[Nagiosplug-devel] check_dns: expect authority flag
Jon. Hallett
jjh at ecs.soton.ac.uk
Tue Feb 24 19:01:03 CET 2004
Below is patch which adds a -A/--expect-authority flag to check_dns. We
use it to check that our name servers are authoritative for our domains and
are not just serving our addresses from their caches, which can happen if
the zone files are corrupted.
For example, the following should succeed because we are (we hope)
authoritative for our own domains:
# ./check_dns -H www.ecs.soton.ac.uk -s ns0.ecs.soton.ac.uk -A
DNS ok - 0.026 seconds response time, address is 152.78.68.160|time=25955us;;;0
and the next one should fail because the server is just a cache:
# ./check_dns -H www.ecs.soton.ac.uk -s ns0.ja.net -A
DNS CRITICAL - server ns0.ja.net is not authoritative for www.ecs.soton.ac.uk
I hope this patch will be useful to someone else.
Jon.
*** check_dns.c.orig Thu Aug 28 04:53:52 2003
--- check_dns.c Tue Feb 24 10:19:41 2004
***************
*** 11,16 ****
--- 11,17 ----
* Notes:
* - Safe popen added by Karl DeBisschop 9-11-99
* - expected-address parameter added by Alex Chaffee - 7 Oct 2002
+ * - expect-authority flag added by Jon. Hallett 2004-02-23
*
* Command line: (see print_usage)
*
***************
*** 66,71 ****
--- 67,73 ----
char ptr_server[ADDRESS_LENGTH] = "";
int verbose = FALSE;
char expected_address[ADDRESS_LENGTH] = "";
+ int expect_authority = FALSE;
int match_expected_address = FALSE;
int
***************
*** 75,80 ****
--- 77,83 ----
char input_buffer[MAX_INPUT_BUFFER];
char *output = NULL;
char *address = NULL;
+ int non_authoritative = FALSE;
char *temp_buffer = NULL;
int result = STATE_UNKNOWN;
double elapsed_time;
***************
*** 161,166 ****
--- 164,172 ----
break;
}
+ else if (strstr (input_buffer, "Non-authoritative answer:")) {
+ non_authoritative = TRUE;
+ }
result = error_scan (input_buffer);
if (result != STATE_OK) {
***************
*** 203,208 ****
--- 209,220 ----
asprintf(&output, _("expected %s but got %s"), expected_address,
address);
}
+ /* check if authoritative */
+ if (result == STATE_OK && expect_authority && non_authoritative) {
+ result = STATE_CRITICAL;
+ asprintf(&output, _("server %s is not authoritative for %s"),
dns_server, query_address);
+ }
+
microsec = deltime (tv);
elapsed_time = (double)microsec / 1.0e6;
***************
*** 293,298 ****
--- 305,311 ----
{"server", required_argument, 0, 's'},
{"reverse-server", required_argument, 0, 'r'},
{"expected-address", required_argument, 0, 'a'},
+ {"expect-authority", no_argument, 0, 'A'},
{0, 0, 0, 0}
};
***************
*** 304,310 ****
strcpy (argv[c], "-t");
while (1) {
! c = getopt_long (argc, argv, "hVvt:H:s:r:a:", long_opts, &opt_index);
if (c == -1 || c == EOF)
break;
--- 317,323 ----
strcpy (argv[c], "-t");
while (1) {
! c = getopt_long (argc, argv, "hVvt:H:s:r:a:A", long_opts, &opt_index);
if (c == -1 || c == EOF)
break;
***************
*** 360,365 ****
--- 373,381 ----
strcpy (expected_address, optarg);
match_expected_address = TRUE;
break;
+ case 'A': /* expect authority */
+ expect_authority = TRUE;
+ break;
}
}
***************
*** 416,422 ****
-s, --server=HOST\n\
Optional DNS server you want to use for the lookup\n\
-a, --expected-address=IP-ADDRESS\n\
! Optional IP address you expect the DNS server to return\n"));
printf (_(UT_TIMEOUT), DEFAULT_SOCKET_TIMEOUT);
--- 432,440 ----
-s, --server=HOST\n\
Optional DNS server you want to use for the lookup\n\
-a, --expected-address=IP-ADDRESS\n\
! Optional IP address you expect the DNS server to return\n\
! -A, --expect-authority\n\
! Optionally expect the DNS server to be authoritative for the lookup\n"));
printf (_(UT_TIMEOUT), DEFAULT_SOCKET_TIMEOUT);
***************
*** 436,442 ****
print_usage (void)
{
printf (_("\
! Usage: %s -H host [-s server] [-a expected-address] [-t timeout]\n\
%s --help\n\
%s --version\n"),
progname, progname, progname);
--- 454,460 ----
print_usage (void)
{
printf (_("\
! Usage: %s -H host [-s server] [-a expected-address] [-A] [-t timeout]\n\
%s --help\n\
%s --version\n"),
progname, progname, progname);
More information about the Devel
mailing list