Skip to main content

mom: monitoring dns synthetically...

update: this script has been rewritten.  please refer to this post.

 

background. let me start off by posing a question. have you looked at the dns mp? look closely. there are no synthetic tests. why is it that management packs like these are service-centric?

my dns service hums right along... yet problems exist.  i'm not going to expatiate on the necessity of needing transaction-based monitoring. there are whole companies built around this philosophy. it does seem troubling to me though that the cornerstone of active directory is a healthy dns... yet the dns mp contains no such necessary rule. anyway, enough about that.

foreground. i wrote a script to monitor dns. it doesn't monitor the health or catch events. you've already got all that. it simply runs a nslookup command for a list of hostnames and returns errors, if there are any. it lacks any elegance or sophistication (not that you're used to that in my scripts). maybe you noticed. maybe you didn't.

i stated above that it issues nslookup commands. you may be thinking, why nslookup when you could query records through wmi? well, simple... that'd be too easy. seriously, the reason is that there was a time in the past where the dns service hung (no, mom didn't catch that either). i couldn't query anything with nslookup. however, issuing commands against wmi still continued to work. hmmmm. i guess for that reason i'm a little leery about using wmi. besides, using nslookup seems like it more closely resembles what someone might be doing. i would prefer dig, but nslookup seems quite ubiquitous in the windows world. the script has two parameters you'll need to setup:

  • HostNames - accepts a comma-delimited list of hosts to query
  • LogSuccessEvent - boolean value to log on success
should be self-explanatory. "DNS Synthetic Script" is the source. these are the event id values to pick up in any cooresponding alert rule:
  • 41000 - no hostnames defined
  • 41001 - lookup failed for
  • 41002 - successfully looked up
get the script here: i've posted the script at the other two locations. sooner or later they'll post them.
marcusoh.blogspot.com
Labels:

Comments

  1. Anonymous5/17/06, 10:39 PM

    Now available at MOMResources.org

    http://momresources.org/momscripts/mom_dns_lookup.txt

    Thanks Marcus!

    ReplyDelete

Post a Comment

Popular posts from this blog

using preloadpkgonsite.exe to stage compressed copies to child site distribution points

UPDATE: john marcum sent me a kind email to let me know about a problem he ran into with preloadpkgonsite.exe in the new SCCM Toolkit V2 where under certain conditions, packages will not uncompress.  if you are using the v2 toolkit, PLEASE read this blog post before proceeding.   here’s a scenario that came up on the mssms@lists.myitforum.com mailing list. when confronted with a situation of large packages and wan links, it’s generally best to get the data to the other location without going over the wire. in this case, 75gb. :/ the “how” you get the files there is really not the most important thing to worry about. once they’re there and moved to the appropriate location, preloadpkgonsite.exe is required to install the compressed source files. once done, a status message goes back to the parent server which should stop the upstream server from copying the package source files over the wan to the child site. anyway, if it’s a relatively small amount of packages, you can
11 comments
more »

How to Identify Applications Using Your Domain Controller

Problem Everyone has been through it. We've all had to retire or replace a domain controller at some point in our checkered collective experiences. While AD provides very intelligent high availability, some applications are just plain dumb. They do not observe site awareness or participate in locating a domain controller. All they want is the name or IP of one domain controller which gets hardcoded in a configuration file somewhere, deeply embedded in some file folder or setting that you are never going to find. How do you look at a DC and decide which applications might be doing it? Packet trace? Logs? Shut it down and wait for screaming? It seems very tedious and nearly impossible. Potential Solution Obviously I wouldn't even bother posting this if I hadn't run across something interesting. :) I ran across something in draftcalled Domain Controller Isolation. Since it's in draft, I don't know that it's published yet. HOWEVER, the concept is based off
3 comments
more »

sccm: content hash fails to match

back in 2008, I wrote up a little thing about how distribution manager fails to send a package to a distribution point . even though a lot of what I wrote that for was the failure of packages to get delivered to child sites, the result was pretty much the same. when the client tries to run the advertisement with an old package, the result was a failure because of content mismatch. I went through an ordeal recently capturing these exact kinds of failures and corrected quite a number of problems with these packages. the resulting blog post is my effort to capture how these problems were resolved. if nothing else, it's a basic checklist of things you can use.   DETECTION status messages take a look at your status messages. this has to be the easiest way to determine where these problems exist. unfortunately, it requires that a client is already experiencing problems. there are client logs you can examine as well such as cas, but I wasn't even sure I was going to have enough m
3 comments
more »