a.k.a. --remove-sent-files) switch to delete the source when transfer is complete.

Even though there are alternatives, such as collectd which can also monitor all sorts of other components, dsc is an excellent tool for getting visual grips on a large DNS environment.

The only downside to using dsc I can think of is that there is quite a bit of data to shuffle around. First you have the XML files created by the collectors which must be transferred to the presenter. These files then need to be converted from XML to a different plain-text format – a process which takes a bit of time and creates additional files. These files then need to be periodically removed (with a supplied program). If you want to be able to view data collected in the past, you have to keep the plain-text data files, which takes space. A future improvement would be to use RRD files.

DNS, CLI, dnsbook, and monitoring :: 30 Sep 2010 :: e-mail