First, I apologize for:

• I don't speak English very well (and I write it worst)
• This is my first public released code, I am not an expert Perl developer, so the code can be a bit ugly. Suggestions are welcomed

B9agent is a Net-SNMP Perl subagent to monitor a Bind9 DNS Server data as queries in a DNS zone, DNS view global queries, queries by type, number of RR records in cache, and so on.

Basically all that is available through the statistics file provided by Bind9.

The idea started from Turbo Fredriksson http://www.bayour.com/bind9-snmp/, but the problem is that it doesn't support the new Bind9 statistics format. Given the complexity of the code and big changes in the format, I decided to rewrite from scratch a new agent.

• An error occurred while fetching this feed: http://www.l3jane.net/websvn/wsvn/Factory/trunk/B9Agent/?op=rss&isdir=1&

Well, I don't garantee that this will be developed, but are some ideas to keep in mind:

• Fetch DNS data via the XML Statistics Channel.

As this is my first public interesting development and I saw that some people are using it I'll be very grateful to receive some feedback from you.

Obviously:

• Bind >= 9.5.1
• Perl
• NetSNMP

¿I forget something? The script agent uses Data::Dumper for debugging, but you can remove it from the code if you want to avoid install it.

All the files, packed and compressed can be downloaded from this DNS Bind9 SNMP Agent package

The scripts and related files always will be available at the subversion repository, also you can browse the svn repository here

There are som Cacti templates included.

The first thing is to prepare your environment to run the agent. This part is not done by the install.sh script mainly because involves some security settings that change dependening on the system.

This was the hardest part and the main focus of problems. Now, B9Agent avoid setting dangerous permissions to rndc process.

By default, now B9Agent uses a separate cronjob to run rdnc stats each minute and the SNMP agent only needs permission to read the STATS_FILE configured in /etc/snmp/b9agent.conf. This file must be the one configured on named.conf as statistics-file.

If you want to keep the old behaviour (not recommended) to make the agent itself refresh the stats you must configure the path to the rndc binary and set a refresh interval in /etc/snmp/b9agent.conf. And the hard part: setup permissions to make it work

You need to configure Bind9 Server (see Bind9 Manual if you need help) to generate the statistics file and to accept remote commands from rndc.

… at options section:

zone-statistics yes;
statistics-file "/var/cache/bind/dns-stats.log";

… and to accept remote commands:

controls { 
    inet * allow { 127.0.0.1; };
};

Finally the easy part: Install. There is a provided script install.sh to automate this steps. The script basically:

• Copy the Perl module and agent to correct places (now try to detect @INC path from perl installation)
• Generates the MIB
• Generates the default agent configuration
• Configure the SNMP client to load the MIB and show errors
• Configure SNMP agent to load the B9Agent.
• Sets up a cronjob in /etc/cron.d/b9agent-rndc to refresh DNS Bind9 Statistics

Edit the configuration file /etc/snmp/b9agent.conf at your convenience, is very simple and autoexplained.

# Path to RNDC binary
# If not defined, B9agent will NOT refresh rndc stats and will expect
# that the cronjob update dns stats.
RNDC        = /usr/sbin/rndc
# Path to statistics-file configured in named.conf
STATS_FILE  = /var/cache/bind/dns-stats.log
# Debug level
DEBUG       = 0
# Refresh interval (seconds), if 0 B9agent will NOT refresh rndc stats and will expect
# that the cronjob update dns stats.
REFRESH     = 0

Configure SNMP daemon to read the new MIB, editing the /etc/snmp/snmp.conf file and add:

mibDirs +/usr/local/lib/snmp/mibs/
mibs ALL
showMibErrors yes

Verify that works querying for the tree:

# snmptranslate -On -Tp -IR BIND-MIB::bind9MIB
+--bind9MIB(1768)
   |
   +--b9MIBObjects(1)
   |  |
   |  +-- -R-- String    b9Version(1)
   |  |        Textual Convention: DisplayString
   |  |        Size: 0..255
   |  +-- -R-- Integer32 b9NumberZones(2)
   |  +-- -R-- Integer32 b9NumberViews(3)
   |  |
   |  +--b9Globals(4)
   |  |  |
   |  |  +-- -R-- Counter   b9inQueriesA(1)
   |  |  +-- -R-- Counter   b9inQueriesNS(2)
   |  |  +-- -R-- Counter   b9inQueriesMD(3)
     [...]

If you don't see the b9 part on the OIDs, then probably something is misconfigured and you will have problems.

We do a try running the snmpd daemon in some debugging mode. First stop the daemon and in the command line type:

# snmpd -Le -u snmp -I -smux -p /var/run/snmpd.pid -Dperl -f

This way you will see as it loads the MIB, register the agent and from another console you try to do at least one query that falls into the Bind9 MIB (a snmpwalk for example).

If it works, stop it with Ctrl+C and restart as usual.

In the b9agent package, you'll find a subfolder called Cacti with the templates and Data-Queries that I used.

Here are some sample graphs:

The XML Data Queries contain all the OIDs and values supported by the SNMP agent, in my graphs I only use the ones that meet my needs.

??? The agent timeouts If you have restarted the snmpd daemon the agent reads the full rndc-stats file that probably has grown to a huge file. Truncate the rndc-stats file, run rndc stats again.