Jump to content

DNS Forwarder Monitoring

Recommended Posts

This monitor is designed to check the health of your DNS Server Forwarders.

Copy "DNSForwarderCheck.vbs" to your LTShare\Transfer\Monitors\ folder. Import the SQL file in Control Center -> Tools -> Import -> SQL File.

This will create a group monitor on the "Windows DNS Servers" group under "Service Plans\Windows Servers\Server Roles\Windows Servers Core Services". The monitor action will be "Default - Raise Alert".

Here are a couple of examples of Servers with underperforming DNS Forwarders.


20180119 - Updated DNSForwarderCheck.vbs to support additional delimiters and corrected additional date handling issues for better International support
20180213 - Updated to perform all lookups in PARALLEL. Intermittent WAN issues should affect the lookups equally. Removed dependency on dnscmd.exe
to learn Forwarder IP's, now works with foreign language installations of Windows Server.

Once you identify issues, use a tool like GRC DNS Benchmark to identify what your best server choices are. https://www.grc.com/dns/benchmark.htm

The attachment has been moved. See https://www.labtechgeek.com/files/file/21-dns-forwarder-check/


  • Thanks 11
Link to post
Share on other sites
  • Gavsto pinned this topic

I got some fantastic intelligent out of this Darren, thank you. If you're reading this and wondering whether you should implement this you absolutely should. I found two clients where the primary DNS forwarder was failing, fixing this sped up their internet considerably.

  • Like 3
  • Thanks 1
Link to post
Share on other sites
  • 2 weeks later...
  • 2 weeks later...
  • 2 weeks later...

UPDATE: Cancel that... Windows Server 2003 :$

I am seeing the following error on one agent. All the rest are working perfectly. Thank you Darren!

C:\WINDOWS\LTSvc\DNSForwarderCheck.vbs(6, 1) WshShell.Exec: The system cannot find the file specified.


Edited by nedgeworth
Further info
Link to post
Share on other sites

I’m not looking at the script, but I believe it requires dnscmd.exe. I would suspect that either it is an optional component in 2003 and isn’t installed, or it is not being found in the system %PATH% variable. Once it discovers the forwarders I believe it uses nslookup.exe, so that will need to be in the path as well. 

Link to post
Share on other sites
  • 1 month later...
  • 2 months later...
  • 1 year later...

Thought I'd try it.  Imported the SQL before looking, and we don't have that group so CWA decided to create the remote monitor on group 706, Script Control.Computers that need Office updating disabled which is a custom group.  (and I'm aware CWA can do that with imports, should have remembered earlier) It's the last group in the mastergroups table.  Possibly it's assuming Ignite is installed?  Our "Server Roles\Server Role - Windows DNS Servers" search is empty (no PCs) as well.

Link to post
Share on other sites
  • 8 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...