Maintaining DNS Sanity with Hawk

  Greg Heim

If you are a DNS administrator for anything more than a few dozen hosts, it’s easy for your database to get out of sync with what’s really on your network. The GPL software tool, Hawk, is designed to help administrators track which hosts in DNS are really on your network and, just as importantly, which hosts are on your network but not in DNS. Hawk can help take the mystery out of DNS maintenance, resulting in a much cleaner, up-to-date database.

Hawk consists of three components: a monitor written in Perl, a MySQL database backend, and a PHP Web interface. The monitor periodically checks whether hosts on your network appear in DNS and are answering on your network. It checks for existence on the network by way of an ICMP ping. I mention ICMP because by default, the Perl Net::Ping module “pings” by attempting a UDP connection to a host’s echo port. With the various types of hosts possible on a typical network, this is probably not desirable. As each IP address on your network is polled, the monitor records or updates in the database the current IP address and the hostname, if one exists. If the ping is successful, this timestamp is also recorded in the database.

The Hawk interface consists of a Web page that allows you to choose which “network” to view and how to sort the results. You can also choose whether to view addresses that are neither in DNS nor have responded to pings. These are typically uninteresting, so by default they are not displayed. Each host displayed on the page has a hostname (if available), a last ping time, and a colored “LED” indicating the current status of the address. The LED color will indicate one of five states:

Green — Address exists in DNS, and is currently answering pings.

Yellow — Address exists in DNS, but has not answered in more than 24 hours (configurable).<>