Commit dadb9bb181984dd52f0cfe631bfe7fc7c1098a4c

Authored by Frederik Lindenaar
1 parent 302f2b0a

First commit for check_dns_replication

README.md
... ... @@ -12,12 +12,14 @@ encounter any issues or require changes.
12 12 The latest versions, documentation and bugtracker available on my
13 13 [GitLab instance](https://gitlab.lindenaar.net/scripts/nagios-plugins)
14 14  
15   -Copyright (c) 2015 - 2019 Frederik Lindenaar. free for distribution under
  15 +Copyright (c) 2015 - 2021 Frederik Lindenaar. free for distribution under
16 16 the GNU General Public License, see [below](#license)
17 17  
18 18 contents
19 19 ========
20 20 This repository contains the following scripts:
  21 + * [check_dns_replication](#check_dns_replication)
  22 + check DNS zone replication by comparing zone serial numbers on DNS servers
21 23 * [check_memory](#check_memory)
22 24 patched version of nagios-plugins check_memory script for Linux procps v3.3+
23 25 * [check_multiple_host_addresses](#host_addresses)
... ... @@ -30,6 +32,66 @@ This repository contains the following scripts:
30 32 * [nagiosstatus](#nagiosstatus)
31 33 CGI-BIN script to report the status of nagios (to monitor nagios itself)
32 34  
  35 +
  36 +<a name=check_dns_replication>plugins/check_dns_replication</a>
  37 +---------------------------------------------------------------
  38 +With this check plugin / script, Nagios can monitor the replication of DNS zones
  39 +between the authoritative DNS server for a domain and one or more of it's slave
  40 +(or secondary) DNS servers. The script can check one or multiple DNS zones and
  41 +can be pointed at one ore more specific DNS slave server(s) or us the NS records
  42 +of the zone to check all DNS servers of that domain (or a combination of this)
  43 +
  44 +The script expects a (comma separated list of) DNS zone(s) to validate as its
  45 +first command line parameter. It optionally also accepts one or more DNS servers
  46 +to check as further parameters (either separate parameters or comma separated).
  47 +If no DNS Servers are provided or the `-n` command line option is passed it will
  48 +lookup the DNS Servers from the NS records in de DNS zone.
  49 +
  50 +The script will first fetch the authoritative DNS server from the SOA record, so
  51 +that server must be reachable. This first lookup will be done against the first
  52 +DNS server, if provided, or the default nameserver of the host. Next it will
  53 +fetch the DNS zone's SOA record from each server and compare it with the master.
  54 +
  55 +Installation is straightforward, after installing the script on your server, add
  56 +the following to your `commands.cmd` configuration file to make it available:
  57 +
  58 +~~~
  59 +# 'check-dns-replication' command definition to check DNS replication of one or more zones
  60 +define command {
  61 + command_name check-dns-replication
  62 + command_line [install_path]/plugins/check_dns_replication -n '$ARG1$' '$HOSTADDRESS$'
  63 +}
  64 +
  65 +# 'check-dns-slave' command to check DNS replication of one or more zones against a single server
  66 +define command {
  67 + command_name check-dns-slave
  68 + command_line [install_path]/plugins/check_dns_replication '$ARG1$' '$HOSTADDRESS$'
  69 +}
  70 +~~~
  71 +
  72 +The example below shows how to check DNS zone replication for the primary DNS
  73 +server (which checks replication to all secondaries) and how to check an extra
  74 +secondary DNS server that is not listed as NS record in the zone.
  75 +
  76 +~~~
  77 +# check DNS replication for an DNS zone to ensure all secondaries are in sync
  78 +define service {
  79 + host auth.dns.mydomain.tld
  80 + service_description DNS Zone Replication
  81 + check_command check-dns-replication!mydomain.tld
  82 + use generic-service
  83 +}
  84 +
  85 +# check DNS replication to a specific secondary DNS server
  86 +define service {
  87 + host sec1.dns.mydomain.tld
  88 + service_description DNS Zone Replication to secondary
  89 + check_command check-dns-slave!mydomain.tld
  90 + use generic-service
  91 +}
  92 +~~~
  93 +
  94 +
33 95 <a name=check_memory>plugins/check_memory</a>
34 96 ---------------------------------------------
35 97 Nagios check script to monitor the memory on Linux systems. Due to changes in
... ... @@ -54,23 +116,23 @@ Installation is straightforward, after installing the script on your server, add
54 116 the following to your `commands.cmd` configuration file to make it available:
55 117  
56 118 ~~~
57   - # 'check-host-alive' command definition for multi-homed/dual-stack servers
58   - define command{
59   - command_name check-addresses-alive
60   - command_line [install_path]/plugins/check_multiplehost_addresses '$HOSTADDRESS$' '$_HOSTADDRESS6$'
61   - }
  119 +# 'check-host-alive' command definition for multi-homed/dual-stack servers
  120 +define command {
  121 + command_name check-addresses-alive
  122 + command_line [install_path]/plugins/check_multiplehost_addresses '$HOSTADDRESS$' '$_HOSTADDRESS6$'
  123 +}
62 124 ~~~
63 125  
64 126 The example above assumes that the IPv6 address of the host is provided as part
65 127 of the host configuration, i.e.:
66 128  
67 129 ~~~
68   - define host {
69   - ...
70   - address 192.168.0.1
71   - _address6 fdf8:f340:ab9d:c213::1
72   - ...
73   - }
  130 +define host {
  131 + ...
  132 + address 192.168.0.1
  133 + _address6 fdf8:f340:ab9d:c213::1
  134 + ...
  135 +}
74 136 ~~~
75 137  
76 138 To use the script either add `check_command check-addresses-alive`
... ... @@ -431,4 +493,3 @@ General Public License for more details.
431 493  
432 494 You should have received a copy of the GNU General Public License along with
433 495 this program. If not, download it from <http://www.gnu.org/licenses/>.
434   -
... ...
plugins/check_dns_replication 0 → 100755
  1 +#!/bin/bash
  2 +
  3 +# check_dns_replication - check DNS zone replication by comparing zone serials
  4 +#
  5 +# Version 1.0, latest version, documentation and bugtracker available at:
  6 +# https://gitlab.lindenaar.net/scripts/nagios-plugins
  7 +#
  8 +# Copyright (c) 2021 Frederik Lindenaar
  9 +#
  10 +# This script is free software: you can redistribute and/or modify it under the
  11 +# terms of version 3 of the GNU General Public License as published by the Free
  12 +# Software Foundation, or (at your option) any later version of the license.
  13 +#
  14 +# This script is distributed in the hope that it will be useful but WITHOUT ANY
  15 +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
  16 +# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
  17 +#
  18 +# You should have received a copy of the GNU General Public License along with
  19 +# this program. If not, visit <http://www.gnu.org/licenses/> to download it.
  20 +
  21 +# Usage: check_dns_replication [-n] dns_zone[,dns_zone...] [dns_server...]
  22 +
  23 +if [ "$#" -eq 0 -o "$1" == "-n" -a "$#" -eq 1 ]; then
  24 + echo "DNSREPLICATION: UNKNOWN | missing parameter dns_zone"
  25 + exit 3
  26 +elif [ "$1" == "-n" ]; then
  27 + DNS_SERVER_LOOKUP=$1
  28 + shift
  29 +elif [ $1 == '-h' -o $1 == '--help' ]; then
  30 + cat << EOT
  31 +`basename $0` - check DNS zone replication by comparing SOA serial(s)
  32 +
  33 +usage: $0 [-n] dns_zone[,dns_zone...] [dns_server...]
  34 +
  35 +parameters:
  36 + -n when specified (or no dns_server provided) check domain's NS records
  37 + -h this help
  38 + dns_zone[,dns_zone...] list of DNS zones to check (comma separated!)
  39 + [dns_server...] DNS server(s) to compare with authoratative server
  40 +
  41 +EOT
  42 + exit 3
  43 +elif [[ "$1" = -* ]]; then
  44 + echo "DNSREPLICATION: UNKNOWN | invalid parameter, for help run $0 -h"
  45 + exit 3
  46 +fi
  47 +
  48 +DNS_ZONES=${1//,/ }
  49 +shift
  50 +DNS_SERVERS=${*//,/ }
  51 +
  52 +n="
  53 +"
  54 +NAGIOS_STATE=OK
  55 +NAGIOS_RESULT=0
  56 +NAGIOS_DETAILS=
  57 +
  58 +for DNS_ZONE in $DNS_ZONES; do
  59 + read AUTH_NAMESERVER <<<$(host -t soa $DNS_ZONE ${DNS_SERVERS// .*/} | tail -1 | cut -d\ -f5 | sed "s/.$//")
  60 + [ -n "$AUTH_NAMESERVER" ] && read AUTH_SOA_SERIAL <<<$(host -t soa $DNS_ZONE $AUTH_NAMESERVER | tail -1 | cut -d\ -f7)
  61 + if [ -z "$AUTH_SOA_SERIAL" ]; then
  62 + NAGIOS_STATE=CRITICAL
  63 + NAGIOS_RESULT=2
  64 + NAGIOS_DETAILS="$NAGIOS_DETAILS$n$DNS_ZONE: unknown domain (unable to resolve)"
  65 + else
  66 + NAMESERVER_OK=
  67 + NAMESERVER_HIGHER=
  68 + NAMESERVER_LOWER=
  69 + NAMESERVER_EMPTY=
  70 + NAMESERVERS=$DNS_SERVERS
  71 + if [ -z "$DNS_SERVERS" -o "$DNS_SERVER_LOOKUP" == '-n' -o "$DNS_SERVERS" == "$AUTH_NAMESERVER" ]; then
  72 + NAMESERVERS="$NAMESERVERS $(host -t ns $DNS_ZONE $AUTH_NAMESERVER | fgrep -v : | sed "s/.* //;s/\.$//")"
  73 + fi
  74 + for NAMESERVER in $NAMESERVERS; do
  75 + if [ "$NAMESERVER" != "$AUTH_NAMESERVER" ]; then
  76 + SOA_SERIAL=$(host -t soa $DNS_ZONE $NAMESERVER | tail -1 | cut -d\ -f 7)
  77 + if [ -z "$SOA_SERIAL" ]; then
  78 + NAMESERVER_EMPTY="$NAMESERVER_EMPTY$NAMESERVER,"
  79 + elif [ "$SOA_SERIAL" -lt "$AUTH_SOA_SERIAL" ]; then
  80 + NAMESERVER_LOWER="$NAMESERVER_LOWER$NAMESERVER,"
  81 + elif [ "$SOA_SERIAL" -gt "$AUTH_SOA_SERIAL" ]; then
  82 + NAMESERVER_HIGHER="$NAMESERVER_HIGHER$NAMESERVER,"
  83 + else
  84 + NAMESERVER_OK="$NAMESERVER_OK$NAMESERVER,"
  85 + fi
  86 + fi
  87 + done
  88 + NAGIOS_DETAILS="$NAGIOS_DETAILS$n$DNS_ZONE: $AUTH_NAMESERVER($AUTH_SOA_SERIAL)"
  89 + [ -n "$NAMESERVER_OK" ] && NAGIOS_DETAILS="$NAGIOS_DETAILS ok:$NAMESERVER_OK"
  90 + [ -n "$NAMESERVER_HIGHER" ] && NAGIOS_DETAILS="$NAGIOS_DETAILS higher:$NAMESERVER_HIGHER"
  91 + [ -n "$NAMESERVER_LOWER" ] && NAGIOS_DETAILS="$NAGIOS_DETAILS lower:$NAMESERVER_LOWER"
  92 + [ -n "$NAMESERVER_EMPTY" ] && NAGIOS_DETAILS="$NAGIOS_DETAILS error:$NAMESERVER_EMPTY"
  93 + if [ -n "$NAMESERVER_HIGHER$NAMESERVER_LOWER$NAMESERVER_EMPTY" ]; then
  94 + NAGIOS_STATE=CRITICAL
  95 + NAGIOS_RESULT=2
  96 + fi
  97 + NAGIOS_DETAILS="${NAGIOS_DETAILS%,}"
  98 + fi
  99 +done
  100 +
  101 +echo "DNSREPLICATION: $NAGIOS_STATE$NAGIOS_DETAILS"
  102 +exit $NAGIOS_RESULT
... ...