About DNS Checks
DNS stands for "Domain Name System," and refers to the services that translate host and domain names (such as www.example.com or nodeping.com) into IP addresses. DNS services are critical if your customers are going to find your web site and services.
DNS records come in a variety of types, and NodePing's checks can handle several of the more common types. This check can do the following types of lookups: ANY, A, CNAME, MX, NS, PTR, SOA, and TXT. These are described in more detail below. The NodePing checks also let you optionally look for specific information in the response sent back from the DNS server.
- A - IPv4 address record. This is the basic record used to turn a name into an IP address.
- AAAA - IPv6 address record.
- CNAME - alias one name to another name.
- MX - maps a domain name with a list of mail servers for that domain.
- NS - lists domain name servers that are authoritative for a domain.
- PTR - pointer record, most commonly used for reverse lookups to turn an IP address into a name. Provide the PTR record in 'arpa' format (example: 220.127.116.11.in-addr.arpa will check the rDNS entry for 18.104.22.168).
- SOA - "start of authority" record, which basically means it returns authoritive information about a domain.
- SRV - Service record used by SIP and a few other protocols.
- TXT - Text records, used to store a variety of information.
When to use DNS Checks
NodePing's DNS checks are an important part of an overall server monitoring strategy. The checks are very flexible, and can be used to verify a variety of critical aspects of your overall DNS health. On the most basic level, they can be used for making sure that a DNS server is up and responding. Particularly if you run your own DNS server, this check is useful in making sure that the DNS server is available. You can also check to make sure that your DNS servers are responding correctly to specific queries. And, you can use them to make sure the public view of the DNS for your services and hosts are correct.
Using DNS Checks
To set up a DNS check,
- Select DNS from the Check type drop down.
- Give it a friendly label to identify this check in lists and notifications.
- Set how often you want the check to run on the Check Frequency field.
- Set the IP address or fully qualified name of the DNS server, its port, and the transport type. If you leave this blank, the DNS server used by the monitoring probe will be used. DNS servers almost always are on port 53, but if you are checking your own DNS servers it is possible you need a different port. The default transport is udp but tcp is also supported.
- Enter the type of query you want to perform, and address you want the check to look up. Usually this should be a fully qualified domain name. It should not include "http://" or "https://" In some cases, such as for PTR lookups, this will be an IP address. This field is optional. If you leave it out, the check will just make sure the DNS server is responding to DNS queries generally.
- Optionally set if the RD (Recursion Desired) bit should be set to 1 (default) or 0. If you use CloudFlare DNS, set this to 0.
- Enter the information the check should look for in the DNS server's response. This will depend on the query type. For example, for A records, this will be an IPv4 address. For other types, such as MX or NS records, this is likely to be a fully qualified domain name. For AAAA records, the full notation is required. Example: 2606:c700:4020:11::53:4a3b requires the 'missing' zero sections - 2606:c700:4020:11:0:0:53:4a3b - there should be 8 sections total.
- Optionally verify DNSSEC authentication data in the "DNSSEC" dropdown. (default is to NOT verify DNSSEC)
- Set a time out. The default 5 seconds works fine for most situations.
- Set the Sensitivity. High is usually appropriate.
- Set the notifications for this check. More information about notifications.
- To just check that a DNS server is up and responding, just set the DNS Server and port and leave the Query and Response fields blank.
- To check that public DNS information is correct, leave the DNS Server blank and fill in the Query and expected response. This is useful to make sure that the right information is propagating into the DNS view your customers will see.
- To check that a specific DNS server is responding with the right information to a specific query, fill in all three fields (Server, Query, and Expected Response).
Checking for availability of internal DNS servers can be very useful for business networks running Windows services. If you use this check in that way, you'll need to make port 53 accessible to the NodePing monitoring servers. Generally you should make these services open only to the monitoring services specific IP addresses.