DNS lookup failure(s)-juniper-junos

Knowledge
, , ,
#1

DNS lookup failure(s)-juniper-junos

Vendor: juniper

OS: junos

Description:
Indeni will alert if the DNS resolution is not working on the device.

Remediation Steps:
Review the cause for the DNS resolution not working.
|1. On the device command line interface execute the “show system name-server” command to review the DNS configuration.
|2. Run the “show host host-name [host-ip-address]” command to check if DNS is working properly and is reachable.
|3. Ensure that the UDP port 53 is allowed in the firewall rules.
|4. Check the routes to DNS server address.
|5. Review the following article on Juniper tech support site: Reaching a Domain Name System Server.

How does this work?
This script logs into the Juniper JUNOS-based device using SSH and attempts to ping www.indeni.com. In the process of that ping, it also forces the device to resolve “www.indeni.com” to an IP address. A failure to ping www.indeni.com indicates that the DNS server is not responding, or that connectivity to the Internet has been severed.

Why is this important?
Some services on a Juniper JUNOS-based device require a working DNS connection.

Without Indeni how would you find this?
It is not possible to retrieve the status of the DNS connectivity through SNMP and so an administrator would need to write a script to poll their firewalls for the data (force a resolution of a hostname), or simply troubleshoot once an issue occurs.

junos-ping-indeni-com

name: junos-ping-indeni-com
description: check to see if DNS resolution is working
type: monitoring
monitoring_interval: 30 minute
requires:
    vendor: juniper
    os.name: junos
    product: firewall
comments:
    dns-server-state:
        why: |
            Some services on a Juniper JUNOS-based device require a working DNS connection.
        how: |
            This script logs into the Juniper JUNOS-based device using SSH and attempts to ping www.indeni.com. In the process of that ping, it also forces the device to resolve "www.indeni.com" to an IP address. A failure to ping www.indeni.com indicates that the DNS server is not responding, or that connectivity to the Internet has been severed.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        file: ping-indeni-com.remote.1.bash
    parse:
        type: AWK
        file: ping-indeni-com.parser.1.awk

CrossVendorDnsFailure

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/CrossVendorDnsFailure.scala