Icinga2 container making bogus DNS requests to host "mysql"

umanath · September 14, 2020, 2:46pm

Hi Everyone,

We are facing a weird issue on our docker container running Icinga. It is reported that this machine is making a lot of Bogus DNS requests to a host called “mysql”.

I checked all my configurations and I do not see any monitor for host “mysql”. It is reported that the number of these bogus requests goes up to 176K in 24 hrs. All my monitors(less than 100) are configured to run every 5 minutes.

I am not getting any Idea at all about what could be the reason for it. If someone has faced a similar issue or aware of the mistake I am making, I would really appreciate the Help.

nhilverling · September 15, 2020, 7:47am

Hi @umanath,

I have a few questions about your setup, that might help us understand your problem.

which Docker image are you using to run Icinga 2?
are you running Icinga Web 2 within Docker? If yes, which image?
how did you configure Icinga 2 and Icinga Web 2? With config mounted, environment variables or by editing config inside the container?
how did you start the containers? docker run or docker-compose or any other method? (Please provide us those commands or compose files, if possible)

Greetings
Noah

umanath · September 15, 2020, 8:14am

Thank you very much Noah for looking at it.

We have Icinga2, Icinga web2, and mysql within the same container. I had followed a similar approach like this one: https://github.com/jjethwa/icinga2

And running docker container with the docker run command:

docker run
-p 0.0.0.0:8080:80
-p 5665:5665
–hostname
–name
-v data_volume:/var/lib/mysql
-v $(pwd)/msmtp/aliases:/etc/aliases:ro
-v $(pwd)/msmtp/msmtprc:/etc/msmtprc:ro
-v config_volume:/var/lib/icinga2/api
-v $(pwd)/props/dev:/etc/props
–env-file $(pwd)/props/dev/env.list
-d

nhilverling · September 15, 2020, 8:30am

Okay, I can’t really help you without knowing what your container does internally. Does your Icinga Web 2 work and can you see all your hosts/services in there?

umanath · September 15, 2020, 8:32am

Yes Noah, It all works fine.

What is your opinion on exposing a port like this “-p 0.0.0.0:8080:80” rather than “-p 8080:80”

nhilverling · September 15, 2020, 8:50am

That means it can’t be caused by Icinga Web 2 or Icinga 2 trying to connect to MySQL via the wrong hostname.

Is there anything else running in that container that could cause this? Icinga can’t really cause this problem without having checks configured that check MySQL. Do you have any MySQL checks in your monitoring system?

In a default Docker environment “-p 8080:80” should do the same as “-p 0.0.0.0:8080:80”.

umanath · September 15, 2020, 8:59am

Yes, There is “check_mysql” monitor running and it is scheduled to run every 1 minute but now it runs every 30 minutes.

Sample output for the monitor :
“Uptime: 57340 Threads: 9 Questions: 212637 Slow queries: 0 Opens: 117 Flush tables: 1 Open tables: 110 Queries per second avg: 3.708”

nhilverling · September 16, 2020, 9:47am

Did the rate of DNS requests to “mysql” decrease since you increased this check interval to 30 minutes? Maybe there is another “check_mysql” that’s not configured correctly?

umanath · September 25, 2020, 8:40am

Hi Noah,

I was waiting for a response from the team who raised the issue and they reported that they got similar requests to “MySQL” from different servers which do not Icinga running on it so it seems to be a networking issue.

I really appreciate your effort to try to understand the issue, Noah.

nhilverling · September 25, 2020, 10:46am

Hi @umanath,

okay, that explains my confusion.
I’m always happy to help!

Greetings
Noah