Monitoring DNS-Client Response

Did you already try the WMI Service Sensor? Or are you not talking about the DNS Server running on HyperV. How would a non-working DNS service look in combination with HyperV?

Kind regards,
Stephan Linke, Tech Support Team

Hi Stephan,

that's what I've been looking for. Thank you for your help.

Best Regards, Jonathan Switlinski

Is there a way by which you can monitor the DNS response that the PRTG server itself gets? By default, the DNS v2 sensor monitors the actual DNS server. I am asking this since I have a Pi-hole acting as a DNS server in my home network and I want to ensure that specific domains are blocked (redirecting to 0.0.0.0).

PRTG is installed on a different machine than the DNS server, and I would like to compare the DNS resolution result that the PRTG server itself gets. Is this possible in some way or another?

Hello Warren,

Thank you for your message.

Regarding your question, you have the possibility to check what are the IP addresses resolved by PRTG for the network traffic by using the Packet Sniffer sensor. Here is the manual of the sensor: https://www.paessler.com/manuals/prtg/packet_sniffer_header_sensor

However, to simply make sure that all devices on your network use the Pi-Hole DNS server, you have to configure the DHCP server (usually on the ISP router) to provide the IP address of Pi-Hole.

Regards.

Thanks for your reply. I will check whether I can do something with the Packet Sniffer sensor mentioned.

I have NAT rules on my MikroTik router in order for all DNS traffic to be routed through the Pihole. This is done while the DHCP and DNS settings for clients are configured to point to the router (192.168.1.1), the latter of which forwards DNS traffic to the Pihole. However there may be instances where I disable those rules on purpose (for testing, etc), and hence DNS requests would be served through the ISP rather than Pihole at that time. I am checking if through PRTG monitoring, I can get to know if I happen to forget to re-enable those rules, since blocked domains would be resolving to their actual IP addresses rather than 0.0.0.0.

Update - I managed to implement this through a Custom Powershell script which performs a DNS query and checks result. Execution policy set to bypass with: Set-ExecutionPolicy bypass

$DNSName = "mobile.pipe.aria.microsoft.com"
$DNSResult = [System.Net.Dns]::Resolve($DNSName).AddressList
if ($DNSResult -contains "0.0.0.0") {
write-host "0:Domain blocked via Pi-hole"
}

if ($DNSResult -ne "0.0.0.0") {
write-host "1:Domain not blocked via Pi-hole"
}

Hello Warren,

Thank you very much for your feedback.

To resolve DNS name, you can use the cmdlet Resolve-DnsName as well.

Have a nice day.

Regards.