DNS Server Checks Test

If the DNS server is inaccessible or is unable to provide domain name resolution services, then users may be denied access to their mission-critical servers and applications. Under such circumstances, you may want to quickly check what is stalling the operations of your DNS server, so that the source of the issue can be isolated and eliminated. This test enables you to perform such a check, periodically. To perform this check, this test uses the dcdiag utility that ships with Windows 2003 Support Tools and is built into Windows 2008 R2 and Windows 2008 Server. dcdiag is a command-line tool that encapsulates detailed knowledge of how to identify abnormal behavior in a system. For validating DNS health, the dcdiag utility runs six tests, each of which reports the current state of a critical performance aspect of the DNS server; these DNS tests are as follows:

  1. Authentication: This test is run by default and checks the following:

    • Are domain controllers registered in DNS?
    • Can they be pinged?
    • Do they have Lightweight Directory Access Protocol/Remote Procedure Call (LDAP/RPC)?
  2. Basic: Performs basic DNS tests, including network connectivity, DNS client configuration, service availability, and zone existence.
  3. Forwarders: Performs the Basic tests, and also checks the configuration of forwarders
  4. Delegation: Performs the Basic tests, and also checks for proper delegations
  5. Dynamic Update: Performs the Basic tests, and also determines if dynamic update is enabled in the Active Directory zone
  6. Record Registration: Performs the Basic tests, and also checks if the address (A), canonical name (CNAME) and well-known service (SRV) resource records are registered. In addition, creates an inventory report based on the test results.

The DNS Server Checks test uses the DCDIAG.exe to execute each of the above-mentioned tests at configured intervals, reports the output of each test, promptly captures current/potential DNS failures, and provides detailed diagnostics describing the reasons for the failure. This way, administrators are enabled to troubleshoot DNS-related issues quickly and efficiently. 

Note:

For this test to run, the DCDIAG.exe should be available in the <WINDOWS_INSTALL_dir>\windows\system32 directory of the DNS server to be monitored. The DCDIAG utility ships with the Windows Server 2003 Support Tools and is built into Windows 2008 R2 and Windows Server 2008. This utility may hence not be available in older versions of the Windows operating system. When monitoring the AD server on such Windows hosts, this test will run only if the DCDIAG.exe is copied from the <WINDOWS_INSTALL_dir>\windows\system32 directory of any Windows 2003 (or higher) host in the environment to the same directory on the target host. 

Target of the test : A DNS server

Agent deploying the test : An internal/remote agent

Outputs of the test : One set of results for every test that dcdiag executes.

Configurable parameters for the test
Parameter Description

Test Period

How often should the test be executed.

Host

The IP address of the host for which this test is to be configured.

Port

The port on which the specified host is listening

Domain, UserName, Password, and Confirm Password

In order to execute the DCDIAG command, the eG agent has to be configured with Enterprise Admin privileges. Therefore, specify the domain name and login credentials of a user who has been assigned the Enterprise Admin account in the Domain, UserName and Password text boxes. Confirm the password you provide by retyping it in the Confirm Password text box.

Detailed Diagnosis

To make diagnosis more efficient and accurate, the eG Enterprise suite embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option.

The option to selectively enabled/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:

  • The eG manager license should allow the detailed diagnosis capability
  • Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.
Measurements made by the test
Measurement Description Measurement Unit Interpretation

Status

Reports the output returned by this test.

 

Each test that DCDIAG runs will report one of the following values as the output:

  • Fail
  • Pass
  • Warning

This test will report the same output as the value of the Status measure.

The numeric values that correspond to these outputs are indicated below:

Measure Value Numeric Value
Fail 0
Pass 1
Warning 2

Note:

By default, this measure reports the Output/Measure Values listed in the table above as values of the Status measure. In the graph of the Status measure however, these measure values are represented using their numeric equivalents only - i.e., 0 to 2.

You can use the detailed diagnosis of this measure to view detailed descriptions of failures (if any). This information will help in investigating the reasons for the failure and fixing them.