5.6. Unexpected uses

The data gathered by this application proved to have two additional uses that were not expected. The first of these proved to have significant use on campus.

5.6.1. DNS dead wood

One of the problems associated with maintaining a large network is management of entries in the Domain Name System (DNS). As the network evolves, new machines are assigned DNS records and old machines cease to exist. A good DNS management policy needs to take this in to account.

While provision is made for the addition of records at Rhodes, historically entries have never been removed from the DNS database after they cease to be useful. One of the main reasons for this is that, while people are compelled to approach the DNS administrator to get a new registration, they often neglect to inform him when the registration is no longer requires.

Over the years a significant amount of dead wood has built up in Rhodes' DNS database to the point where there are now in excess of 4500 entries in the database, serving a little over 3000 hosts. This means approximately a third of the entries in Rhodes' DNS database are no longer used.

Since the application described in this chapter has been gathering information on what hosts are accessible on Rhodes' network, the data it has acquired can be used to prune some of the dead wood from the DNS database. Any host with a record in the database that has not responded to at least one ICMP echo request within the last thirteen months is almost certainly no longer in use, and any host that has not responded in the current year is also probably no longer valid.

A list of hosts together with the last date on which they were seen was extracted from the MySQL database used by this application. This list was compared with the list of hosts currently in the DNS database to produce a new list of hosts that had not been seen within the specified time period. This list was analysed to remove any obviously erroneous records (such as subnet network addresses), and was then given to the Systems staff to further analyse before they removed the old records from the DNS database.

This falls under configuration management of the OSI model.

5.6.2. Uptime indication

Many network administrators strive for the much touted "Five Nines", or 99.999% availability [Pitt Turner, 2001]. This application provides a way to measure the network availability component since it keeps a record of every time a host responds to an ICMP echo request. In other words, it keeps a record of the availability of every host on the network. This availability can be calculated for any host in the database over a given time period.

Obviously an accurate availability measurement requires that the machine is constantly monitored, rather than tested every half an hour as this application does. Such a measurement also requires that the monitoring machine be available all the time. Both these requirements are unrealistic in terms of this application, but that does not prevent the application from providing an "educated guess" of the availability of a host.

There are two availability figures that can be calculated from the information in the MySQL database. The first is a theoretical availability — that is a calculation of the number of times a particular host should have theoretically been seen in any given time period compared to the actual count of the number of times it was seen in that period. This approach does not take into account any times the monitoring machine was unable to query the host, and so is the less accurate method.

A more accurate way of calculating this relies on the fact that, while it is querying the availability of hosts on the network, the monitoring application queries the availability of the machine on which it is running. Since packets destined for the local host are passed through the loop-back device rather than being passed over the network, it can assumed that this query is always successful. If the number of times the monitoring machine was visible is compared to the number of times the host in question was visible over any given time period, the result is a measurement of the actual availability of the host.

As a performance management application, these methods of determining the network availability of specific hosts on the network may provide systems administrators with useful information when tracing faults or determining which of their machines are the most reliable. The network availibility of hosts also provides an indicator of how well particular systems are adhering to service level agreements.