Commit dadb9bb181984dd52f0cfe631bfe7fc7c1098a4c
1 parent
302f2b0a
First commit for check_dns_replication
Showing
2 changed files
with
176 additions
and
13 deletions
README.md
... | ... | @@ -12,12 +12,14 @@ encounter any issues or require changes. |
12 | 12 | The latest versions, documentation and bugtracker available on my |
13 | 13 | [GitLab instance](https://gitlab.lindenaar.net/scripts/nagios-plugins) |
14 | 14 | |
15 | -Copyright (c) 2015 - 2019 Frederik Lindenaar. free for distribution under | |
15 | +Copyright (c) 2015 - 2021 Frederik Lindenaar. free for distribution under | |
16 | 16 | the GNU General Public License, see [below](#license) |
17 | 17 | |
18 | 18 | contents |
19 | 19 | ======== |
20 | 20 | This repository contains the following scripts: |
21 | + * [check_dns_replication](#check_dns_replication) | |
22 | + check DNS zone replication by comparing zone serial numbers on DNS servers | |
21 | 23 | * [check_memory](#check_memory) |
22 | 24 | patched version of nagios-plugins check_memory script for Linux procps v3.3+ |
23 | 25 | * [check_multiple_host_addresses](#host_addresses) |
... | ... | @@ -30,6 +32,66 @@ This repository contains the following scripts: |
30 | 32 | * [nagiosstatus](#nagiosstatus) |
31 | 33 | CGI-BIN script to report the status of nagios (to monitor nagios itself) |
32 | 34 | |
35 | + | |
36 | +<a name=check_dns_replication>plugins/check_dns_replication</a> | |
37 | +--------------------------------------------------------------- | |
38 | +With this check plugin / script, Nagios can monitor the replication of DNS zones | |
39 | +between the authoritative DNS server for a domain and one or more of it's slave | |
40 | +(or secondary) DNS servers. The script can check one or multiple DNS zones and | |
41 | +can be pointed at one ore more specific DNS slave server(s) or us the NS records | |
42 | +of the zone to check all DNS servers of that domain (or a combination of this) | |
43 | + | |
44 | +The script expects a (comma separated list of) DNS zone(s) to validate as its | |
45 | +first command line parameter. It optionally also accepts one or more DNS servers | |
46 | +to check as further parameters (either separate parameters or comma separated). | |
47 | +If no DNS Servers are provided or the `-n` command line option is passed it will | |
48 | +lookup the DNS Servers from the NS records in de DNS zone. | |
49 | + | |
50 | +The script will first fetch the authoritative DNS server from the SOA record, so | |
51 | +that server must be reachable. This first lookup will be done against the first | |
52 | +DNS server, if provided, or the default nameserver of the host. Next it will | |
53 | +fetch the DNS zone's SOA record from each server and compare it with the master. | |
54 | + | |
55 | +Installation is straightforward, after installing the script on your server, add | |
56 | +the following to your `commands.cmd` configuration file to make it available: | |
57 | + | |
58 | +~~~ | |
59 | +# 'check-dns-replication' command definition to check DNS replication of one or more zones | |
60 | +define command { | |
61 | + command_name check-dns-replication | |
62 | + command_line [install_path]/plugins/check_dns_replication -n '$ARG1$' '$HOSTADDRESS$' | |
63 | +} | |
64 | + | |
65 | +# 'check-dns-slave' command to check DNS replication of one or more zones against a single server | |
66 | +define command { | |
67 | + command_name check-dns-slave | |
68 | + command_line [install_path]/plugins/check_dns_replication '$ARG1$' '$HOSTADDRESS$' | |
69 | +} | |
70 | +~~~ | |
71 | + | |
72 | +The example below shows how to check DNS zone replication for the primary DNS | |
73 | +server (which checks replication to all secondaries) and how to check an extra | |
74 | +secondary DNS server that is not listed as NS record in the zone. | |
75 | + | |
76 | +~~~ | |
77 | +# check DNS replication for an DNS zone to ensure all secondaries are in sync | |
78 | +define service { | |
79 | + host auth.dns.mydomain.tld | |
80 | + service_description DNS Zone Replication | |
81 | + check_command check-dns-replication!mydomain.tld | |
82 | + use generic-service | |
83 | +} | |
84 | + | |
85 | +# check DNS replication to a specific secondary DNS server | |
86 | +define service { | |
87 | + host sec1.dns.mydomain.tld | |
88 | + service_description DNS Zone Replication to secondary | |
89 | + check_command check-dns-slave!mydomain.tld | |
90 | + use generic-service | |
91 | +} | |
92 | +~~~ | |
93 | + | |
94 | + | |
33 | 95 | <a name=check_memory>plugins/check_memory</a> |
34 | 96 | --------------------------------------------- |
35 | 97 | Nagios check script to monitor the memory on Linux systems. Due to changes in |
... | ... | @@ -54,23 +116,23 @@ Installation is straightforward, after installing the script on your server, add |
54 | 116 | the following to your `commands.cmd` configuration file to make it available: |
55 | 117 | |
56 | 118 | ~~~ |
57 | - # 'check-host-alive' command definition for multi-homed/dual-stack servers | |
58 | - define command{ | |
59 | - command_name check-addresses-alive | |
60 | - command_line [install_path]/plugins/check_multiplehost_addresses '$HOSTADDRESS$' '$_HOSTADDRESS6$' | |
61 | - } | |
119 | +# 'check-host-alive' command definition for multi-homed/dual-stack servers | |
120 | +define command { | |
121 | + command_name check-addresses-alive | |
122 | + command_line [install_path]/plugins/check_multiplehost_addresses '$HOSTADDRESS$' '$_HOSTADDRESS6$' | |
123 | +} | |
62 | 124 | ~~~ |
63 | 125 | |
64 | 126 | The example above assumes that the IPv6 address of the host is provided as part |
65 | 127 | of the host configuration, i.e.: |
66 | 128 | |
67 | 129 | ~~~ |
68 | - define host { | |
69 | - ... | |
70 | - address 192.168.0.1 | |
71 | - _address6 fdf8:f340:ab9d:c213::1 | |
72 | - ... | |
73 | - } | |
130 | +define host { | |
131 | + ... | |
132 | + address 192.168.0.1 | |
133 | + _address6 fdf8:f340:ab9d:c213::1 | |
134 | + ... | |
135 | +} | |
74 | 136 | ~~~ |
75 | 137 | |
76 | 138 | To use the script either add `check_command check-addresses-alive` |
... | ... | @@ -431,4 +493,3 @@ General Public License for more details. |
431 | 493 | |
432 | 494 | You should have received a copy of the GNU General Public License along with |
433 | 495 | this program. If not, download it from <http://www.gnu.org/licenses/>. |
434 | - | |
... | ... |
plugins/check_dns_replication
0 → 100755
1 | +#!/bin/bash | |
2 | + | |
3 | +# check_dns_replication - check DNS zone replication by comparing zone serials | |
4 | +# | |
5 | +# Version 1.0, latest version, documentation and bugtracker available at: | |
6 | +# https://gitlab.lindenaar.net/scripts/nagios-plugins | |
7 | +# | |
8 | +# Copyright (c) 2021 Frederik Lindenaar | |
9 | +# | |
10 | +# This script is free software: you can redistribute and/or modify it under the | |
11 | +# terms of version 3 of the GNU General Public License as published by the Free | |
12 | +# Software Foundation, or (at your option) any later version of the license. | |
13 | +# | |
14 | +# This script is distributed in the hope that it will be useful but WITHOUT ANY | |
15 | +# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR | |
16 | +# A PARTICULAR PURPOSE. See the GNU General Public License for more details. | |
17 | +# | |
18 | +# You should have received a copy of the GNU General Public License along with | |
19 | +# this program. If not, visit <http://www.gnu.org/licenses/> to download it. | |
20 | + | |
21 | +# Usage: check_dns_replication [-n] dns_zone[,dns_zone...] [dns_server...] | |
22 | + | |
23 | +if [ "$#" -eq 0 -o "$1" == "-n" -a "$#" -eq 1 ]; then | |
24 | + echo "DNSREPLICATION: UNKNOWN | missing parameter dns_zone" | |
25 | + exit 3 | |
26 | +elif [ "$1" == "-n" ]; then | |
27 | + DNS_SERVER_LOOKUP=$1 | |
28 | + shift | |
29 | +elif [ $1 == '-h' -o $1 == '--help' ]; then | |
30 | + cat << EOT | |
31 | +`basename $0` - check DNS zone replication by comparing SOA serial(s) | |
32 | + | |
33 | +usage: $0 [-n] dns_zone[,dns_zone...] [dns_server...] | |
34 | + | |
35 | +parameters: | |
36 | + -n when specified (or no dns_server provided) check domain's NS records | |
37 | + -h this help | |
38 | + dns_zone[,dns_zone...] list of DNS zones to check (comma separated!) | |
39 | + [dns_server...] DNS server(s) to compare with authoratative server | |
40 | + | |
41 | +EOT | |
42 | + exit 3 | |
43 | +elif [[ "$1" = -* ]]; then | |
44 | + echo "DNSREPLICATION: UNKNOWN | invalid parameter, for help run $0 -h" | |
45 | + exit 3 | |
46 | +fi | |
47 | + | |
48 | +DNS_ZONES=${1//,/ } | |
49 | +shift | |
50 | +DNS_SERVERS=${*//,/ } | |
51 | + | |
52 | +n=" | |
53 | +" | |
54 | +NAGIOS_STATE=OK | |
55 | +NAGIOS_RESULT=0 | |
56 | +NAGIOS_DETAILS= | |
57 | + | |
58 | +for DNS_ZONE in $DNS_ZONES; do | |
59 | + read AUTH_NAMESERVER <<<$(host -t soa $DNS_ZONE ${DNS_SERVERS// .*/} | tail -1 | cut -d\ -f5 | sed "s/.$//") | |
60 | + [ -n "$AUTH_NAMESERVER" ] && read AUTH_SOA_SERIAL <<<$(host -t soa $DNS_ZONE $AUTH_NAMESERVER | tail -1 | cut -d\ -f7) | |
61 | + if [ -z "$AUTH_SOA_SERIAL" ]; then | |
62 | + NAGIOS_STATE=CRITICAL | |
63 | + NAGIOS_RESULT=2 | |
64 | + NAGIOS_DETAILS="$NAGIOS_DETAILS$n$DNS_ZONE: unknown domain (unable to resolve)" | |
65 | + else | |
66 | + NAMESERVER_OK= | |
67 | + NAMESERVER_HIGHER= | |
68 | + NAMESERVER_LOWER= | |
69 | + NAMESERVER_EMPTY= | |
70 | + NAMESERVERS=$DNS_SERVERS | |
71 | + if [ -z "$DNS_SERVERS" -o "$DNS_SERVER_LOOKUP" == '-n' -o "$DNS_SERVERS" == "$AUTH_NAMESERVER" ]; then | |
72 | + NAMESERVERS="$NAMESERVERS $(host -t ns $DNS_ZONE $AUTH_NAMESERVER | fgrep -v : | sed "s/.* //;s/\.$//")" | |
73 | + fi | |
74 | + for NAMESERVER in $NAMESERVERS; do | |
75 | + if [ "$NAMESERVER" != "$AUTH_NAMESERVER" ]; then | |
76 | + SOA_SERIAL=$(host -t soa $DNS_ZONE $NAMESERVER | tail -1 | cut -d\ -f 7) | |
77 | + if [ -z "$SOA_SERIAL" ]; then | |
78 | + NAMESERVER_EMPTY="$NAMESERVER_EMPTY$NAMESERVER," | |
79 | + elif [ "$SOA_SERIAL" -lt "$AUTH_SOA_SERIAL" ]; then | |
80 | + NAMESERVER_LOWER="$NAMESERVER_LOWER$NAMESERVER," | |
81 | + elif [ "$SOA_SERIAL" -gt "$AUTH_SOA_SERIAL" ]; then | |
82 | + NAMESERVER_HIGHER="$NAMESERVER_HIGHER$NAMESERVER," | |
83 | + else | |
84 | + NAMESERVER_OK="$NAMESERVER_OK$NAMESERVER," | |
85 | + fi | |
86 | + fi | |
87 | + done | |
88 | + NAGIOS_DETAILS="$NAGIOS_DETAILS$n$DNS_ZONE: $AUTH_NAMESERVER($AUTH_SOA_SERIAL)" | |
89 | + [ -n "$NAMESERVER_OK" ] && NAGIOS_DETAILS="$NAGIOS_DETAILS ok:$NAMESERVER_OK" | |
90 | + [ -n "$NAMESERVER_HIGHER" ] && NAGIOS_DETAILS="$NAGIOS_DETAILS higher:$NAMESERVER_HIGHER" | |
91 | + [ -n "$NAMESERVER_LOWER" ] && NAGIOS_DETAILS="$NAGIOS_DETAILS lower:$NAMESERVER_LOWER" | |
92 | + [ -n "$NAMESERVER_EMPTY" ] && NAGIOS_DETAILS="$NAGIOS_DETAILS error:$NAMESERVER_EMPTY" | |
93 | + if [ -n "$NAMESERVER_HIGHER$NAMESERVER_LOWER$NAMESERVER_EMPTY" ]; then | |
94 | + NAGIOS_STATE=CRITICAL | |
95 | + NAGIOS_RESULT=2 | |
96 | + fi | |
97 | + NAGIOS_DETAILS="${NAGIOS_DETAILS%,}" | |
98 | + fi | |
99 | +done | |
100 | + | |
101 | +echo "DNSREPLICATION: $NAGIOS_STATE$NAGIOS_DETAILS" | |
102 | +exit $NAGIOS_RESULT | |
... | ... |