scripts/nagios-plugins
1
0
Fork 0
Code Issues Pull Requests Activity

First commit for check_dns_replication

Browse Source
This commit is contained in:
Frederik Lindenaar
2021-03-09 21:48:55 +01:00
parent 302f2b0ade
commit dadb9bb181
2 changed files with 176 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
README.md
View File

@@ -12,12 +12,14 @@ encounter any issues or require changes.
The latest versions, documentation and bugtracker available on my
[GitLab instance](https://gitlab.lindenaar.net/scripts/nagios-plugins)
Copyright (c) 2015 - 2019 Frederik Lindenaar. free for distribution under
Copyright (c) 2015 - 2021 Frederik Lindenaar. free for distribution under
the GNU General Public License, see [below](#license)
contents
========
This repository contains the following scripts:
* [check_dns_replication](#check_dns_replication)
check DNS zone replication by comparing zone serial numbers on DNS servers
* [check_memory](#check_memory)
patched version of nagios-plugins check_memory script for Linux procps v3.3+
* [check_multiple_host_addresses](#host_addresses)
@@ -30,6 +32,66 @@ This repository contains the following scripts:
* [nagiosstatus](#nagiosstatus)
CGI-BIN script to report the status of nagios (to monitor nagios itself)
<a name=check_dns_replication>plugins/check_dns_replication</a>
---------------------------------------------------------------
With this check plugin / script, Nagios can monitor the replication of DNS zones
between the authoritative DNS server for a domain and one or more of it's slave
(or secondary) DNS servers. The script can check one or multiple DNS zones and
can be pointed at one ore more specific DNS slave server(s) or us the NS records
of the zone to check all DNS servers of that domain (or a combination of this)
The script expects a (comma separated list of) DNS zone(s) to validate as its
first command line parameter. It optionally also accepts one or more DNS servers
to check as further parameters (either separate parameters or comma separated).
If no DNS Servers are provided or the `-n` command line option is passed it will
lookup the DNS Servers from the NS records in de DNS zone.
The script will first fetch the authoritative DNS server from the SOA record, so
that server must be reachable. This first lookup will be done against the first
DNS server, if provided, or the default nameserver of the host. Next it will
fetch the DNS zone's SOA record from each server and compare it with the master.
Installation is straightforward, after installing the script on your server, add
the following to your `commands.cmd` configuration file to make it available:
~~~
# 'check-dns-replication' command definition to check DNS replication of one or more zones
define command {
command_name check-dns-replication
command_line [install_path]/plugins/check_dns_replication -n '$ARG1$' '$HOSTADDRESS$'
}
# 'check-dns-slave' command to check DNS replication of one or more zones against a single server
define command {
command_name check-dns-slave
command_line [install_path]/plugins/check_dns_replication '$ARG1$' '$HOSTADDRESS$'
}
~~~
The example below shows how to check DNS zone replication for the primary DNS
server (which checks replication to all secondaries) and how to check an extra
secondary DNS server that is not listed as NS record in the zone.
~~~
# check DNS replication for an DNS zone to ensure all secondaries are in sync
define service {
host auth.dns.mydomain.tld
service_description DNS Zone Replication
check_command check-dns-replication!mydomain.tld
use generic-service
}
# check DNS replication to a specific secondary DNS server
define service {
host sec1.dns.mydomain.tld
service_description DNS Zone Replication to secondary
check_command check-dns-slave!mydomain.tld
use generic-service
}
~~~
<a name=check_memory>plugins/check_memory</a>
---------------------------------------------
Nagios check script to monitor the memory on Linux systems. Due to changes in
@@ -431,4 +493,3 @@ General Public License for more details.
You should have received a copy of the GNU General Public License along with
this program. If not, download it from <http://www.gnu.org/licenses/>.

102
plugins/check_dns_replication Executable file
View File

@@ -0,0 +1,102 @@
#!/bin/bash
# check_dns_replication - check DNS zone replication by comparing zone serials
#
# Version 1.0, latest version, documentation and bugtracker available at:
# https://gitlab.lindenaar.net/scripts/nagios-plugins
#
# Copyright (c) 2021 Frederik Lindenaar
#
# This script is free software: you can redistribute and/or modify it under the
# terms of version 3 of the GNU General Public License as published by the Free
# Software Foundation, or (at your option) any later version of the license.
#
# This script is distributed in the hope that it will be useful but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with
# this program. If not, visit <http://www.gnu.org/licenses/> to download it.
# Usage: check_dns_replication [-n] dns_zone[,dns_zone...] [dns_server...]
if [ "$#" -eq 0 -o "$1" == "-n" -a "$#" -eq 1 ]; then
echo "DNSREPLICATION: UNKNOWN | missing parameter dns_zone"
exit 3
elif [ "$1" == "-n" ]; then
DNS_SERVER_LOOKUP=$1
shift
elif [ $1 == '-h' -o $1 == '--help' ]; then
cat << EOT
`basename $0` - check DNS zone replication by comparing SOA serial(s)
usage: $0 [-n] dns_zone[,dns_zone...] [dns_server...]
parameters:
-n when specified (or no dns_server provided) check domain's NS records
-h this help
dns_zone[,dns_zone...] list of DNS zones to check (comma separated!)
[dns_server...] DNS server(s) to compare with authoratative server
EOT
exit 3
elif [[ "$1" = -* ]]; then
echo "DNSREPLICATION: UNKNOWN | invalid parameter, for help run $0 -h"
exit 3
fi
DNS_ZONES=${1//,/ }
shift
DNS_SERVERS=${*//,/ }
n="
"
NAGIOS_STATE=OK
NAGIOS_RESULT=0
NAGIOS_DETAILS=
for DNS_ZONE in $DNS_ZONES; do
read AUTH_NAMESERVER <<<$(host -t soa $DNS_ZONE ${DNS_SERVERS// .*/} | tail -1 | cut -d\ -f5 | sed "s/.$//")
[ -n "$AUTH_NAMESERVER" ] && read AUTH_SOA_SERIAL <<<$(host -t soa $DNS_ZONE $AUTH_NAMESERVER | tail -1 | cut -d\ -f7)
if [ -z "$AUTH_SOA_SERIAL" ]; then
NAGIOS_STATE=CRITICAL
NAGIOS_RESULT=2
NAGIOS_DETAILS="$NAGIOS_DETAILS$n$DNS_ZONE: unknown domain (unable to resolve)"
else
NAMESERVER_OK=
NAMESERVER_HIGHER=
NAMESERVER_LOWER=
NAMESERVER_EMPTY=
NAMESERVERS=$DNS_SERVERS
if [ -z "$DNS_SERVERS" -o "$DNS_SERVER_LOOKUP" == '-n' -o "$DNS_SERVERS" == "$AUTH_NAMESERVER" ]; then
NAMESERVERS="$NAMESERVERS $(host -t ns $DNS_ZONE $AUTH_NAMESERVER | fgrep -v : | sed "s/.* //;s/\.$//")"
fi
for NAMESERVER in $NAMESERVERS; do
if [ "$NAMESERVER" != "$AUTH_NAMESERVER" ]; then
SOA_SERIAL=$(host -t soa $DNS_ZONE $NAMESERVER | tail -1 | cut -d\ -f 7)
if [ -z "$SOA_SERIAL" ]; then
NAMESERVER_EMPTY="$NAMESERVER_EMPTY$NAMESERVER,"
elif [ "$SOA_SERIAL" -lt "$AUTH_SOA_SERIAL" ]; then
NAMESERVER_LOWER="$NAMESERVER_LOWER$NAMESERVER,"
elif [ "$SOA_SERIAL" -gt "$AUTH_SOA_SERIAL" ]; then
NAMESERVER_HIGHER="$NAMESERVER_HIGHER$NAMESERVER,"
else
NAMESERVER_OK="$NAMESERVER_OK$NAMESERVER,"
fi
fi
done
NAGIOS_DETAILS="$NAGIOS_DETAILS$n$DNS_ZONE: $AUTH_NAMESERVER($AUTH_SOA_SERIAL)"
[ -n "$NAMESERVER_OK" ] && NAGIOS_DETAILS="$NAGIOS_DETAILS ok:$NAMESERVER_OK"
[ -n "$NAMESERVER_HIGHER" ] && NAGIOS_DETAILS="$NAGIOS_DETAILS higher:$NAMESERVER_HIGHER"
[ -n "$NAMESERVER_LOWER" ] && NAGIOS_DETAILS="$NAGIOS_DETAILS lower:$NAMESERVER_LOWER"
[ -n "$NAMESERVER_EMPTY" ] && NAGIOS_DETAILS="$NAGIOS_DETAILS error:$NAMESERVER_EMPTY"
if [ -n "$NAMESERVER_HIGHER$NAMESERVER_LOWER$NAMESERVER_EMPTY" ]; then
NAGIOS_STATE=CRITICAL
NAGIOS_RESULT=2
fi
NAGIOS_DETAILS="${NAGIOS_DETAILS%,}"
fi
done
echo "DNSREPLICATION: $NAGIOS_STATE$NAGIOS_DETAILS"
exit $NAGIOS_RESULT