Monitoring Domain Servers and DNS Records

Download this manual as a PDF file

Domain-name monitoring policies allow you to monitor the availability and lookup time for a specific domain-name server and a specific record on a domain name server.

SL1 will send a request to the domain-name server asking the domain-name server to search a specified DNS record for the specified text string. If the domain-name server responds, SL1 considers the server "available".

SL1 also monitors the amount of time it takes for the domain-name server to respond and collects this data to calculate and graph lookup time.

For each domain name policy, SL1 will collect data and create trend reports.

Use the following menu options to navigate the SL1 user interface:

  • To view a pop-out list of menu options, click the menu icon ().
  • To view a page containing all the menu options, click the Advanced menu icon ().

This section includes the following topics:

Viewing the List of Domain Name Monitoring Policies

You can view a list of domain name policies from the Domain Name Monitoring page (Registry > Monitors > Domain Name). The Domain Name Monitoring page displays the following about each domain name monitoring policy:

  • Domain/Zone Name. Domain or zone name of the domain being monitored by the policy.
  • Name Server. Name server being monitored by the policy.
  • Policy ID. Unique, numeric ID, assigned to the policy automatically by SL1.
  • State. Whether the policy is enabled or disabled.
  • Device Name. Name of the device associated with the policy.
  • IP Address. IP address of the device associated with the policy. This is the IP address SL1 uses to communicate with the device.
  • Device Category. Device category of the device associated with the policy.
  • Organization. Organization for the device associated with the policy.

From the list of policies, you can select the checkbox for one or more policies and choose one of the following bulk actions from the Select Action drop-down at the bottom right of the page:

  • Delete Monitors. Deletes the selected policies from SL1. The associated reports (from the Device Reports > Performance tab) are also deleted.
  • Enable Monitors. Enables the selected policies so that SL1 can collect the data for these policies.
  • Disable Monitors. Disables the selected policies. SL1 will not collect the data specified in these policies.

Filtering the List of Domain Name Monitoring Policies

You can filter the list of policies on the Domain Name Monitoring page by one or more parameters. Only policies that meet all the filter criteria will be displayed in the Domain Name Monitoring page.

To filter by parameter, enter text into the desired filter-while-you-type field. The Domain Name Monitoring page searches for policies that match the text, including partial matches. By default, the cursor is placed in the left-most filter-while-you-type field. You can use the <Tab> key or your mouse to move your cursor through the fields. The list is dynamically updated as you type. Text matches are not case-sensitive.

You can also use special characters to filter each parameter.

Filter by one or more of the following parameters:

  • Domain/Zone Name. You can enter text to match, including special characters, and the Domain Name Monitoring page will display only policies that act upon a matching domain name or zone name.
  • Name Server. You can enter text to match, including special characters, and the Domain Name Monitoring page will display only policies that act upon a matching name server.
  • Policy ID. You can enter text to match, including special characters, and the Domain Name Monitoring page will display only policies that have a matching policy ID.
  • Device Name. You can enter text to match, including special characters, and the Domain Name Monitoring page will display only policies aligned with a device with a matching device name.
  • IP Address. You can enter text to match, including special characters, and the Domain Name Monitoring page will display only policies aligned with a device with a matching IP address.
  • Device Class. You can enter text to match, including special characters, and the Domain Name Monitoring page will display only policies aligned with a device with a matching device class.
  • Organization. You can enter text to match, including special characters, and the Domain Name Monitoring page will display only policies that have a matching organization.

Defining a Monitoring Policy for a Domain Name

You can define a domain name monitoring policy for a device on the Monitors tab of the Device Investigator.

To define a domain name monitoring policy:

  1. Go to the Devices page and click the Device Name of the device for which you want to define a domain name monitoring policy. The Device Investigator displays.

  1. Click the Monitors tab.

  1. Click Create, and then select Create Domain Name Policy. The Create Domain Name Policy modal appears:

  1. In the Create Domain Name Policy modal, supply a value in each of the following fields:
  • Select Device. Select a device from the drop-down list to align with this policy. By default, the current device is selected in this field.

NOTE: Before you can define a domain name policy, you must decide which managed device you want to associate with the policy. You might want to associate the policy with the DNS you will be monitoring with the policy, but you aren't required to do so. The requests to the DNS will be sent from an SL1 appliance, but you must still associate the policy with a device.

  • Domain Name. Name of the domain you want to monitor with this policy.
  • Name Server IP Address. IP address of the name-server device you want to monitor with this policy. SL1 will use this IP address to communicate with the name-server.
  • Record Type. Type of DNS record you want to check for availability and lookup speed.
  • Timeout. Number of seconds SL1 should wait for a response from the DNS. If SL1 does not receive a response message after the specified number of seconds, SL1 generates an event.
  • Result Match. Text string to search for. SL1 will search the selected DNS record for this string. You can enter either a string that should always appear in the specified record or you can enter a string that you do not want to appear in this record (that is, a string that indicates an illicit entry).

  • Alert if Found. You can use this field in one of two ways: generate an event when the normal content is not found in a record or generate an event when illicit content is found in a record. The resulting event is of severity "Major" and has the message "DNS expression match failure". Your choices are:
  • Yes. Use this setting to look for illicit content in a DNS record.
    • If SL1 finds the illicit string (specified in the Result Match field), SL1 will generate an event.
    • If SL1 does not find the illicit string (specified in the Result Match field), SL1 will not generate an event.
  • No. Use this setting to ensure that a DNS record contains the expected content.
    • If SL1 finds the expected string (specified in the Result Match field), SL1 does not generate an event.
    • If SL1 does not find the expected string (specified in the Result Match field), SL1 generates an event.

  • State. Specifies whether SL1 should start collecting data specified in this policy from the device. Choices are:
  • Enabled. SL1 will collect the data specified in this policy, from the device, at the frequency specified in the Process Manager page (System > Settings > Admin Processes) for the Data Collection: DNS Policy Monitoring process.
  • Disabled. SL1 will not collect the data specified in this policy, from the device, until the State field is set to Enabled.

  1. Click Save.

Example Policy for Domain Name

  • In this policy, we associated the device "device_1" with our policy.
  • On the name server 192.168.10.21, we searched for the domain "docmail.sciencelogic.com". Specifically, we searched the "A" record for the domain.
  • We expect the "A" record to include the IP address "192.168.10.201" (this is the IP address of the device "device_1").
  • If the "A" record doesn't exist or doesn't include the specified IP address, SL1 will generate an event.

Defining a Monitoring Policy for a Domain Name in the Classic SL1 User Interface

There are two places in SL1 from which you can define a monitoring policy for a domain name:

  • From the Device Manager page (Devices > Device Manager):
  • In the Device Manager page, find the device that you want to associate with the monitoring policy. Select the wrench icon () for the device.
  • In the Device Administration panel, select the Monitors tab.
  • From the Create menu in the upper right, select Create Domain Name Policy.

Or:

  • From the Domain Name Monitoring page (Registry > Monitors > Domain Name):
  • Go to the Domain Name Monitoring page.
  • Click the Create button.
  • The Create Domain Name Policy modal page appears.

For information about completing the fields in the System Process Policy modal page, see the section on Defining a Monitoring Policy for a Domain Name.

Editing a Monitoring Policy for a Domain Name

To edit a domain name monitoring policy:

  1. Go to the Devices page and click the name of the device for which you want to edit a monitoring policy. The Device Investigator displays.
  2. Click the Monitors tab.
  3. Find the policy you want to edit and click its wrench icon (). The Domain Name Policy modal appears.
  4. In the Domain Name Policy modal, you can change the values in one or more of the fields described in the section on Defining a Monitoring Policy for Domain Names.
  5. Click Save.

Editing a Monitoring Policy for a Domain Name in the Classic SL1 User Interface

There are two places in SL1 from which you can edit a monitoring policy for a domain name:

  1. From the Device Manager page (Devices > Device Manager):
  • In the Device Manager page, find the device that you want to associate with the monitoring policy. Click the wrench icon () for the device.
  • In the Device Administration panel, click the Monitors tab.
  • In the Monitoring Policies page, find the policy you want to edit and click its wrench icon ().

Or:

  1. From the Domain Name Monitoring page (Registry > Monitors > Domain Name):
  • In the Domain Name Monitoring page, find the policy you want to edit and click that policy's wrench icon ().
  1. The Domain Name Policy modal appears.
  2. In the Domain Name Policy modal, you can change the values in one or more of the fields described in the section on Defining a Monitoring Policy for Domain Name.
  3. Click Save.

Executing the Domain Name Monitoring Policy

After creating or editing a domain name monitoring policy, you can manually execute the policy and view detailed logs of each step during the execution.

NOTE: After you define a domain name monitoring policy and enable the policy, SL1 will automatically execute the policy every five minutes. However, you can use the steps in this section to execute the policy immediately and see debug information about the execution of the policy.

To execute a domain name monitoring policy:

  1. Go to the Devices page and click the name of the device for which you want to execute the monitoring policy. The Device Investigator displays.
  2. Click the Monitors tab.
  3. Find the policy you want to run manually and click its lightning bolt icon ().
  4. The Session Logs modal opens while the policy is executing. The Session Logs page provides detailed descriptions of each step during the execution. This is helpful for diagnosing possible problems with a policy.

Executing the Domain Name Monitoring Policy in the Classic SL1 User Interface

To execute a domain name monitoring policy in the classic SL1 user interface:

  1. In the Domain Name Monitoring (Registry > Monitors > Domain Name) page, find the policy you want to run manually.
  2. Click the lightning bolt icon () to manually execute the policy.
  3. While the policy is executing, SL1 opens a modal called Session Logs. The Session Logs page provides detailed descriptions of each step during the execution. This is helpful for diagnosing possible problems with a policy.

Deleting a Domain Name Policy

You can delete a domain name policy from the Monitors tab of the Device Investigator. When you delete a monitoring policy, SL1 no longer uses the policy to collect data from the aligned device. Deleting a monitoring policy will also remove all data that was previously collected by the policy.

To delete a domain name monitoring policy:

  1. Go to the Devices page and click the name of the device for which you want to delete the monitoring policy. The Device Investigator displays.
  2. Click the Monitors tab.
  3. Find the policy you want to delete and click its bomb icon (). A confirmation prompt appears.
  4. Click OK.

Deleting a Domain Name Policy in the Classic SL1 User Interface

You can delete one or more domain-name policies from the Domain Name Monitoring page. When you delete a monitoring policy, SL1 no longer uses the policy to collect data from the aligned device. Deleting a monitoring policy will also remove all data that was previously collected by the policy.

To delete a domain name monitoring policy in the classic SL1 user interface:

  • Go to the Domain Name Monitoring page (Registry > Monitors > Domain Name).
  • In the Domain Name Monitoring page, select the checkbox(es) for each domain name policy you want to delete. Click the checkmark icon () to select all of the domain-name monitoring policies.
  • In the Select Action menu in the bottom right of the page, select Delete Monitors.

  • Select the Go button to delete the selected domain name monitoring policies.
  • The policy is deleted from SL1. The associated reports (from the Device Reports > Performance tab) are also deleted.

Viewing Reports for a Domain Name Monitoring Policy

See the section Viewing Performance Graphs to view information and examples of reports for domain name monitoring.

See Also

Reports