Distributed DNS/etc checking

Joe Greco jgreco at ns.sol.net
Mon Apr 2 11:26:40 CDT 2012

> Good day all,
> There have been a few instances where we've wanted to check our external
> DNS servers from various external networks, so we've utilized the existing
> looking glass tools provided by many of you.  However, it's a very manual
> process, given that all LG's I've found say no automating/scripting.  If we
> want to check from a couple dozen sites around the world, it's a lot of
> clicking and typing and collecting.  If we wanted to create an tool that
> our NOC could use to verify our services, we would need something we could
> script.  Ideally, we'd be able to run this constantly to do health checks
> on our services, but one step at a time.
> I've been googling, but so far I'm unable to find any larger scale
> projects/toolsets that we could use to simplify this process.  Is anyone
> aware of something that would allow for me to submit a "job" to some sort
> of distributed service (I care about DNS, but others may care about
> traceroutes, pings, bgp information, etc), that will then run run the "job"
> and give me back an answer?
> Similarly, but perhaps differently, those of you who may run large anycast
> DNS services, how do you gather "external" stats about routing, response
> time, availability, and so on?  It seems like this sort of thing would be a
> fairly common requirement (lets see how my network looks to those outside
> of it) but everything I can find is very manual at this point.
> This looks like a somewhat promising option, however I don't think I could
> get buy-in to run a node in our network, so it's not on the table for now:
> https://ring.nlnog.net/
> This same functionality would likely be very helpful internal to large
> networks as well.
> I would love to know if I'm missing something obvious, or pieces of
> something obvious we could work with.  Failing something already existing,
> I'd value any information people care to share about how they do this now,
> either on or off list.  I can summarize any findings if the community is
> interested.

The usual technique is to buy a few cheap virtual private servers at
points of interest around the net and then do whatever you please.

The problem is that your network will have a different monitoring
system than our network, so if you want something that integrates
cleanly with your Nagios based system, it'll be different than what
integrates cleanly with our WhatsUp system.  So it's usually easier
to just go with some cheap virtual private servers.

If you're clever, you might see if you can exchange services with a
few other small networks.

... JG
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.

More information about the NANOG mailing list