I guess a lot of you are monitoring machines using their DNS-record.
But what if this changes beyond your control?
Or even if it changes within your control, but you forgot to change the setting in Zabbix.
I'm using this trigger for half a year now and it already saved me several times. One time the DNS hosting was just turned of by the ISP and another time a migration wasn't as it should be.....
It would have been easier to just resolve the record and do a comparison, but I wanted to take it a step further....
By querying the Authorative DNS-servers instead of asking your own DNS-server you can buy some extra time (because of the TTL)
When configuring the server you need to give its DNS-record and its IP. This item/trigger will monitor if there's a mismatch between them....
2 triggers
# cat /usr/local/sbin/dnsverify
But what if this changes beyond your control?
Or even if it changes within your control, but you forgot to change the setting in Zabbix.
I'm using this trigger for half a year now and it already saved me several times. One time the DNS hosting was just turned of by the ISP and another time a migration wasn't as it should be.....
It would have been easier to just resolve the record and do a comparison, but I wanted to take it a step further....
By querying the Authorative DNS-servers instead of asking your own DNS-server you can buy some extra time (because of the TTL)
When configuring the server you need to give its DNS-record and its IP. This item/trigger will monitor if there's a mismatch between them....
Code:
DNS Verify $2
external check
dnsverify {HOST.DNS1}, {IPADDRESS1}
numeric
decimal
1800
Code:
DNS of {HOST.DNS} does not correspond with {IPADDRESS}
DNS of {HOST.DNS} does not resolve
# cat /usr/local/sbin/dnsverify
Code:
#!/bin/bash
export PATH=${PATH}:/usr/local/sbin:/sbin:/usr/sbin:/bin:/usr/bin
# If called by zabbix, handle some things different
# For Zabbix 1.8x uncomment the following line
# echo "${BASH_SOURCE}" | grep -q "zabbix" && shift 1
ARECORD=`echo "$*" | awk '{print $1}'`
IP_SHOULDBE=`echo "$*" | awk '{print $2}'`
RETVAL=0
# If DNS is not supplied then return empty string to turn ITEM into "unsupported ITEM"
[ -z "${ARECORD}" ] && exit
# Sanitize DNS-record
ARECORD=`echo "${ARECORD}" | tr '[A-Z]' '[a-z]'`
SAN_ARECORD=`echo "${ARECORD}" | tr -cd '[.a-z0-9-]'`
# ARECORD has invalid characters, abort
[ "${ARECORD}" = "${SAN_ARECORD}" ] || exit
# add a trailing dot if it's not there
! echo "${ARECORD}" | grep -q ".*\.$" && ARECORD="${ARECORD}."
# extract TOPLEVEL for further processing
TOPLEVEL=`echo "${ARECORD}" | egrep -o "[a-z0-9-]+\.[a-z]+\.$"`
# Can't extract TOPLEVEL, make ITEM invalid by returning null string
[ -z "${TOPLEVEL}" ] && exit
# Fetch the SOA record (Start of Authority) to obtain the primary DNS-server
SOA=`host -W1 -t soa ${TOPLEVEL} 2>/dev/null | grep -o "has SOA record .*" | awk '{print $4}'`
if [ ! -z "${SOA}" ] ; then
FTMP1=`mktemp`
echo "${SOA}" >${FTMP1}
# Fetch all Authorative DNS-servers
host -W1 -t ns ${TOPLEVEL} 2>/dev/null | grep -o "name server .*" | awk '{print $3}' | grep -v "${SOA}" >>${FTMP1}
# Try all authorative DNS-server, but start with the SOA
while read NS ; do
IP_ACTUAL=`host -W1 ${ARECORD} ${NS} 2>/dev/null | grep -o 'has address .*' | head -n1 | awk '{print $3}'`
[ -z "${IP_ACTUAL}" ] || break
done <${FTMP1}
# Error resolving on Authorative server... Maybe it's a CNAME on a foreign domain??
# An authorative server is often configured to resolve only local domains.
# Further testing of the answer is NOT done using an authorative server, this is beyond the scope of this test.
if [ -z "${IP_ACTUAL}" ] ; then
CNAME=`host -W1 -t cname ${ARECORD} ${NS} 2>/dev/null | grep -o 'alias for .*' | head -n1 | awk '{print $3}'`
IP_ACTUAL=`host -W1 ${CNAME} 2>/dev/null | grep -o 'has address .*' | head -n1 | awk '{print $3}'`
fi
# We finally have a WINNER...
if [ ! -z "${IP_ACTUAL}" ] ; then
if [ -z "${IP_SHOULDBE}" ] || [ "${IP_SHOULDBE}" = '0.0.0.0' ] ; then
RETVAL=1
else
RETVAL=2
[ "${IP_SHOULDBE}" = "${IP_ACTUAL}" ] && RETVAL=1
fi
fi
rm ${FTMP1}
fi
echo "${RETVAL}"