I have a small librenms installation, less than 20 devices. Every 5 minutes when polling occurs, librenms hits my DNS server 20-30 times per device, resulting in over 500 hits every poll with less than 20 devices. It’s IPv4, so it’s all A records. It’s not really a problem, just something I thought was weird.
A couple other things I discovered,
If I put an IP address in hostname, librenms sends the IP address to my DNS server for resolution, which obviously returns NxDomain. Polling works fine though.
If I use the hostfile on the librenms system, it still hits my dns server for the resolution, despite already having the information in the hostfile. Again, the DNS server returns NxDomain. The hostfile entries do work as well, but why is it asking the DNS server if it’s available locally?
Just seems odd the way it’s handling DNS requests.
DNS is not ignored in this scenario. It should be, but it isn’t. It absolutely still hits my DNS servers. I can see the non-FQDN entries in the cache on my DNS server.
The hostfile entries do work, as the hostnames are not resolvable by DNS, yet they work in LibreNMS. But it still asks the DNS server to resolve the name, which is the issue.
I also noticed that if you use the device IP address for hostname, it hits the DNS server once per discovery, instead of multiple times per poll. Perhaps the hostfile setup is in a similar boat.
After more testing, using the hostfile is the only good option to avoid the DNS hammering.
DNS requests will still be sent, however. You can intercept these at the DNS server for blocking, or create a primary zone for the target domain so your server repsonds with authoritative.
Depending on what kind of device it is and what kind of options and checks you have configured, behind the scenes, LibreNMS has a lot of stuff going on. It could be doing something directly with its own PHP code, it could be calling the Net-SNMP tools (snmpwalk, snmpget, etc.), if could be calling fping, it could be calling Nagios or Check_MK checks. Each of these would make another dns query and they probably have their own behaviors as to how they handle IPs or hostnames passed to them.
I think the best option is mentioned here…
Basically, set up a small DNS server locally that just does recursive lookups and caching. Then set your server’s OS to use 127.0.0.1 as its DNS server. This mentions pdns-recursor which I’m sure is fine, I’ve been using Unbound which seems to work fine as well.
Save yourself the future headache and don’t use the hosts (ever), just use an central DNS system.
and yes, LibreNMS doesn’t use DNS correctly and ignores the TTL.
my solution is to install dnsmasq on the LibreNMS host who will cash the DNS entry’s as long as the upstream TTL.
Just an simple sudo apt-get install dnsmasq (on debian based systems) is all thead is needed (no config file changes)