Bind 9

Supported OS Linux Windows Mac OS

Versión de la integración1.1.0
Bind9 - Información general
Bind9 - Detalles

Información general

Bind 9 es una implementación completa y altamente portable del protocolo Sistema de Nombres de Dominio (DNS). El servidor de nombres de Bind 9 (con nombre), puede actuar como servidor de nombres autoritativo, solucionador recursivo, DNS Forwarder, o las tres cosas simultáneamente.

Esta integración proporciona enriquecimiento y visualización para los tipos de logs Query, Query Errors, Network, Lame Servers, Notify y Security. Ayuda a visualizar información detallada sobre patrones de solicitud DNS, comunicación DNS, configuraciones de servidor adecuadas y ataques DNS, asegurando un entorno de DNS robusto y fiable a través de dashboards predefinidos. Además, esta integración proporciona reglas de detección predefinidas. También recopilará estadísticas de Bind 9 en forma de métricas que pueden utilizarse para visualizaciones según sea necesario.

Configuración

Instalación

Para instalar la integración de Bind 9, ejecuta el siguiente comando de instalación del Agent y los pasos que se indican a continuación. Para obtener más información, consulta la documentación de Gestión de la integración.

Nota: Este paso no es necesario para el Agent versión >= 7.58.0.

Comando de Linux

sudo -u dd-agent -- datadog-agent integration install datadog-bind9==1.1.0

Recopilación de logs

Monitorización de archivos

  1. Inicia sesión en tu dispositivo de Bind 9.

  2. Abre el archivo named.conf para añadir una cláusula de registro:

    logging {
 channel <example_channel> {
      file "/folder_path/file_name.log" versions <unlimited | <integer>> size <size> suffix <increment | timestamp>;
      print-time (yes | local | iso8601 | iso8601-utc);
      print-category yes;
      print-severity yes;
 };
 category <example-category> { <example_channel>; };
}

    NOTA: El valor recomendado para print-time es iso8601-utc porque Datadog espera que todos los logs estén en la zona horaria UTC por defecto. Si la zona horaria de tus logs de Bind 9 no es UTC, asegúrate de seguir los pasos para utilizar una zona horaria diferente. Además, consulta las categorías definidas por Bind 9.

    Ejemplo de canal de registro:

    logging {
 channel default_log {
      file "/var/log/named/query.log" versions 3 size 10m;
      print-time iso8601-utc;
      print-category yes;
      print-severity yes;
 };
   category default { default_log; };
}

  3. Guarda y sal del archivo.

  4. Reinicia el servicio

    service named restart

Syslog

  1. Inicia sesión en tu dispositivo de Bind 9.

  2. Abre el archivo named.conf para añadir una cláusula de registro:

    logging {
 channel <example_channel> {
      syslog <syslog_facility>;
      severity (critical | error | warning | notice | info | debug [level ] | dynamic);
      print-time (yes | local | iso8601 | iso8601-utc);
      print-category yes;
      print-severity yes;
 };
 category <example-category> { <example_channel>; };
}

    NOTA: El valor recomendado para print-time es iso8601-utc porque Datadog espera que todos los logs estén en la zona horaria UTC por defecto. Si la zona horaria de tus logs de Bind 9 no es UTC, asegúrate de seguir los pasos para utilizar una zona horaria diferente. Además, consulta las categorías definidas por Bind 9.

    Ejemplo de canal de registro:

    logging {
 channel default_log {
      syslog local3;
      print-time iso8601-utc;
      print-category yes;
      print-severity yes;
 };
   category default { default_log; };
}

  3. Guarda y sal del archivo.

  4. Edita la configuración de syslog/rsyslog para loguear en Datadog utilizando la instalación que seleccionaste en Bind 9:

    <syslog_facility>.* @@<DATADOG_AGENT_IP_ADDRESS>:<PORT>

  5. Reinicia los siguientes servicios.

    service syslog/rsyslog restart
service named restart

Nota: Asegúrate de que print-category y print-severity están configurados como yes en la configuración de los canales para la aplicación Bind 9.

Configuración

Recopilación de métricas

  1. Edita el archivo bind9.d/conf.yaml, que se encuentra en la carpeta conf.d/ en la raíz del directorio de configuración de tu Agent, para empezar a recopilar tus métricas de Bind9. Para conocer todas las opciones de configuración disponibles, consulta el bind9.d/conf.yaml de ejemplo.

    init_config:

instances:
  - url: "<BIND_9_STATS_URL>"

  2. Reiniciar el Agent

Recopilación de logs

  1. La recopilación de logs está desactivada por defecto en el Datadog Agent. Actívala en el archivo datadog.yaml:

    logs_enabled: true

Monitorización de archivos

  1. Añade este bloque de configuración a tu archivo bind9.d/conf.yaml para empezar a recopilar tus logs de Bind 9:

    Para conocer todas las opciones de configuración disponibles, consulta el bind9.d/conf.yaml de ejemplo.

    logs:
  - type: file
    path: /var/log/named/*.log
    service: bind9
    source: bind9

    Nota: Cambia la variable path en conf.yaml a la misma ruta configurada en el parámetro file en canales para la aplicación de Bind 9.

  2. Reinicia el Agent.

Syslog

  1. Añade este bloque de configuración a tu archivo bind9.d/conf.yaml para empezar a recopilar tus logs de Bind 9:

    Para conocer todas las opciones de configuración disponibles, consulta el bind9.d/conf.yaml de ejemplo.

    logs:
  - type: tcp
    port: <PORT>
    service: bind9
    source: bind9

    Nota: El valor de port debe ser el mismo que el mencionado en syslog.conf/rsyslog.conf.

  2. Reinicia el Agent.

Especifica una zona horaria distinta de UTC en el pipeline de logs de Bind 9 Datadog

Datadog espera que todos los logs estén en la zona horaria UTC por defecto. Si la zona horaria de tus logs de Bind 9 no es UTC, especifica la zona horaria correcta en el pipeline de Bind 9 Datadog.

Para cambiar la zona horaria en el pipeline de Bind 9:

  1. Ve a la página Pipelines de la aplicación de Datadog.

  2. Introduce “Bind 9” en la casilla Filter Pipelines (Filtrar pipelines).

  3. Pasa el ratón por encima del pipeline de Bind 9 y haz clic en el botón clone (clonar). Esto creará un clon editable del pipeline de Bind 9.

  4. Edita el Parser Grok siguiendo los siguientes pasos:

    • En el pipeline clonado, busca un procesador con el nombre “Grok Parser: Parsing Bind 9 common log format” y haz clic en el botón Edit pasando el ratón por encima del pipeline.
    • En Define parsing rules (Definir reglas de parseo),
      • cambia la cadena UTC por el identificador de TZ de la zona horaria de tu servidor Bind 9. Por ejemplo, si tu zona horaria es IST, cambia el valor aAsia/Calcutta.
    • Pulsa el botón update (actualizar).

Validación

Ejecuta el subcomando de estado del Agent y busca bind9 en la sección Checks.

Compatibilidad

El check es compatible con las principales plataformas.

Datos recopilados

Logs

La integración de Bind 9 recopila los siguientes tipos de log.

Tipos de eventos
Query, Query Errors, Lame Servers, Notify, Security

Métricas

bind9.nsstat_AuthQryRej
(gauge)		Number of Authoritative (non recursive) queries rejected.
Shown as query
bind9.nsstat_DNS64
(gauge)
bind9.nsstat_ExpireOpt
(gauge)
bind9.nsstat_NSIDOpt
(gauge)
bind9.nsstat_OtherOpt
(gauge)
bind9.nsstat_QryAuthAns
(gauge)		Number of queries that resulted in authoritative answer.
Shown as query
bind9.nsstat_QryDropped
(gauge)		Number of recursive queries for which the server discovered an excessive number of existing recursive queries for the same name, type and class and were subsequently dropped.
Shown as query
bind9.nsstat_QryDuplicate
(gauge)		Number of queries for which the server attempted to recurse but discovered an existing query with the same IP address, port, query ID, name, type and class already being processed.
Shown as query
bind9.nsstat_QryFailure
(gauge)		Number of queries that failed for other reason.
Shown as query
bind9.nsstat_QryFORMERR
(gauge)		Number of queries that resulted in FORMERR.
Shown as query
bind9.nsstat_QryNoauthAns
(gauge)		Number of queries that resulted in non authoritative answer.
Shown as query
bind9.nsstat_QryNXDOMAIN
(gauge)		Number of queries that resulted in NXDOMAIN.
Shown as query
bind9.nsstat_QryNXRedir
(gauge)		Number of queries that resulted in NXDOMAIN and were redirected.
Shown as query
bind9.nsstat_QryNXRedirRLookup
(gauge)		Number of queries that resulted in NXDOMAIN and were redirected and resulted in a successful remote lookup.
Shown as query
bind9.nsstat_QryNxrrset
(gauge)		Number of queries that resulted in NOERROR responses with no data
Shown as query
bind9.nsstat_QryRecursion
(gauge)		Number of queries that caused the server to perform recursion in order to find the final answer.
Shown as query
bind9.nsstat_QryReferral
(gauge)		Number of queries that resulted in referral answer.
Shown as query
bind9.nsstat_QrySERVFAIL
(gauge)		Number of queries that resulted in SERVFAIL.
Shown as query
bind9.nsstat_QrySuccess
(gauge)		Number of queries that resulted in a successful answer.
Shown as query
bind9.nsstat_QryTCP
(gauge)
bind9.nsstat_QryUDP
(gauge)
bind9.nsstat_RateDropped
(gauge)		Number of responses dropped by rate limits.
Shown as response
bind9.nsstat_RateSlipped
(gauge)		Number of responses truncated by rate limits
Shown as response
bind9.nsstat_RecQryRej
(gauge)		Number of recursive queries rejected
Shown as query
bind9.nsstat_RecursClients
(gauge)
bind9.nsstat_ReqBadEDNSVer
(gauge)		Number of requests with unsupported EDNS version received.
Shown as request
bind9.nsstat_ReqBadSIG
(gauge)		Number of requests with invalid (TSIG or SIG(0)) signature.
Shown as request
bind9.nsstat_ReqEdns0
(gauge)		Number of requests with EDNS(0) received.
Shown as request
bind9.nsstat_ReqSIG0
(gauge)		Number of requests with SIG(0) received.
Shown as request
bind9.nsstat_ReqTCP
(gauge)		Number of TCP requests received.
Shown as request
bind9.nsstat_ReqTSIG
(gauge)		Number of requests with TSIG received.
Shown as request
bind9.nsstat_Requestv4
(gauge)		Number of IPv4 requests received (this also counts non query requests).
Shown as request
bind9.nsstat_Requestv6
(gauge)		Number of IPv6 requests received (this also counts non query requests).
Shown as request
bind9.nsstat_RespEDNS0
(gauge)		Number of responses with EDNS(0) sent.
Shown as response
bind9.nsstat_Response
(gauge)		Number of Responses sent.
Shown as response
bind9.nsstat_RespSIG0
(gauge)		Number of responses with SIG(0) sent.
Shown as response
bind9.nsstat_RespTSIG
(gauge)		Number of responses with TSIG sent.
Shown as response
bind9.nsstat_RPZRewrites
(gauge)		Number of response policy zone rewrites
bind9.nsstat_SitBadSize
(gauge)
bind9.nsstat_SitBadTime
(gauge)
bind9.nsstat_SitMatch
(gauge)
bind9.nsstat_SitNew
(gauge)
bind9.nsstat_SitNoMatch
(gauge)
bind9.nsstat_SitOpt
(gauge)
bind9.nsstat_TruncatedResp
(gauge)		Number of truncated responses sent.
Shown as response
bind9.nsstat_UpdateBadPrereq
(gauge)		Dynamic updates rejected due to prerequisite failure.
bind9.nsstat_UpdateDone
(gauge)		Dynamic updates completed.
bind9.nsstat_UpdateFail
(gauge)		Dynamic updates failed.
bind9.nsstat_UpdateFwdFail
(gauge)		Dynamic update forward failed.
bind9.nsstat_UpdateRej
(gauge)		Number of dynamic update requests rejected
Shown as request
bind9.nsstat_UpdateReqFwd
(gauge)		Number of update requests forwarded.
Shown as request
bind9.nsstat_UpdateRespFwd
(gauge)		Number of update responses forwarded.
Shown as response
bind9.nsstat_XfrRej
(gauge)		Number of zone transfer requests rejected.
Shown as request
bind9.nsstat_XfrReqDone
(gauge)		Number of requested zone transfers completed.
bind9.opcode_IQUERY
(gauge)		The number of incoming queries
Shown as query
bind9.opcode_NOTIFY
(gauge)
bind9.opcode_QUERY
(gauge)		The number of outgoing queries.
Shown as query
bind9.opcode_RESERVED10
(gauge)
bind9.opcode_RESERVED11
(gauge)
bind9.opcode_RESERVED12
(gauge)
bind9.opcode_RESERVED13
(gauge)
bind9.opcode_RESERVED14
(gauge)
bind9.opcode_RESERVED15
(gauge)
bind9.opcode_RESERVED3
(gauge)
bind9.opcode_RESERVED6
(gauge)
bind9.opcode_RESERVED7
(gauge)
bind9.opcode_RESERVED8
(gauge)
bind9.opcode_RESERVED9
(gauge)
bind9.opcode_STATUS
(gauge)
bind9.opcode_UPDATE
(gauge)
bind9.sockstat_FdwatchBindFail
(gauge)		Number of failures of binding FDWatch sockets.
bind9.sockstat_FDWatchClose
(gauge)		Number of FDWatch sockets closed.
bind9.sockstat_FDwatchConn
(gauge)		Number of FDWatch connections established successfully.
Shown as connection
bind9.sockstat_FDwatchConnFail
(gauge)		Number of failures of FDWatch connecting sockets.
bind9.sockstat_FDwatchRecvErr
(gauge)		Number of errors in FDWatch socket receive operations.
bind9.sockstat_FDwatchSendErr
(gauge)		Number of errors in FDWatch socket send operations.
bind9.sockstat_RawActive
(gauge)		Number of active raw socket.
Shown as connection
bind9.sockstat_RawClose
(gauge)		Number of raw sockets closed.
Shown as connection
bind9.sockstat_RawOpen
(gauge)		Raw sockets opened successfully.
Shown as connection
bind9.sockstat_RawOpenFail
(gauge)		Number of raw sockets with a failure upon opening.
Shown as connection
bind9.sockstat_RawRecvErr
(gauge)		Number of errors in raw socket receive operations.
bind9.sockstat_TCP4Accept
(gauge)		Number of incoming TCP4 connections successfully accepted.
Shown as connection
bind9.sockstat_TCP4AcceptFail
(gauge)		Number of failures of accepting incoming TCP4 connection requests.
bind9.sockstat_TCP4Active
(gauge)		Number of active TCP4 socket.
Shown as connection
bind9.sockstat_TCP4BindFail
(gauge)		Number of failures of binding TCP4 sockets.
bind9.sockstat_TCP4Close
(gauge)		Number of TCP4 sockets closed.
Shown as connection
bind9.sockstat_TCP4Conn
(gauge)		Number of TCP4 connections established successfully.
Shown as connection
bind9.sockstat_TCP4ConnFail
(gauge)		Number of failures of TCP4 connecting sockets.
bind9.sockstat_TCP4Open
(gauge)		Number of TCP4 sockets opened successfully.
Shown as connection
bind9.sockstat_TCP4OpenFail
(gauge)		Number of TCP4 sockets with a failure upon opening.
Shown as connection
bind9.sockstat_TCP4RecvErr
(gauge)		Number of errors in TCP4 socket receive operations.
bind9.sockstat_TCP4SendErr
(gauge)		Number of errors in TCP4 socket send operations.
bind9.sockstat_TCP6Accept
(gauge)		Number of incoming TCP4 connections successfully accepted.
Shown as connection
bind9.sockstat_TCP6AcceptFail
(gauge)		Number of failures of accepting incoming TCP6 connection requests.
bind9.sockstat_TCP6Active
(gauge)		Number of active TCP6 socket.
Shown as connection
bind9.sockstat_TCP6BindFail
(gauge)		Number of failures of binding TCP6 sockets.
bind9.sockstat_TCP6Close
(gauge)		Number of TCP6 sockets closed.
Shown as connection
bind9.sockstat_TCP6Conn
(gauge)		Number of TCP6 connections established successfully.
Shown as connection
bind9.sockstat_TCP6ConnFail
(gauge)		Number of failures of TCP6 connecting sockets.
bind9.sockstat_TCP6Open
(gauge)		Number of TCP6 sockets opened successfully.
Shown as connection
bind9.sockstat_TCP6OpenFail
(gauge)		Number of TCP6 sockets with a failure upon opening.
Shown as connection
bind9.sockstat_TCP6RecvErr
(gauge)		Number of errors in TCP6 socket receive operations.
bind9.sockstat_TCP6SendErr
(gauge)		Number of errors in TCP6 socket send operations.
bind9.sockstat_UDP4Active
(gauge)		Number of active UDP4 socket.
Shown as connection
bind9.sockstat_UDP4BindFail
(gauge)		Number of failures of binding UDP4 sockets.
bind9.sockstat_UDP4Close
(gauge)		Number of UDP4 sockets closed.
Shown as connection
bind9.sockstat_UDP4Conn
(gauge)		Number of UDP4 connections established successfully.
Shown as connection
bind9.sockstat_UDP4ConnFail
(gauge)		Number of failures of UDP4 connecting sockets.
bind9.sockstat_UDP4Open
(gauge)		Number of UDP4 sockets opened successfully.
Shown as connection
bind9.sockstat_UDP4OpenFail
(gauge)		Number of UDP4 sockets with a failure upon opening.
Shown as connection
bind9.sockstat_UDP4RecvErr
(gauge)		Number of errors in UDP4 socket receive operations.
bind9.sockstat_UDP4SendErr
(gauge)		Number of errors in UDP4 socket send operations.
bind9.sockstat_UDP6Active
(gauge)		Number of active UDP6 socket.
Shown as connection
bind9.sockstat_UDP6BindFail
(gauge)		Number of failures of binding UDP6 sockets.
bind9.sockstat_UDP6Close
(gauge)		Number of UDP6 sockets closed.
Shown as connection
bind9.sockstat_UDP6Conn
(gauge)		Number of UDP6 connections established successfully.
Shown as connection
bind9.sockstat_UDP6ConnFail
(gauge)		Number of failures of UDP6 connecting sockets.
bind9.sockstat_UDP6Open
(gauge)		Number of UDP6 sockets opened successfully.
Shown as connection
bind9.sockstat_UDP6OpenFail
(gauge)		Number of UDP6 sockets with a failure upon opening.
Shown as connection
bind9.sockstat_UDP6RecvErr
(gauge)		Number of errors in UDP6 socket receive operations.
bind9.sockstat_UDP6SendErr
(gauge)		Number of errors in UDP6 socket send operations.
bind9.sockstat_UnixAccept
(gauge)		Number of incoming Unix connections successfully accepted.
bind9.sockstat_UnixAcceptFail
(gauge)		Number of failures of accepting incoming Unix connection requests.
bind9.sockstat_UnixActive
(gauge)		Number of active Unix socket.
Shown as connection
bind9.sockstat_UnixBindFail
(gauge)		Number of failures of binding Unix sockets.
bind9.sockstat_UnixClose
(gauge)		Number of Unix sockets closed.
bind9.sockstat_UnixConn
(gauge)		Number of Unix connections established successfully.
bind9.sockstat_UnixConnFail
(gauge)		Number of failures of Unix connecting sockets.
bind9.sockstat_UnixOpen
(gauge)		Number of Unix sockets opened successfully.
bind9.sockstat_UnixOpenFail
(gauge)		Number of Unix sockets with a failure upon opening.
bind9.sockstat_UnixRecvErr
(gauge)		Number of errors in Unix socket receive operations.
bind9.sockstat_UnixSendErr
(gauge)		Number of errors in Unix socket send operations.
bind9.zonestat_AXFRReqv4
(gauge)		IPv4 AXFR requested.
bind9.zonestat_AXFRReqv6
(gauge)		IPv6 AXFR requested.
bind9.zonestat_IXFRReqv4
(gauge)		IPv4 IXFR requested.
bind9.zonestat_IXFRReqv6
(gauge)		IPv6 IXFR requested.
bind9.zonestat_NotifyInv4
(gauge)		IPv4 notifies received.
bind9.zonestat_NotifyInv6
(gauge)		IPv6 notifies received.
bind9.zonestat_NotifyOutv4
(gauge)		IPv4 notifies sent.
bind9.zonestat_NotifyOutv6
(gauge)		IPv6 notifies sent.
bind9.zonestat_NotifyRej
(gauge)		Incoming notifies rejected.
bind9.zonestat_SOAOutv4
(gauge)		Number of IPv4 SOA queries sent.
Shown as query
bind9.zonestat_SOAOutv6
(gauge)		Number of IPv4 SOA queries sent.
Shown as query
bind9.zonestat_XfrFail
(gauge)		Number of zone transfer requests failed.
Shown as request
bind9.zonestat_XfrSuccess
(gauge)		Number of zone transfer requests succeeded.
Shown as request

Eventos

El check de Bind 9 no incluye ningún evento.

Checks de servicio

bind9.can_connect
Returns OK If Statistics-channel URL of DNS is present in Instance. Returns CRITICAL If URL Errors occurs.
Statuses: ok, critical

Resolución de problemas

Si ves un error de Permission denied (Permiso denegado) durante la monitorización de los archivos de log, da al usuario dd-agent el permiso de lectura sobre ellos.

sudo chown -R dd-agent:dd-agent /var/log/named/

Si necesitas más ayuda, ponte en contacto con el soporte de Datadog.