B4L/cnx-network-clan
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add blackbox exporter for outside-in DNS probes

Browse Source 
control runs blackbox_exporter on loopback, probing each nameserver's
public v4+v6 address for every zone: SOA (zone served) and DNSKEY (still
signed, since blackbox has no DO-bit option). Probe definitions are
shared between the exporter config and the VictoriaMetrics scrape jobs
so they can't drift. Verified live against ns1/ns2 over v4 and v6.
This commit is contained in:
Berwn
2026-06-17 15:37:45 +07:00
parent 0544bf95e5
commit 54f607d063
6 changed files with 154 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/src/monitoring.md
+5
View File
@@ -9,6 +9,11 @@ Metrics and dashboards live on `control`, reachable only over the ZeroTier mesh.
(`modules/monitoring/exporters.nix`).
- **knot-exporter** (`:9433`) on `ns1`/`ns2` only — reads Knot's control socket,
fed by the `mod-stats` module (query/response counters per zone).
- **blackbox_exporter** (`127.0.0.1:9115`) on `control` only — outside-in DNS
probes. For every zone it queries each nameserver's **public** address (v4 and
v6) for SOA (is the zone served?) and DNSKEY (is it still signed?). This is the
resolver's-eye view that the Knot stats can't see. Probe definitions are shared
between the exporter and the scrape jobs in `modules/monitoring/blackbox-probes.nix`.
## Storage & scraping