Config DNS Prometheus/Blackbox_Exporter

1,654 views
Skip to first unread message

Vincent Romero

unread,
Apr 6, 2024, 1:06:01 PM4/6/24
to Prometheus Users
Helo everyone

what is the difference between http_2xx and dns module configuration


I have this example y my config

blackbox.yml
modules:
  http_2xx:
    prober: http
    http:
      preferred_ip_protocol: "ip4"
  http_post_2xx:
    prober: http
    http:
      method: POST
  www.google.com:
    prober: dns
    timeout: 1s
    dns:
      transport_protocol: "udp"
      preferred_ip_protocol: "ip4"
      query_name: "www.google.com"
      query_type: "A"
      valid_rcodes:
        - NOERROR


prometheus.yml
  - job_name: 'blackbox'
    metrics_path: /probe
    params:
      module: [http_2xx]
    static_configs:
      - targets:
        - https://www.google.com
    relabel_configs:
      - source_labels: [__address__]
        target_label: __param_target
      - source_labels: [__param_target]
        target_label: instance
      - target_label: __address__
        replacement: localhost:9115

  - job_name: 'blackbox-dns-monitor'
    scrape_interval: 1s
    metrics_path: /probe
      #params:
      #module: [mindfree.cl]
    relabel_configs:
    # Populate domain label with domain portion of __address__
    - source_labels: [__address__]
      regex: (.*):.*$
      replacement: $1
      target_label: domain
    # Populate instance label with dns server IP portion of __address__
    - source_labels: [__address__]
      regex: .*:(.*)$
      replacement: $1
      target_label: instance
    # Populate module URL parameter with domain portion of __address__
    # This is a parameter passed to the blackbox exporter
    - source_labels: [domain]
      target_label: __param_module
    # Populate target URL parameter with dns server IP
    - source_labels: [instance]
      target_label: __param_target
    # Populate __address__ with the address of the blackbox exporter to hit
    - target_label: __address__
      replacement: localhost:9115

    static_configs:
      - targets:
        - www.google.com:1.1.1.1 #australia cloudflare
         - www.google.com:8.8.8.8 #example other nameserver


So, i will try config a simple DNS resolution for any domain
If i want add other nameserver i need to add other line with the same domain

Why whe i used module http_2xx need simple add the target

Thanks

Brian Candler

unread,
Apr 6, 2024, 1:45:29 PM4/6/24
to Prometheus Users
You're correct that currently the qname is statically configured in the prober config.

A patch was submitted to allow what you want, but hasn't been merged:

You can build blackbox_exporter yourself with this patch applied though.

Vincent Romero

unread,
Apr 9, 2024, 12:19:25 PM4/9/24
to Prometheus Users
i will try make build, with this change

Vincent Romero

unread,
Apr 9, 2024, 5:48:44 PM4/9/24
to Prometheus Users
Hello, this worked

With the new feature with simple domain works, but considered whether the label required adding N domains?

Y try add other domain in the same labels

  - job_name: 'blackbox-dns-monitor'
    scrape_interval: 5s
    metrics_path: /probe
    params:
      module: [dns_probe]
    static_configs:
      - targets:
        - 1.1.1.1 #australia cloudflare
        - 185.228.168.9 #ireland
        labels:
          queryname: www.google.com, www.microsoft.com NOT WORK
          queryname: www.microsoft.com NOT WORK (add line)

Captura de pantalla 2024-04-09 a la(s) 17.44.20.png

Brian Candler

unread,
Apr 10, 2024, 1:47:42 AM4/10/24
to Prometheus Users
One exporter scrape = one probe test and I think that should remain. You can get what you want by expanding the targets (which is a *list* of targets+labels):

  static_configs:
    - targets:
        - 1.1.1.1
        - 185.228.168.9
      labels:
        queryname: www.google.com
    - targets:
        - 1.1.1.1
        - 185.228.168.9
      labels:
        queryname: www.microsoft.com

Conall O'Brien

unread,
Apr 12, 2024, 9:21:57 AM4/12/24
to Brian Candler, Prometheus Users
On Wed, 10 Apr 2024 at 06:47, 'Brian Candler' via Prometheus Users <promethe...@googlegroups.com> wrote:
One exporter scrape = one probe test and I think that should remain. You can get what you want by expanding the targets (which is a *list* of targets+labels):

  static_configs:
    - targets:
        - 1.1.1.1
        - 185.228.168.9
      labels:
        queryname: www.google.com
    - targets:
        - 1.1.1.1
        - 185.228.168.9
      labels:
        queryname: www.microsoft.com

Given the targets, I would strongly suggest using DNS names over raw IP addresses for every scrape. Large providers use geo-aware DNS systems, so the IP numbers change over time for a number of reasons (e.g maintenance, capacity turnup/turndown, etc). Probing raw IPs will not reflect the actual state of the service.
 
--
You received this message because you are subscribed to the Google Groups "Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/74285578-2c0c-48e1-ac85-4ca80cd9bcffn%40googlegroups.com.


--

Conall O'Brien

Brian Candler

unread,
Apr 12, 2024, 9:46:32 AM4/12/24
to Prometheus Users
It's not really related to blackbox_exporter itself, but I don't entirely agree with that comment.

There are two different things at play here: the address you send the query to ("target"), and the name that you are looking up ("queryname").

- For caching resolvers: large providers use anycast with fixed IP addresses, since that's what you have to configure in your client (8.8.8.8, 1.1.1.1 etc). Those target addresses will *never* change.  I think 185.228.168.9 falls into this category too: although you could get to it by resolving "security-filter-dns.cleanbrowsing.org", for a filtered DNS service you'd always be using the IP address directly.

- For authoritative servers: using the nameserver's DNS name (e.g. ns.example.com) more closely reflects what the DNS does during resolution, but makes it harder to work out what's going wrong if it fails. The IP addresses that NS records resolve to can change, but very rarely do (and since it's your own authoritative nameservers, you'll know if you renumber them). Furthermore, in my experience, NS names are never geo-aware: they always return static IPs (although these may point to anycast addresses).

- Geo-aware DNS generally takes place for the user-visible query names (like "www.google.com") and generally are affected by the *source* address where the query is coming from.

Vincent Romero

unread,
Apr 17, 2024, 8:50:39 PM4/17/24
to Prometheus Users
Hello every i change the relabel

y try this

- job_name: '208.67.222.220-opendns' ##REBUILD new blackbox_expoerter
scrape_interval: 5s
metrics_path: /probe
params:
module: [dns_probe]
static_configs:
- targets:
labels:
dns: 208.67.220.220 #australia cloudflare

relabel_configs:
- source_labels: [__address__]
#target_label: __param_target
target_label: __param_hostname
# Populate target URL parameter with dns server IP
- source_labels: [__param_hostname]
target_label: instance
#QUERY
- source_labels: [dns]
#target_label: __param_hostname
target_label: __param_target
# Populate __address__ with the address of the blackbox exporter to hit
- target_label: __address__
replacement: localhost:9115

- job_name: '198.55.49.149-canada' ##REBUILD new blackbox_expoerter
scrape_interval: 5s
metrics_path: /probe
params:
module: [dns_probe]
static_configs:
- targets:
labels:
dns: 198.55.49.149 #canada

relabel_configs:
- source_labels: [__address__]
#target_label: __param_target
target_label: __param_hostname
# Populate target URL parameter with dns server IP
- source_labels: [__param_hostname]
target_label: instance
#QUERY
- source_labels: [dns]
#target_label: __param_hostname
target_label: __param_target
# Populate __address__ with the address of the blackbox exporter to hit
- target_label: __address__
replacement: localhost:9115


with this i can used in target any domain to resolve with labels dns

in the log in blackbox i have this

looking good no? 

Vincent Romero

unread,
Apr 17, 2024, 8:52:45 PM4/17/24
to Prometheus Users
blackbox-dns1.png
log blackbox_exporter sorry

Brian Candler

unread,
Apr 18, 2024, 3:22:05 AM4/18/24
to Prometheus Users
You don't need a separate job for each DNS server. You can have a single job with multiple target blocks.

  - job_name: 'dns'

    scrape_interval: 5s
    metrics_path: /probe
    params:
      module: [dns_probe]
    static_configs:
      - targets:
        - www.google.com
        - www.mindfree.cl
        labels:
          dns: 208.67.220.220 #australia cloudflare
      - targets:
        - www.google.com
        - www.microsoft.com
        labels:
          dns: 198.55.49.149 #canada

    relabel_configs:
    - source_labels: [__address__]
      #target_label: __param_target
      target_label: __param_hostname
    # Populate target URL parameter with dns server IP
    - source_labels: [__param_hostname]
      target_label: instance
    #QUERY
    - source_labels: [dns]
      #target_label: __param_hostname
      target_label: __param_target
    # Populate __address__ with the address of the blackbox exporter to hit
    - target_label: __address__
      replacement: localhost:9115

(Although personally, I would use file_sd_configs for this, so I can edit the targets without having to re-read the prometheus config file).
Reply all
Reply to author
Forward
0 new messages