07-17-2017 12:26 PM
I am evaluating the builtin DNS Health Check tool within the NIOS 7.3 DNS Properties. Stopping the DNS service manually does not cause an error condition. Is anyone aware of a method to simulate an DNS outage and cause the SNMP alert? Thanks.
07-20-2017 04:28 PM
In the admin guide, it says:
"The DNS Health Check monitor might not work properly if DNS blackhole feature is enabled or if any named ACL is blocking the query sent to the loopback interface."
So what I did was:
1. Ensure you have snmp traps enabled and a trap receiver set correctly.
2. Go to DNS settings and went to DNS health check and enabled "resolve additional domain".
3. I also lowered the health check timers just to speed up the process.
4. Finally, in Grid DNS settings, enable blackhole for ANY.
5. Enable packet capture on the appliance.
Immediately after enabling blackhole, i get the syslog message "DNS Health Check failed for 172.16.229.3 (domain www.google.com) with timeout 1 after 1 retries".
As I did a traffic capture on the appliance itself, when I checked the pcap file, sure enough I see the trap sent to my trap destination with this OID: 18.104.22.168.4.1.7722.214.171.124.126.96.36.199 that has a value "107".
If you then look into our admin guide yet again you see that this corresponds to " (188.8.131.52.2.4.0) ibProbableCause" and the value of 107 corresponds to "ibDnsHealthCheckFailed: The DNS health check has failed."
Looks good to me!
10-10-2019 01:50 AM
Is DNS Health Check Infoblox could check the health name server of other device that we set in Infoblox? like we set the delegation zone and there's a few name server, can infoblox check the health of that name server service?
10-10-2019 04:36 AM
The DNS health check is to monitor the local DNS server to see if the service is still available, not to monitor other DNS servers. Please also review the "Enabling and Disabling DNS Health Check Monitor" chapter in the NIOS admin guide. Thank you.
Escalations Engineer EMEA
08-11-2020 05:12 PM
Is there any impact to DNS service when DNS health check is enabled?
In case it is not able to get response for a domain, will it mark DNS service down on that member? or just send the snmp trap and email?