Ad Widget

Collapse

net.dns.record items scrambled...sometimes

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • troffasky
    Senior Member
    • Jul 2008
    • 567
    #1

    net.dns.record items scrambled...sometimes

    Key:
    net.dns.record[1.1.1.1,{HOST.NAME},TXT,,,tcp]

    Also tried:

    net.dns.record[1.1.1.1,{HOST.NAME},TXT,,,]

    I want a trigger that fires when TXT records for a monitored domain are changed. Unfortunately, Zabbix collects this data in some scrambled way


    Click image for larger version Name: ksnip_20240724-180155.png Views: 558 Size: 93.1 KB ID: 488232


    so the trigger fires almost every time the item is polled. Polled every 30m, it has come back with a different result 35 times out of the last 48 :-(

    1.1.1.1 does not do this when tested with dig, but as pointed out on another DNS thread, Zabbix uses some other resolver thing so not sure how to cross-check it.

    Not all records behave like this, NS seems to be fine. Or maybe this is about record length?
    Tags: None
    • troffasky
      Senior Member
      • Jul 2008
      • 567
      #2
      Thought I would add google.com as a comparison [and so I don't have to censor my posts], as it also has a pretty large TXT record. But it doesn't work at all:

      "Cannot decode DNS response: cannot expand domain name"

      This message was added to fix CVE-2023-32726 and CVE-2023-32727, but I am not clear what "expand" means in this context. I am not intending any recursion to happen here, I simply want to retrieve the TXT records for the domain specified.

      If I force a check:

      1860:20240725:100540.942 error reason for "google.com:net.dns.record[1.1.1.1,{HOST.NAME},TXT]" changed: Cannot decode DNS response: record overflow.

      force again:

      1860:20240725:100620.940 error reason for "google.com:net.dns.record[1.1.1.1,{HOST.NAME},TXT]" changed: Cannot decode DNS response: cannot expand domain name

      No explanation here of what the max record length is:

      1 Zabbix agent
      https://www.zabbix.com/documentation/current/en/manual/config/items/itemtypes/zabbix_agent#net.dns.record
      Last edited by troffasky; 25-07-2024, 12:14.

        Comment

        • troffasky
          Senior Member
          • Jul 2008
          • 567
          #3
          This worked one time, then disabled itself again:


          2024-07-25 12:08:55

          T_0
          T_0
          T_0
          google.com TXT "apple-domain-verification=30afIBcvSuDV2PLX"
          google.com TXT "docusign=1b0a6754-49b1-4db5-8540-d2c12664b289"
          google.com

          Displaying 1 of 1 found

            Comment

            • troffasky
              Senior Member
              • Jul 2008
              • 567
              #4
              Looks like this has been an issue for quite some time:

              Loading...
              https://support.zabbix.com/browse/ZBX-17661

                Comment

                • troffasky
                  Senior Member
                  • Jul 2008
                  • 567
                  #5
                  Tried with agent2 instead. This actually returns answers for net.dns.record TXT, but ONLY in TCP mode:

                  # zabbix_get -k net.dns.record[1.1.1.1,google.com,TXT] -s theagent2
                  ZBX_NOTSUPPORTED: Cannot perform DNS query.
                  # zabbix_get -k net.dns.record[1.1.1.1,google.com,TXT,,,tcp] -s theagent2
                  google.com TXT "google-site-verification=TV9-DBe4R80X4v0M4U_bd_J9cpOJM0nikft0jAgjmsQ"
                  google.com TXT "facebook-domain-verification=22rm551cu4k0ab0bxsw536tlds4h95"
                  google.com TXT "onetrust-domain-verification=de01ed21f2fa4d8781cbc3ffb89cf4ef"
                  google.com TXT "cisco-ci-domain-verification=479146de172eb01ddee38b1a455ab9e8bb515 42ddd7f1fa298557dfa7b22d963"
                  google.com TXT "docusign=1b0a6754-49b1-4db5-8540-d2c12664b289"
                  google.com TXT "globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8="
                  google.com TXT "docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e"
                  google.com TXT "google-site-verification=wD8N7i1JTNTkezJ49swvWW48f8_9xveREV4oB-0Hf5o"
                  google.com TXT "MS=E4A68B9AB2BB9670BCE15412F62916164C0B20BB"
                  google.com TXT "v=spf1 include:_spf.google.com ~all"
                  google.com TXT "apple-domain-verification=30afIBcvSuDV2PLX"

                    Comment

                    Previous template Next
                    Working...