Hollsco Group - DNSCheck

Download DNSCheck (992k)

DNSCheck was written to combat a bug in the Windows build of BIND 9. Under load, it appears that BIND 9 simply stops answering queries on either or both TCP and/or UDP ports, although the service continues to run, so service recovery does not solve the problem.

I tried using other DNS monitoring applications, however most of them monitored the UDP port only. When the BIND's TCP port would hang, the other applications would not detect it. Because the TCP port is usually used for zone transfers, this is a critical problem on a primary or secondary DNS.

I decided to write my own monitor. This monitor does a simple lookup against both the TCP and UDP ports at a preset interval. If it receives no response, it initiates a reset sequence that stops and restarts the DNS server.

Technically this application will work on any Windows-based DNS server, although it was written specifically to combat my BIND 9 problems.

Cost

Nothing. Nada. Zip. Free. Use it if you like it. But should your conscience bother you after using such a fine piece of software without paying for it, and you wish to help support a poor, starving programmer, you might consider clicking this button:

Alternatively, feel free to visit any of these fine sites and spend lots of money at them:

http://www.dynamip.com

http://www.pilotmailings.com

Setup

You will need to configure DNSCheck before you use it. Run the application, and you will see the following screen:

There are several things you need to set up before letting DNSCheck do its thing:

IP Address of DNS Server: The IP address of the DNS server. Duh.
Domain Name to Query: This is one of the domains that the DNS is authoritative for, hopefully. If you're not running as authoritative for any domains, use a common domain, say, microsoft.com.
Query Type: This is the type of query that will be made against the DNS. Default is the "A" record, as shown above. If for some reason you want to change this, you can make it ask for the MX record, or others.
Query Every: How often you want DNSCheck to query the nameserver. It does a TCP query followed by a UDP query. It doesn't really hurt to have DNSCheck do this every 10 seconds, as the CPU overhead required to do two small queries like this is very small.
Timeout After: How long you want DNSCheck to wait before deciding that the DNS server has died. 15 seconds is pretty safe, being that if you haven't got an answer in a second or so, something's really quite wrong.
Commands to Reset DNS: If DNSCheck doesn't receive a response from the DNS server within the timeout period, it decides things have gone wonky and runs these commands. You can specify as many commands here as you wish, one per line. Each command is executed, and DNSCheck waits for the command to finish executing before executing the next command. The default shown above first kills the BIND task, just in case it has hung so badly that the service manager can't stop it. Next it stops the BIND service, which is kind of redundant seeing as we just killed it, but hey, this is for completeness. When that has finished, it starts it again. Hey presto, everything's working once more!
Startup Minimized: If checked, DNSCheck will minimize itself to the icon tray when it is started, by default. Clicking on its icon (a little bog) will bring it back up.
PayPal Donate: This critical button is used to allow the author of DNSCheck to continue to do things he enjoys, such as eat, as well as encouraging the production and release of other quality software.

MAKE SURE YOU PRESS SAVE! None of the settings above take effect until Save is pressed.

Doing Its Thing

The DNSCheck installer does not install DNSCheck into your system startup folder by default, because I hate programs that do that. If you're administrating BIND, you're more than capable of putting it there yourself.

Once it is running, you can force it to check the DNS status by pressing the Check button. When it checks the DNS, it follows this process:

  • Connects to TCP port of server
  • Queries for specified record
  • Waits for response
  • If timeout occurs, shows error, logs error and executes restart routine
  • If response received, displays response data
  • If TCP response received OK, sends UDP query
  • Waits for response
  • If timeout occurs, shows error, logs error and executes restart routine
  • If response received, displays response data

A normal response (DNS running OK) can be seen here:

Note the TCP Result and UDP Result both show OK. The TCP Type and UDP Type should both be the same as the Query Type - which means the DNS server gave back whatever it was asked for. Ans lists the number of response records answering the query, Auth lists the number of response records pointing to an authority, and Addit lists the number of response records holding additional information. If you don't know what that means, then you don't need to concern yourself with these numbers.

Below is an example of a DNS timeout:

In this case, the TCP query timed out after 15 seconds, and the restart sequence was begun. The reason for the timeout is shown in the log window.

FAQ

Q: Can DNSCheck run as a service?
A: No.

Q: Any plans to make DNSCheck run as a service?
A: No.

Q: Can you change DNSCheck so that it....
A: Probably not. But no harm in asking.

DNSCheck is Copyright 2004 Hollsco Group.
This page Copyright 2005 Hollsco Group. All rights reserved.
All specifications subject to change without notice.