Gremlin Docs Logo
Go to app
Quick Start Guides
AWS Quick Start Guide
Reliability Management (RM) Quick Start Guide
Getting Started
Compatibility
Installing the Gremlin Agent
Authenticating the Gremlin Agent
Configuring the Gremlin Agent
Enabling DNS collection
Enabling AWS PrivateLink
Platform
Managing the Gremlin Agent
Updating Gremlin
Managing Users and Teams
Configuring Role Based Access Control (RBAC)
User Authentication via SAML and Okta
Integrations
Health Checks
Notifications
Restricting Testing Times
Command Line Interface
Reports
Reliability Management
Services and Dependencies
Detected Risks
Test Suites
Reliability Tests
Reliability Score
Fault Injection
Targets
Experiments
Scenarios
GameDays
Failure Flags
Failure Flags
Deploying Failure Flags on AWS Lambda
Deploying Failure Flags on AWS ECS
Deploying Failure Flags on Kubernetes
Deploying Failure Flags on the Istio service mesh via Envoy
Installing the Failure Flags SDK
Running Failure Flags experiments
API Reference
Getting started with the Gremlin API
Classes, methods, & attributes
API examples
Security
Security
Container security
Release Notes
General
Linux
Integration Agent for Linux
Windows
Chao
Helm
Failure Flags: Lambda Extension
Failure Flags: Sidecar
Resources
Gremlin User Community SlackBlogTutorialsGlossary
Start your 30 day free trial.
START FOR FREE
Docs Home
Getting Started
Enabling DNS collection

Enabling DNS collection

No items found.

Gremlin can collect information about the DNS queries on the Linux machines where the Gremlin Agent is installed. This DNS query information is a new way to define Services in Gremlin Reliability Management and helps inform Gremlin's Service features.

What is collected?

For every DNS query visible to the Gremlin Agent, Gremlin will collect:

  • container ID
  • hostname in query
  • returned aliases from query
  • returned ip addresses from query

Requirements

Using this feature requires the following:

  • Gremlin Agent version 2.40.1
  • Gremlin Kubernetes Chao version 0.3+
  • Gremlin must run within the PID namespace of the host; for Kubernetes this means setting hostPID=true
  • Gremlin needs the CAP_NET_RAW capability

DNS collection is experimental for Windows. User installation of WinPcap, Npcap, or Win10Pcap is required.

Enable DNS Collection

To enable DNS Collection, use one of the following methods:

  • set GREMLIN_COLLECT_DNS=true in the Gremlin agent environment (by writing to /etc/default/gremlind)
  • set collect_dns: true in /etc/gremlin/config.yaml

Examples

The following sections show examples for enabling DNS Collection on your platform.

Existing installation

SHELL

sudo echo GREMLIN_COLLECT_DNS=true | sudo tee -a /etc/default/gremlind \
  && sudo systemctl restart gremlind

APT

SHELL

echo "deb https://deb.gremlin.com/ release non-free" | sudo tee /etc/apt/sources.list.d/gremlin.list
   && sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 9CDB294B29A5B1E2E00C24C022E8EF3461A50EF6
   && sudo apt update
   && GREMLIN_COLLECT_DNS=true sudo -E apt install gremlin gremlind

YUM

SHELL

sudo curl https://rpm.gremlin.com/gremlin.repo -o /etc/yum.repos.d/gremlin.repo \
  && GREMLIN_COLLECT_DNS=true sudo -E yum install gremlin gremlind

Kubernetes

If you’re upgrading an existing Helm installation of the Gremlin Agent, run the following command with helm upgrade instead of helm install.

SHELL

helm repo add gremlin https://helm.gremlin.com
helm repo update
helm install gremlin gremlin/gremlin \
  --namespace gremlin \
  --set      gremlin.hostPID=true \
  --set      gremlin.collect.dns=true \
  --set      gremlin.secret.managed=true \
  --set      gremlin.secret.type=secret \
  --set      gremlin.secret.clusterID=my-cluster \
  --set      gremlin.secret.teamID=$GREMLIN_TEAM_ID \
  --set      gremlin.secret.teamSecret=$GREMLIN_TEAM_SECRET

Docker

SHELL

docker run -d \
  --net=host \
  --pid=host \
  --cap-add=CAP_NET_RAW \
  -v /var/lib/gremlin:/var/lib/gremlin \
  -v /var/log/gremlin:/var/log/gremlin \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -e GREMLIN_TEAM_ID \
  -e GREMLIN_TEAM_SECRET \
  -e GREMLIN_IDENTIFIER \
  -e GREMLIN_COLLECT_dns=true \
  gremlin/gremlin daemon

Disable DNS Collection

DNS collection is disabled by default. To disable DNS Collection, use one of the following methods:

  • set GREMLIN_COLLECT_DNS=false in the Gremlin agent environment (by writing to /etc/default/gremlind)
  • set collect_dns: false in /etc/gremlin/config.yaml

Examples

The following sections show examples for disabling DNS Collection on your platform.

Existing installation

SHELL

echo GREMLIN_COLLECT_DNS=false | sudo tee -a /etc/default/gremlind \
  && sudo systemctl restart gremlind

APT

SHELL

echo "deb https://deb.gremlin.com/ release non-free" | sudo tee /etc/apt/sources.list.d/gremlin.list \
  && sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 9CDB294B29A5B1E2E00C24C022E8EF3461A50EF6 \
  && sudo apt update \
  && GREMLIN_COLLECT_DNS=false sudo -E apt install gremlin gremlind

YUM

SHELL

sudo curl https://rpm.gremlin.com/gremlin.repo -o /etc/yum.repos.d/gremlin.repo \
  && GREMLIN_COLLECT_DNS=false sudo -E yum install gremlin gremlind

Kubernetes

If you’re upgrading an existing Helm installation of the Gremlin Agent, run the following command with helm upgrade instead of helm install.

SHELL

helm repo add gremlin https://helm.gremlin.com
helm repo update
helm install gremlin gremlin/gremlin \
  --namespace gremlin \
  --set      gremlin.hostPID=true \
  --set      gremlin.collect.dns=false \
  --set      gremlin.secret.managed=true \
  --set      gremlin.secret.type=secret \
  --set      gremlin.secret.clusterID=my-cluster \
  --set      gremlin.secret.teamID=$GREMLIN_TEAM_ID \
  --set      gremlin.secret.teamSecret=$GREMLIN_TEAM_SECRET

Docker

SHELL

docker run -d \
  --pid=host \
  --cap-add=NET_RAW \
  -v /var/lib/gremlin:/var/lib/gremlin \
  -v /var/log/gremlin:/var/log/gremlin \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -e GREMLIN_TEAM_ID \
  -e GREMLIN_TEAM_SECRET \
  -e GREMLIN_IDENTIFIER \
  -e GREMLIN_COLLECT_DNS=false \
  gremlin/gremlin daemon
Configuring the Gremlin Agent
Previous
Previous
Enabling AWS PrivateLink
Next
Next
On this page
Back to top