Monitor BIND DNS server with Prometheus and Grafana | ComputingForGeeks

In this blog post, we will cover the steps to set up monitoring for BIND DNS server using Prometheus Server and Grafana to visualize Bind metrics. BIND which stands for “Berkeley Internet Name Domain” is an open-source Domain Name server that allows you to publish your DNS information on the Internet and allow network users to do DNS queries.

The number of tools that can be used to monitor BIND DNS server is limited, and personally, I like Prometheus Bind exporter with Grafana. LibreNMS has BIND application monitoring that I was planning to give it a try.

Setup Pre-requisites

1. Installed and configured BIND DNS server
2. BIND need to have been build with libxml2 support. This can be confirmed using

# named -V | grep libxml2
using libxml2 version: 2.9.1

3. Installed Prometheus – Install Prometheus on Ubuntu / CentOS / Debian

Step 1: Install Bind Prometheus Exporter

Install wget

### Ubuntu / Debian ###
sudo apt update
sudo apt -y install wget

### CentOS / Fedora ###
sudo yum -y install wget

Download the latest release of bind_exporter binary:

curl -s https://api.github.com/repos/prometheus-community/bind_exporter/releases/latest | grep browser_download_url | grep linux-amd64 |  cut -d '"' -f 4 | wget -qi -

This downloads a 64-bit binary release for Linux, for other operating systems, check the bind_exporter releases page.

Extract downloaded file.

tar xvf bind_exporter*.tar.gz

Move extracted binary file to /usr/local/bin directory:

sudo mv bind_exporter-*/bind_exporter /usr/local/bin

Confirm installation by checking the version installed.

$ bind_exporter --version
bind_exporter, version 0.4.0 (branch: HEAD, revision: dd5068b5065fe78849434693f6609c66c40305bf)
  build user:       root@5365dfa4cc9d
  build date:       20210114-14:55:07
  go version:       go1.15.6
  platform:         linux/amd64

You can print command options using bind_exporter --help

$ bind_exporter --help
usage: bind_exporter [<flags>]

Flags:
  -h, --help                     Show context-sensitive help (also try --help-long and --help-man).
      --bind.stats-url="http://localhost:8053/"
                                 HTTP XML API address of BIND server
      --bind.timeout=10s         Timeout for trying to get stats from BIND server
      --bind.pid-file="/run/named/named.pid"
                                 Path to BIND's pid file to export process information
      --bind.stats-version=auto  BIND statistics version. Can be detected automatically.
      --web.config.file=""       [EXPERIMENTAL] Path to configuration file that can enable TLS or authentication.
      --web.listen-address=":9119"
                                 Address to listen on for web interface and telemetry
      --web.telemetry-path="/metrics"
                                 Path under which to expose metrics
      --bind.stats-groups=server,view,tasks
                                 Comma-separated list of statistics to collect
      --version                  Show application version.

Step 2: Configure BIND DNS server

You need to configure BIND to open a statistics channel. Since the exporter and BIND are on the same host, the port is opened locally.

For CentOS ISC BIND DNS server, edit the file /etc/named.conf to add.

statistics-channels {
  inet 127.0.0.1 port 8053 allow { 127.0.0.1; };
};

For Ubuntu / Debian ISC BIND DNS server, edit the file /etc/bind/named.conf.options

statistics-channels {
  inet 127.0.0.1 port 8053 allow { 127.0.0.1; };
};

Restart bind for the changes to be effected

sudo systemctl restart named

Step 3: Create Bind Exporter systemd service

The next part is to create systemd service used to start the collector with access to the bind(named) pid file and enable the view stats group:

Add Prometheus system user account:

sudo groupadd --system prometheus
sudo useradd -s /sbin/nologin --system -g prometheus prometheus

This user will manage the exporter service. Once the user account has been added, create a systemd service unit file:

sudo tee /etc/systemd/system/bind_exporter.service<<EOF
[Unit]
Description=Prometheus
Documentation=https://github.com/digitalocean/bind_exporter
Wants=network-online.target
After=network-online.target

[Service]
Type=simple
User=prometheus
Group=prometheus
ExecReload=/bin/kill -HUP \$MAINPID
ExecStart=/usr/local/bin/bind_exporter \
  --bind.pid-file=/var/run/named/named.pid \
  --bind.timeout=20s \
  --web.listen-address=0.0.0.0:9153 \
  --web.telemetry-path=/metrics \
  --bind.stats-url=http://localhost:8053/ \
  --bind.stats-groups=server,view,tasks

SyslogIdentifier=prometheus
Restart=always

[Install]
WantedBy=multi-user.target
EOF

Reload systemd and start bind_exporter service:

sudo systemctl daemon-reload
sudo systemctl restart bind_exporter.service

Enable the service to start on boot:

sudo systemctl enable bind_exporter.service

Confirm that the service is listening on port 9153 as configured

$ systemctl status bind_exporter.service
● bind_exporter.service - Prometheus
     Loaded: loaded (/etc/systemd/system/bind_exporter.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2021-09-01 11:12:04 UTC; 21s ago
       Docs: https://github.com/digitalocean/bind_exporter
   Main PID: 16114 (bind_exporter)
      Tasks: 5 (limit: 2340)
     Memory: 2.6M
        CPU: 7ms
     CGroup: /system.slice/bind_exporter.service
             └─16114 /usr/local/bin/bind_exporter --bind.pid-file=/var/run/named/named.pid --bind.timeout=20s --web.listen-address=0.0.0.0:9153 --web.telemetry-path=/metrics --bind.stats-url=http:/>

Sep 01 11:12:04 debian-bullseye-01 systemd[1]: Started Prometheus.
Sep 01 11:12:04 debian-bullseye-01 prometheus[16114]: level=info ts=2021-09-01T11:12:04.716Z caller=bind_exporter.go:529 msg="Starting bind_exporter" version="(version=0.4.0, branch=HEAD, revision=>
Sep 01 11:12:04 debian-bullseye-01 prometheus[16114]: level=info ts=2021-09-01T11:12:04.716Z caller=bind_exporter.go:530 msg="Build context" build_context="(go=go1.15.6, user=root@5365dfa4cc9d, dat>
Sep 01 11:12:04 debian-bullseye-01 prometheus[16114]: level=info ts=2021-09-01T11:12:04.716Z caller=bind_exporter.go:531 msg="Collectors enabled" collectors=server,view,tasks
Sep 01 11:12:04 debian-bullseye-01 prometheus[16114]: level=info ts=2021-09-01T11:12:04.716Z caller=bind_exporter.go:555 msg="Listening on" address=0.0.0.0:9153
Sep 01 11:12:04 debian-bullseye-01 prometheus[16114]: level=info ts=2021-09-01T11:12:04.717Z caller=tls_config.go:191 msg="TLS is disabled." http2=false


$ sudo ss -tunelp | grep 9153
tcp    LISTEN     0      128      :::9153                 :::*                   users:(("bind_exporter",pid=23266,fd=3)) uid:997 ino:113951 sk:ffff8d17fab19980 v6only:0 <->

Open the port on the firewall if you have firewalld running:

sudo firewall-cmd --add-port=9153/tcp --permanent
sudo firewall-cmd --reload

Step 4: Configure Prometheus Server

If you don’t have a running Prometheus server, refer to our previous guide on how to Install Prometheus Server on CentOS and Ubuntu Linux. Below is a definition of my two jobs

- job_name: dns-master
    static_configs:
      - targets: ['10.1.5.3:9153']
        labels:
          alias: dns-master

  - job_name: dns-slave1
    static_configs:
      - targets: ['10.1.5.4:9153']
        labels:
          alias: dns-slave

Restart prometheus server:

sudo systemctl restart prometheus

Step 5: Add Grafana Dashboard

We’re going to use already created Grafana dashboard by Cristian Calin. Dashboard ID is 1666. Login to Grafana and Add Prometheus data source if you haven’t.

When Prometheus data source has been added, import Bind Grafana Dashboard by navigating to Dashboard > Import. Use 1666 for Grafana Dashboard ID.

Give it a descriptive name and choose Prometheus data source added earlier.

Click “Import” button to start using the dashboard. After a few minutes, the metrics should start showing.

Stay tuned for more monitoring guides with Prometheus and Grafana. Other monitoring guides are: