[Xymon] Modernizing the DNS check
Adam Goryachev
mailinglists at websitemanagers.com.au
Fri Jan 10 01:02:38 CET 2014
On 08/01/14 19:39, Henrik Størner wrote:
> Den 08-01-2014 06:07, Jeremy Laidman skrev:
>> On 8 January 2014 13:44, Mark Felder <feld at feld.me
>> <mailto:feld at feld.me>> wrote:
>>
>> The question here is "Are the publicly accessible NS servers in a
>> consistent functional state?". The goal is not to validate the data.
>>
>>
>> So, I suppose the "object" you're trying to watch is the
>> "NS" consistency state of the zone. So yes, you'd alert against the
>> zone name such as what you've shown in your hosts.cfg example.
>
> Testing this would essentially do
>
> dig example.com ns
> <grab the list of dns servers>
> dig @ns1 example.com soa
> dig @ns2 example.com soa
> <compare soa records to see if they are identical>
>
> Xymon can do the DNS lookups, all that is needed is to cook up the
> necessary data analysis.
>
> I think this should be a separate test from the normal "dns" column?
>
IMHO, this really should be an ext test. In a couple of minutes, this
might almost suffice with some small extra wrappers:
/usr/bin/dnsqr ns mydomain.com|grep ^answer|awk '{ print $5 }'| while
read server;do /usr/bin/dnsq soa mydomain.com $server|grep ^answer:|awk
'{ print $7 }';done|uniq|wc -l
If the answer is 1, then green, anything else is red.
Of course, I've only tested this against my own domain on my NS, and it
worked, but your results may vary. You should add a whole bunch of error
checking to ensure that each lookup is successful, returns valid
results, etc...
The main reason for doing this was to simply see how hard it would be to
complete the task using the djb tools as they are claimed to be easier
to use for scripting. I didn't actually attempt this with the bind
tools, but past experience suggests it would be more difficult to parse
the correct answers/etc...
Sharing was just in case it is useful to others...
Regards,
Adam
--
Adam Goryachev Website Managers www.websitemanagers.com.au
More information about the Xymon
mailing list