Difference between revisions of "Plugin:DNS"

From collectd Wiki
Jump to: navigation, search
(Created initial page.)
 
(+Category:Plugins requiring privileges)
 
(13 intermediate revisions by the same user not shown)
Line 1: Line 1:
= Description =
+
{{Infobox Plugin
 
+
  | Name=DNS
The <em>DNS</em> plugin has a similar functionality to [http://dns.measurement-factory.com/tools/dnstop/ dnstop]: It uses [http://www.tcpdump.org/ libpcap] to get a copy of all traffic from/to port UDP/53  (that's the DNS port), interprets the packets and collects statistics of your DNS traffic. The interface it should listen on and whether or not the packets sent by the own host should be collected or not can be set in the configuration file. The details are documented in the [http://collectd.org/documentation/manpages/collectd.conf.5.shtml#plugin_dns collectd.conf(5)] manpage.
+
  | Type=read
 
+
  | Callbacks={{Callback|config}}, {{Callback|init}}, {{Callback|read}}
Since with this plugin collectd acts as a packet sniffer, tools like [http://www.chkrootkit.org/ chkrootkit] may start reporting collectd as "suspicious program". Please don't be alarmed - if you load this plugin collectd is <em>supposed</em> to sniff packets. Nothing is done with the sniffed data except counting various aspects of DNS traffic, as you can see below. But you don't have to take my word for it: Let the source code do the convincing ;)
+
  | Status={{supported}}
 +
  | FirstVersion={{Version|3.11}}
 +
  | Copyright=''2006–2007'' Florian octo Forster<br />''2009'' Mirko Buffoni
 +
  | License={{GPLv2}}
 +
  | Manpage={{Manpage|collectd.conf|5|plugin_dns}}
 +
}}
 +
The '''DNS plugin''' has a similar functionality to [http://dns.measurement-factory.com/tools/dnstop/ dnstop]: It uses [http://www.tcpdump.org/ libpcap] to get a copy of all traffic from/to port UDP/53  (that's the DNS port), interprets the packets and collects statistics of your DNS traffic. The interface it should listen on and whether or not the packets sent by the own host should be collected or not can be set in the configuration file. The details are documented in the {{Manpage|collectd.conf|5|plugin_dns}} manpage.
  
 
The metrics collected by this plugin are:
 
The metrics collected by this plugin are:
Line 12: Line 18:
 
; Octets: Number of octets sent/received.
 
; Octets: Number of octets sent/received.
  
= Dependencies =
+
== Example graphs ==
 +
 
 +
[[Image:Plugin-dns-opcode.png|500px]]
 +
[[Image:Plugin-dns-qtype.png|500px]]
 +
[[Image:Plugin-dns-rcode.png|500px]]
 +
[[Image:Plugin-dns-traffic.png|500px]]
 +
 
 +
== Caveats ==
 +
 
 +
=== chkrootkit ===
 +
 
 +
Since with this plugin acts as a packet sniffer, tools like [http://www.chkrootkit.org/ chkrootkit] may start reporting ''collectd'' as "suspicious program". Please don't be alarmed – if you load this plugin collectd is ''supposed'' to sniff packets. Nothing is done with the sniffed data except counting various aspects of DNS traffic, as you can see in the ''Example graphs'' section. But you don't have to take my word for it: Let the source code do the convincing ;)
 +
 
 +
== Dependencies ==
  
 
* [http://www.tcpdump.org/ libpcap]
 
* [http://www.tcpdump.org/ libpcap]
 +
 +
== See also ==
 +
 +
* [[Plugin:BIND|BIND plugin]]
  
 
[[Category:Plugins]]
 
[[Category:Plugins]]
 +
[[Category:Plugins requiring privileges]]
 +
{{DEFAULTSORT:Dns}}

Latest revision as of 23:50, 27 November 2010

DNS plugin
Type: read
Callbacks: config, init, read
Status: supported
First version: 3.11
Copyright: 2006–2007 Florian octo Forster
2009 Mirko Buffoni
License: GPLv2
Manpage: collectd.conf(5)
List of Plugins

The DNS plugin has a similar functionality to dnstop: It uses libpcap to get a copy of all traffic from/to port UDP/53 (that's the DNS port), interprets the packets and collects statistics of your DNS traffic. The interface it should listen on and whether or not the packets sent by the own host should be collected or not can be set in the configuration file. The details are documented in the collectd.conf(5) manpage.

The metrics collected by this plugin are:

OpCode
Number of packets with a specific opcode, e. g. the number of packets that contained a query.
QType
Number of queries for each record type. Common record types are for example A, AAAA, MX, and NS.
RCode
Number of response codes seen. Common response codes are for example NOERROR (query was successful) and NXDOMAIN (domain or subdomain doesn't exist).
Octets
Number of octets sent/received.

Example graphs

Plugin-dns-opcode.png Plugin-dns-qtype.png Plugin-dns-rcode.png Plugin-dns-traffic.png

Caveats

chkrootkit

Since with this plugin acts as a packet sniffer, tools like chkrootkit may start reporting collectd as "suspicious program". Please don't be alarmed – if you load this plugin collectd is supposed to sniff packets. Nothing is done with the sniffed data except counting various aspects of DNS traffic, as you can see in the Example graphs section. But you don't have to take my word for it: Let the source code do the convincing ;)

Dependencies

See also