Collect Data from BIND9 with telegraf and write to InfluxDB v2

1

We tried to get data from BIND9 and write it to InfluxDB v2.

Config of telegraf (installed version: 1.18.3-1 under Debian)

[global_tags]
[agent]
interval = “10s”
round_interval = true
metric_batch_size = 1000
metric_buffer_limit = 10000
collection_jitter = “0s”
flush_interval = “10s”
flush_jitter = “0s”
precision = “”
debug = false
quiet = false
hostname = “”
omit_hostname = false

[[outputs.influxdb_v2]]
urls = [“http//172.16.0.247:8086”]
token = “3IENFtz7MXo44h6crFopAnSKcFPRxFWQZ5oeZiKzP76LoDhMLwOXeKq-ZsqrP0zn1jlA-3thmrHad5R9HYqYfA==”
organization = “Kramski”
bucket = “BIND9”

[[inputs.bind]]
urls = [“http://localhost:8053/json/v1”]

The installed Version of InfluxDBv2: 2.0.6

On InfluxDBv2 i created a Bucket named BIND9 and also an “all access token”

After starting telegraf (on a different host) i got these messages:
Official IP masked with “x”, in the http Link i removed the colon (:), because software says, i can only use 2 links in one posting.

 /usr/bin/telegraf -config /etc/telegraf/telegraf.conf

2021-06-02T09:33:10Z I! Starting Telegraf 1.18.3
2021-06-02T09:33:10Z I! Loaded inputs: bind
2021-06-02T09:33:10Z I! Loaded aggregators:
2021-06-02T09:33:10Z I! Loaded processors:
2021-06-02T09:33:10Z I! Loaded outputs: influxdb_v2
2021-06-02T09:33:10Z I! Tags enabled: host=ns01
2021-06-02T09:33:10Z I! [agent] Config: Interval:10s, Quiet:false, Hostname:“ns01”, Flush Interval:10s
2021-06-02T09:33:20Z E! [outputs.influxdb_v2] When writing to [http://172.16.0.247:8086]: Post “http//172.16.0.247:8086/api/v2/write?bucket=BIND9&org=Kramski”: read tcp x.x.x.x:34380->172.16.0.247:8086: read: connection reset by peer
2021-06-02T09:33:20Z E! [agent] Error writing to outputs.influxdb_v2: Post “http//172.16.0.247:8086/api/v2/write?bucket=BIND9&org=Kramski”: read tcp x.x.x.x:34380->172.16.0.247:8086: read: connection reset by peer

With tcpdump i captured the traffic and could see, the packet arrived on destination and answer packets came back.

What is missing or what have i done wrong?

kind regards!

2

We tried to get data from BIND9 and write it to InfluxDB v2.

Sounds like an intresting idea - please can you tell me more about what data
you are collecting and how you get this out of BIND?

read tcp x.x.x.x:34380->172.16.0.247:8086: read: connection reset by peer

With tcpdump i captured the traffic and could see, the packet arrived on
destination and answer packets came back.

Can you give a bit more detail about what these packets were?

For example, did you get:

x.x.x.x:34380 → 172.16.0.247:8086 SYN
172.16.0.247:8086 → x.x.x.x:34380 SYN ACK
x.x.x.x:34380 → 172.16.0.247:8086 ACK

… several more packets both ways

x.x.x.x:34380 → 172.16.0.247:8086 FIN
172.16.0.247:8086 → x.x.x.x:34380 FIN ACK

Are you at any time seeing a RST packet from one end or the other?

Antony.

3

Dear Antony,

thank you for your kind answer. In the meantime i found out, that the traffic was blocked on application level (on the firewall). Now connection is possible.

I am interessted in

  • queries (sum)
  • several records
  • NXDOMAIN
  • memory

Not everything what BIND9 reports can i see in InfluxDBv2. I am total new for this kind of database.

Setup is done in /etc/bind/named.conf.options

Just insert the follwing block (replace a.b.c.d) with the IP on which the BIND9 is listening. After restart BIND9 ist should work. You can test the results:
“:” replaced by “_”

|Format|Example URL|
|---|---|
|XML v2|http_//localhost:8053|
|XML v2|http_//localhost:8053/xml/v2|
|XML v3|http_//localhost:8053/xml/v3|
|JSON v1|http_//localhost:8053/json/v1|


 statistics-channels {
                inet a.b.c.d port 8053 allow { 127.0.0.1; 172.16.0.150; 172.16.0.107; 172.16.7.1; };
                inet 127.0.0.1 port 8053 allow { 127.0.0.1; };
        };

If you need furthe infos, please let me know.

Again, thank you for your kind and lightning fast answer!