Forum Discussion
InfoSec_38553
Nimbostratus
NimbostratusDNS monitor doesn't work
Hi all,
I'm trying to create DNS monitor for my DNS servers.
I used this script:
https://devcentral.f5.com/wiki/AdvDesignConfig.DNSMonitorUsingNSLookup.ashx
I didn't assign any parameter. When I tried to add new pool with this monitor and a member for all services (all ports) I got this message:
The monitor DNS_External_Monitor has a wildcard destination service and cannot be associated with a node that has a zero service.
How to solved this issue?
11 Replies
- nitass
Employee
have you tried to configure alias service port in health monitor configuration page? you have to change configuration from "basic" to "advanced" to see the alias service port setting.
by the way, why don't you configure pool member on port 53 (instead of any port)? 
InfoSec_38553Hi nitass,
I configured alias service port to 53 instead of any port and works find, but still this script monitor dosn't work with me.
I set the followings arguments:
(IP DNS Server) (Port) (Domain) (Excepted String)
I'm not sure what expected string when it is successful.
Thank you.- InfoSec_38553I forget to tell that port 53 not available when add pool member option.
I'm working with version 10.2.3 
Laudec_55181Altostratus
You using a UDP monitor for DNS?- InfoSec_38553Hi Laudec,
I use default monitor settings I think it is TCP. - Laudec_55181Yip, that is probably your issue...DNS runs on UDP...try changing your monitor to UDP...give it a go.
HamishCirrocumulus
Actually you're both right. DNS runs over both TCP and UDP.
UDP by default (Because it's quick and well suited to a short query/response application).
TCP for larger queries (Where the response goes over a 512Byte datagram which used to be around 13 RR's. YMMV), and for zone transfers.
H- InfoSec_38553Thank you all,
I followed the same instruction that written here:
https://devcentral.f5.com/wiki/AdvDesignConfig.DNSMonitorUsingNSLookup.ashx
Monitor Type: External
Arguments: * '' ''
I make empty with no result.
How can I know if this is UDP or TCP? 
Terry_Rodecker_How can I know if this is UDP or TCP?
Basically speaking, UDP is used for lookups (i.e. nslookup, standard dns requests, etc), and TCP is used for zone transfers between DNS servers. Unless you're monitoring a server that you know with 100% certainty that will allow you to do a zone transfer, I'd use UDP.
andreas_4646Has anyone gotten this to work? The TCP/UDP argument here is a red herring, we are calling dig/nslookup from the command line, so its just doing what the script tells it, which is UDP. I can see that it works on the command line just fine:
[andreas@ltm01:Active] config /usr/bin/monitors/dns_test 10.70.24.14 53 www.bigfishgames.com 208.77.152.196
UP
All I can do is assume that the healthcheck is supplying those arguments correctly. Adding some logging I was able to see that the script actually does run against the node:
This dig @${node_ip} ${3}, became this: dig @10.70.24.14 www.bigfishgames.com, which means it got the hostname variable, and inserted that into $1, and also took $3. Now what? It still always marks the nodes down even though the script returns 'UP' (not sure if that is an automatic OK response, but I assume it is)
Any ideas? This seems like it should be a built-in check.
