PowerDNS Recursor

Supported OS Linux Mac OS Windows

Intégration2.1.0

Présentation

Analysez les performances de votre PowerDNS Recursor et surveillez le trafic inhabituel ou préoccupant. Ce check de l’Agent recueille une multitude de métriques issues de vos recursors, vous permettant ainsi de mesurer :

  • Les temps de réponse de vos requêtes : identifiez les requêtes exécutées en moins de 1 ms, 10 ms, 100 ms ou 1 s, ainsi que celles exécutées en plus de 1 s
  • Les requêtes expirées
  • Les hits et miss de cache
  • Le nombre de réponses de chaque type (SRVFAIL, NXDOMAIN, NOERROR)
  • Les paquets ignorés ou perdus

Et bien plus encore.

Configuration

Installation

Le check PowerDNS Recursor est inclus avec le package de l’Agent Datadog : vous n’avez donc rien d’autre à installer sur vos recursors.

Configuration

Préparer PowerDNS

Ce check recueille des statistiques de performance à l’aide de l’API de statistiques de PowerDNS Recursor. Cette API n’est activée par défaut qu’à partir de la version 4.1 de pdns_recursor. Si vous utilisez une version plus ancienne, activez l’API en ajoutant le code ci-dessous au fichier de configuration de votre recursor, par exemple /etc/powerdns/recursor.conf :

webserver=yes
api-key=changeme             # uniquement disponible à partir de la version 4.0
webserver-readonly=yes       # valeur par défaut : no
#webserver-port=8081         # valeur par défaut : 8082
#webserver-address=0.0.0.0   # valeur par défaut : 127.0.0.1

Si vous utilisez pdns_recursor version 3.x, ajoutez le préfixe experimental- à ces noms d’option. Exemple : experimental-webserver=yes.

Si vous utilisez pdns_recursor >= 4.1, définissez simplement le paramètre api-key.

Redémarrez votre recursor pour activer l’API de statistiques.

    Host

    Pour configurer ce check lorsque l’Agent est exécuté sur un host :

    1. Modifiez le fichier powerdns_recursor.d/conf.yaml dans le dossier conf.d/ à la racine du répertoire de configuration de votre Agent. Consultez le fichier d’exemple powerdns_recursor.d/conf.yaml pour découvrir toutes les options de configuration disponibles :

      init_config:

instances:
  ## @param host - string - required
  ## Host running the recursor.
  #
  - host: 127.0.0.1

    ## @param port - integer - required
    ## Recursor web server port.
    #
    port: 8082

    ## @param api_key - string - required
    ## Recursor web server api key.
    #
    api_key: "<POWERDNS_API_KEY>"

    ## @param version - integer - required - default: 3
    ## Version 3 or 4 of PowerDNS Recursor to connect to.
    ## The PowerDNS Recursor in v4 has a production ready web server that allows for
    ## statistics gathering. In version 3.x the server was marked as experimental.
    ##
    ## As the server was marked as experimental in version 3 many of the metrics have
    ## changed names and the API structure (paths) have also changed. With these changes
    ## there has been a need to separate the two concerns. The check now has a key value
    ## version: which if set to version 4 queries with the correct API path on the
    ## non-experimental web server.
    ##
    ## https://doc.powerdns.com/md/httpapi/api_spec/#url-apiv1serversserver95idstatistics
    #
    version: 3

    2. Redémarrez l’Agent.

    Collecte de logs

    1. La collecte de logs est désactivée par défaut dans l’Agent Datadog. Vous devez l’activer dans datadog.yaml :

      logs_enabled: true

    2. Ajoutez l’utilisateur dd-agent au groupe systemd-journal en exécutant la commande :

      usermod -a -G systemd-journal dd-agent

    3. Ajoutez ce bloc de configuration à votre fichier powerdns_recursor.d/conf.yaml pour commencer à recueillir vos logs PowerDNS Recursor :

      logs:
  - type: journald
    source: powerdns

      Consultez le fichier d’exemple powerdns_recursor.d/conf.yaml pour découvrir toutes les options de configuration disponibles.

    4. Redémarrez l’Agent.

    Environnement conteneurisé

    Consultez la documentation relative aux modèles d’intégration Autodiscovery pour découvrir comment appliquer les paramètres ci-dessous à un environnement conteneurisé.

    ParamètreValeur
    <NOM_INTÉGRATION>powerdns_recursor
    <CONFIG_INIT>vide ou {}
    <CONFIG_INSTANCE>{"host":"%%host%%", "port":8082, "api_key":"<CLÉ_API_POWERDNS>", "version": 3}
    Collecte de logs

    La collecte des logs est désactivée par défaut dans l’Agent Datadog. Pour l’activer, consultez la section Collecte de logs avec Kubernetes.

    ParamètreValeur
    <CONFIG_LOG>{"source": "powerdns"}

    Validation

    Lancez la sous-commande status de l’Agent et cherchez powerdns_recursor dans la section Checks.

    Données collectées

    Métriques

    powerdns.recursor.all_outqueries
    (gauge)    		The number of outgoing udp queries per second
    Shown as query
    powerdns.recursor.answers0_1
    (gauge)    		Number of queries per second answered within 1 millisecond
    Shown as query
    powerdns.recursor.answers100_1000
    (gauge)    		Number of queries per second answered within 1 second
    Shown as query
    powerdns.recursor.answers10_100
    (gauge)    		Number of queries per second answered within 100 milliseconds
    Shown as query
    powerdns.recursor.answers1_10
    (gauge)    		Number of queries per second answered within 10 milliseconds
    Shown as query
    powerdns.recursor.answers_slow
    (gauge)    		Number of queries per second NOT answered within 1 second
    Shown as query
    powerdns.recursor.auth4_answers0_1
    (gauge)    		Number of queries per second answered by auth4s within 1 millisecond; Available since pdns_recursor v4.x
    Shown as query
    powerdns.recursor.auth4_answers100_1000
    (gauge)    		Number of queries per second answered by auth4s within 1 second; Available since pdns_recursor v4.x
    Shown as query
    powerdns.recursor.auth4_answers10_100
    (gauge)    		Number of queries per second answered by auth4s within 100 milliseconds; Available since pdns_recursor v4.x
    Shown as query
    powerdns.recursor.auth4_answers1_10
    (gauge)    		Number of queries per second answered by auth4s within 10 milliseconds; Available since pdns_recursor v4.x
    Shown as query
    powerdns.recursor.auth4_answers_slow
    (gauge)    		Number of queries per second NOT answered by auth4s within 1 second; Available since pdns_recursor v4.x
    Shown as query
    powerdns.recursor.auth6_answers0_1
    (gauge)    		Number of queries per second answered by auth6s within 1 millisecond; Available since pdns_recursor v4.x
    Shown as query
    powerdns.recursor.auth6_answers100_1000
    (gauge)    		Number of queries per second answered by auth6s within 1 second; Available since pdns_recursor v4.x
    Shown as query
    powerdns.recursor.auth6_answers10_100
    (gauge)    		Number of queries per second answered by auth6s within 100 milliseconds; Available since pdns_recursor v4.x
    Shown as query
    powerdns.recursor.auth6_answers1_10
    (gauge)    		Number of queries per second answered by auth6s within 10 milliseconds; Available since pdns_recursor v4.x
    Shown as query
    powerdns.recursor.auth6_answers_slow
    (gauge)    		Number of queries per second NOT answered by auth6s within 1 second; Available since pdns_recursor v4.x
    Shown as query
    powerdns.recursor.cache_entries
    (gauge)    		The number of entries in the cache
    Shown as entry
    powerdns.recursor.cache_hits
    (gauge)    		The number of cache hits per second
    Shown as hit
    powerdns.recursor.cache_misses
    (gauge)    		The number of cache misses per second
    Shown as miss
    powerdns.recursor.case_mismatches
    (gauge)    		The number of mismatches in character case per second
    Shown as error
    powerdns.recursor.chain_resends
    (gauge)    		The number of queries per second chained to existing outstanding query
    Shown as query
    powerdns.recursor.client_parse_errors
    (gauge)    		The number of unparsable packets per second
    Shown as error
    powerdns.recursor.concurrent_queries
    (gauge)    		The number of MThreads currently running
    Shown as query
    powerdns.recursor.dlg_only_drops
    (gauge)    		The number of records dropped per second because of 'delegation only' setting; Available since pdns_recursor v4.x
    Shown as record
    powerdns.recursor.dnssec_queries
    (gauge)    		The number of queries received per second with the DO bit set; Available since pdns_recursor v4.x
    Shown as record
    powerdns.recursor.dnssec_result_bogus
    (gauge)    		The number of DNSSEC validations per second that had the Bogus state; Available since pdns_recursor v4.x
    powerdns.recursor.dnssec_result_indeterminate
    (gauge)    		The number of DNSSEC validations per second that had the Indeterminate state; Available since pdns_recursor v4.x
    powerdns.recursor.dnssec_result_insecure
    (gauge)    		The number of DNSSEC validations per second that had the Insecure state; Available since pdns_recursor v4.x
    powerdns.recursor.dnssec_result_nta
    (gauge)    		The number of DNSSEC validations per second that had the NTA (negative trust anchor) state; Available since pdns_recursor v4.x
    powerdns.recursor.dnssec_result_secure
    (gauge)    		The number of DNSSEC validations per second that had the Secure state; Available since pdns_recursor v4.x
    powerdns.recursor.dnssec_validations
    (gauge)    		The number of DNSSEC validations performed per second; Available since pdns_recursor v4.x
    powerdns.recursor.dont_outqueries
    (gauge)    		The number of outgoing queries dropped per second because of 'dont query' setting
    Shown as query
    powerdns.recursor.edns_ping_matches
    (gauge)    		The number of servers per second that sent a valid EDNS PING response; Available since pdns_recursor v4.x
    Shown as host
    powerdns.recursor.edns_ping_mismatches
    (gauge)    		The number of servers per second that sent an invalid EDNS PING response; Available since pdns_recursor v4.x
    Shown as host
    powerdns.recursor.failed_host_entries
    (gauge)    		The number of servers that failed to resolve
    Shown as host
    powerdns.recursor.ignored_packets
    (gauge)    		The number of non-query packets received per second on server sockets that should only get queries; Available since pdns_recursor v4.x
    Shown as packet
    powerdns.recursor.ipv6_outqueries
    (gauge)    		The number of outgoing queries per second over IPv6
    powerdns.recursor.ipv6_questions
    (gauge)    		The number of end-user-initiated IPv6 UDP queries with the RD bit set
    Shown as query
    powerdns.recursor.max_mthread_stack
    (gauge)    		The maximum amount of thread stack ever used
    powerdns.recursor.negcache_entries
    (gauge)    		The number of entries in the negative answer cache
    Shown as entry
    powerdns.recursor.no_error_packets
    (gauge)    		The number of erroneous packets received per second; Available since pdns_recursor v4.x
    Shown as packet
    powerdns.recursor.noedns_outqueries
    (gauge)    		The number of queries per second sent without EDNS; Available since pdns_recursor v4.x
    Shown as query
    powerdns.recursor.noerror_answers
    (gauge)    		The number of NOERROR answers per second
    Shown as operation
    powerdns.recursor.noping_outqueries
    (gauge)    		The number of queries per second sent without EDNS PING; Available since pdns_recursor v4.x
    Shown as query
    powerdns.recursor.nsset_invalidations
    (gauge)    		The number of times per second an nsset was dropped because it no longer worked; Available since pdns_recursor v4.x
    powerdns.recursor.nsspeeds_entries
    (gauge)    		The number of entries in the NS speeds map; Available since pdns_recursor v4.x
    Shown as entry
    powerdns.recursor.nxdomain_answers
    (gauge)    		The number of NXDOMAIN answers per second
    Shown as response
    powerdns.recursor.outgoing4_timeouts
    (gauge)    		The number of timeouts per second for outgoing UDP IPv4 queries; Available since pdns_recursor v4.x
    Shown as timeout
    powerdns.recursor.outgoing6_timeouts
    (gauge)    		The number of timeouts per second for outgoing UDP IPv6 queries; Available since pdns_recursor v4.x
    Shown as timeout
    powerdns.recursor.outgoing_timeouts
    (gauge)    		The number of outgoing UDP query timeouts per second
    Shown as timeout
    powerdns.recursor.over_capacity_drops
    (gauge)    		The number of questions per second dropped due to having reached concurrent query limit
    Shown as query
    powerdns.recursor.packetcache_entries
    (gauge)    		The number of entries in the packet cache
    Shown as entry
    powerdns.recursor.packetcache_hits
    (gauge)    		The number of packet cache hits per second
    Shown as hit
    powerdns.recursor.packetcache_misses
    (gauge)    		The number of packet cache misses per second
    Shown as miss
    powerdns.recursor.policy_drops
    (gauge)    		The number of packets dropped per second because of Lua policy decision
    Shown as packet
    powerdns.recursor.policy_result_custom
    (gauge)    		The number of packets per second that were sent a custom answer by the RPZ/filter engine; Available since pdns_recursor v4.x
    Shown as packet
    powerdns.recursor.policy_result_drop
    (gauge)    		The number of packets per second dropped by the RPZ/filter engine; Available since pdns_recursor v4.x
    Shown as packet
    powerdns.recursor.policy_result_noaction
    (gauge)    		The number of packets per second that were not actioned upon by the RPZ/filter engine; Available since pdns_recursor v4.x
    Shown as packet
    powerdns.recursor.policy_result_nodata
    (gauge)    		The number of packets per second that were replied to with NODATA by the RPZ/filter engine; Available since pdns_recursor v4.x
    Shown as packet
    powerdns.recursor.policy_result_nxdomain
    (gauge)    		The number of packets per second that were replied to with NXDOMAIN by the RPZ/filter engine; Available since pdns_recursor v4.x
    Shown as packet
    powerdns.recursor.policy_result_truncate
    (gauge)    		The number of packets per second that were forced to TCP by the RPZ/filter engine; Available since pdns_recursor v4.x
    Shown as packet
    powerdns.recursor.qa_latency
    (gauge)    		The average latency in microseconds exponentially weighted over past 'latency-statistic-size' packets
    Shown as microsecond
    powerdns.recursor.questions
    (gauge)    		The number of user initiated udp queries per second
    Shown as operation
    powerdns.recursor.real_memory_usage
    (gauge)    		The amount of memory consumed by PowerDNS in bytes; Available since pdns_recursor v4.x
    Shown as byte
    powerdns.recursor.resource_limits
    (gauge)    		The number of queries per second that could not be performed due to resource limits; Available since pdns_recursor v4.x
    Shown as query
    powerdns.recursor.server_parse_errors
    (gauge)    		The number of server replied packets per second that could not be parsed
    Shown as error
    powerdns.recursor.servfail_answers
    (gauge)    		The number of SERVFAIL answers per second
    Shown as response
    powerdns.recursor.spoof_prevents
    (gauge)    		The number of times per second PowerDNS considers itself spoofed and drops data
    powerdns.recursor.sys_msec
    (gauge)    		The number of CPU milliseconds spent in 'system' mode
    Shown as millisecond
    powerdns.recursor.tcp_client_overflow
    (gauge)    		The number of outgoing queries dropped per second because of 'dont query' setting
    Shown as query
    powerdns.recursor.tcp_clients
    (gauge)    		The number of active TCP/IP clients per second
    powerdns.recursor.tcp_outqueries
    (gauge)    		The number of outgoing TCP queries per second
    Shown as operation
    powerdns.recursor.tcp_questions
    (gauge)    		The number of incoming tcp queries per second
    Shown as operation
    powerdns.recursor.throttle_entries
    (gauge)    		The number of entries in the throttle map
    Shown as entry
    powerdns.recursor.throttled_out
    (gauge)    		The number of throttled outgoing UDP queries per second
    Shown as operation
    powerdns.recursor.too_old_drops
    (gauge)    		The number of questions per second that were dropped because they were too old; Available since pdns_recursor v4.x
    Shown as query
    powerdns.recursor.udp_in_errors
    (gauge)    		The number of packets per second that were received faster than the OS could process them; Available since pdns_recursor v4.x
    Shown as packet
    powerdns.recursor.udp_noport_errors
    (gauge)    		The number of UDP packets per second where an ICMP response was received saying the remote port was not listening; Available since pdns_recursor v4.x
    Shown as packet
    powerdns.recursor.udp_recvbuf_errors
    (gauge)    		The number of errors per second caused in the UDP receive buffer; Available since pdns_recursor v4.x
    Shown as error
    powerdns.recursor.udp_sndbuf_errors
    (gauge)    		The number of errors per second caused in the UDP send buffer; Available since pdns_recursor v4.x
    Shown as error
    powerdns.recursor.unauthorized_tcp
    (gauge)    		The number of TCP questions denied per second because of allow-from restrictions
    Shown as operation
    powerdns.recursor.unauthorized_udp
    (gauge)    		The number of UDP questions denied per second because of allow-from restrictions
    Shown as operation
    powerdns.recursor.unexpected_packets
    (gauge)    		The number of unexpected answers per second from remote servers
    Shown as operation
    powerdns.recursor.unreachables
    (gauge)    		The number times per second nameservers were unreachable
    powerdns.recursor.uptime
    (gauge)    		The number of seconds PowerDNS has been running
    Shown as second
    powerdns.recursor.user_msec
    (gauge)    		The number of CPU milliseconds spent in 'user' mode
    Shown as millisecond

    Événements

    Le check PowerDNS n’inclut aucun événement.

    Checks de service

    powerdns_recursor.can_connect
    Renvoie CRITICAL si le check de l’Agent n’est pas capable de se connecter à l’instance Gearman qu’il surveille. Si ce n’est pas le cas, renvoie OK.
    Statuses: ok, critical

    Dépannage

    Besoin d’aide ? Contactez l’assistance Datadog.