Prometheus

Monitor BIND DNS server with Prometheus and Grafana

Josphat Mutai Updated Jun 20, 2024 · 5 min read

In this blog post, we will cover the steps to set up monitoring for BIND DNS server using Prometheus Server and Grafana to visualize Bind metrics. BIND which stands for “Berkeley Internet Name Domain” is an open-source Domain Name server that allows you to publish your DNS information on the Internet and allow network users to do DNS queries.

Original content from computingforgeeks.com - post 3775

The number of tools that can be used to monitor BIND DNS server is limited, and personally, I like Prometheus Bind exporter with Grafana. LibreNMS has BIND application monitoring that I was planning to give it a try.

Setup Pre-requisites

  1. Installed and configured BIND DNS server
  2. BIND need to have been build with libxml2 support. This can be confirmed using 
# named -V | grep libxml2
using libxml2 version: 2.9.1

3. Installed Prometheus – Install Prometheus on Ubuntu / CentOS / Debian

Step 1: Install Bind Prometheus Exporter

Install wget

### Ubuntu / Debian ###
sudo apt update
sudo apt -y install wget

### CentOS / Fedora ###
sudo yum -y install wget

Download the latest release of bind_exporter binary:

curl -s https://api.github.com/repos/prometheus-community/bind_exporter/releases/latest | grep browser_download_url | grep linux-amd64 |  cut -d '"' -f 4 | wget -qi -

This downloads a 64-bit binary release for Linux, for other operating systems, check the bind_exporter releases page.

Extract downloaded file.

tar xvf bind_exporter*.tar.gz

Move extracted binary file to /usr/local/bin directory:

sudo mv bind_exporter-*/bind_exporter /usr/local/bin

Confirm installation by checking the version installed.

$ bind_exporter --version
bind_exporter, version 0.7.0 (branch: HEAD, revision: b9e01efa3fa37e78c65b2f09e84e027a954b5d32)
  build user:       root@e6068f3fc710
  build date:       20230811-20:19:28
  go version:       go1.20.7
  platform:         linux/amd64
  tags:             netgo static_build

You can print command options using bind_exporter --help

$ bind_exporter --help
usage: bind_exporter [<flags>]

Flags:
  -h, --help                     Show context-sensitive help (also try --help-long and --help-man).
      --bind.stats-url="http://localhost:8053/"
                                 HTTP XML API address of BIND server
      --bind.timeout=10s         Timeout for trying to get stats from BIND server
      --bind.pid-file="/run/named/named.pid"
                                 Path to BIND's pid file to export process information
      --bind.stats-version=auto  BIND statistics version. Can be detected automatically.
      --web.config.file=""       [EXPERIMENTAL] Path to configuration file that can enable TLS or authentication.
      --web.listen-address=":9119"
                                 Address to listen on for web interface and telemetry
      --web.telemetry-path="/metrics"
                                 Path under which to expose metrics
      --bind.stats-groups=server,view,tasks
                                 Comma-separated list of statistics to collect
      --version                  Show application version.

Step 2: Configure BIND DNS server

You need to configure BIND to open a statistics channel. Since the exporter and BIND are on the same host, the port is opened locally.

For CentOS ISC BIND DNS server, edit the file /etc/named.conf to add.

$ sudo vim /etc/named.conf
statistics-channels {
  inet 127.0.0.1 port 8053 allow { 127.0.0.1; };
};

For Ubuntu / Debian ISC BIND DNS server, edit the file /etc/bind/named.conf.options

$ sudo vim /etc/bind/named.conf.options
statistics-channels {
  inet 127.0.0.1 port 8053 allow { 127.0.0.1; };
};

Restart bind for the changes to be effected

sudo systemctl restart named

Step 3: Create Bind Exporter systemd service

The next part is to create systemd service used to start the collector with access to the bind(named) pid file and enable the view stats group:

Add Prometheus system user account:

sudo groupadd --system prometheus
sudo useradd -s /sbin/nologin --system -g prometheus prometheus

This user will manage the exporter service. Once the user account has been added, create a systemd service unit file:

sudo tee /etc/systemd/system/bind_exporter.service<<EOF
[Unit]
Description=Prometheus
Documentation=https://github.com/digitalocean/bind_exporter
Wants=network-online.target
After=network-online.target

[Service]
Type=simple
User=prometheus
Group=prometheus
ExecReload=/bin/kill -HUP \$MAINPID
ExecStart=/usr/local/bin/bind_exporter \
  --bind.pid-file=/var/run/named/named.pid \
  --bind.timeout=20s \
  --web.listen-address=0.0.0.0:9153 \
  --web.telemetry-path=/metrics \
  --bind.stats-url=http://localhost:8053/ \
  --bind.stats-groups=server,view,tasks

SyslogIdentifier=prometheus
Restart=always

[Install]
WantedBy=multi-user.target
EOF

Reload systemd and start bind_exporter service:

sudo systemctl daemon-reload
sudo systemctl restart bind_exporter.service

Enable the service to start on boot:

sudo systemctl enable bind_exporter.service

Confirm that the service is listening on port 9153 as configured

$ systemctl status bind_exporter.service
 bind_exporter.service - Prometheus
     Loaded: loaded (/etc/systemd/system/bind_exporter.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2023-12-21 23:55:51 EAT; 15s ago
       Docs: https://github.com/digitalocean/bind_exporter
   Main PID: 16114 (bind_exporter)
      Tasks: 5 (limit: 2340)
     Memory: 2.6M
        CPU: 7ms
     CGroup: /system.slice/bind_exporter.service
             └─16114 /usr/local/bin/bind_exporter --bind.pid-file=/var/run/named/named.pid --bind.timeout=20s --web.listen-address=0.0.0.0:9153 --web.telemetry-path=/metrics --bind.stats-url=http:/>

$ sudo ss -tunelp | grep 9153
tcp    LISTEN     0      128      :::9153                 :::*                   users:(("bind_exporter",pid=23266,fd=3)) uid:997 ino:113951 sk:ffff8d17fab19980 v6only:0 <->

Open the port on the firewall if you have firewalld running:

sudo firewall-cmd --add-port=9153/tcp --permanent
sudo firewall-cmd --reload

Step 4: Configure Prometheus Server

If you don’t have a running Prometheus server, refer to our previous guide on how to Install Prometheus Server on CentOS and Ubuntu. Below is a definition of my two jobs

- job_name: dns-master
    static_configs:
      - targets: ['10.1.5.3:9153']
        labels:
          alias: dns-master

  - job_name: dns-slave1
    static_configs:
      - targets: ['10.1.5.4:9153']
        labels:
          alias: dns-slave

Restart prometheus server:

sudo systemctl restart prometheus

Step 5: Add Grafana Dashboard

We’re going to use already created Grafana Dashboard #12309

When Prometheus data source has been added, import Bind Grafana Dashboard by navigating to Dashboard > Import. Use 12309 for Grafana Dashboard ID.

bind dns grafana 01

Give it a descriptive name and choose Prometheus data source added earlier.

bind dns grafana 02

Click “Import” button to start using the dashboard. After a few minutes, the metrics should start showing.

bind dns grafana 03

Stay tuned for more monitoring guides with Prometheus and Grafana. Other monitoring guides are:

Josphat Mutai

Founder of Computingforgeeks. Expertise in Virtualization, Cloud, Linux/UNIX Administration, Automation,Storage Systems, Containers, Server Clustering e.t.c.

Related Articles

Automation How To Install Chef Workstation on CentOS 8 / RHEL 8 Arch Linux How to run multiple versions of Node.js on Linux Databases Install MariaDB 10.5 on Ubuntu 16.04 (Xenial Xerus) LTS Arch Linux Configure i3pystatus on Linux

Press ESC to close