On 08/01/14 19:39, Henrik Størner wrote:
Den 08-01-2014 06:07, Jeremy Laidman skrev:
On 8 January 2014 13:44, Mark Felder <feld at feld.me <mailto:feld at feld.me>> wrote:
The question here is "Are the publicly accessible NS servers in a consistent functional state?". The goal is not to validate the data.So, I suppose the "object" you're trying to watch is the "NS" consistency state of the zone. So yes, you'd alert against the zone name such as what you've shown in your hosts.cfg example.
Testing this would essentially do
dig example.com ns <grab the list of dns servers> dig @ns1 example.com soa dig @ns2 example.com soa <compare soa records to see if they are identical>
Xymon can do the DNS lookups, all that is needed is to cook up the necessary data analysis.
I think this should be a separate test from the normal "dns" column?
IMHO, this really should be an ext test. In a couple of minutes, this might almost suffice with some small extra wrappers: /usr/bin/dnsqr ns mydomain.com|grep ^answer|awk '{ print $5 }'| while read server;do /usr/bin/dnsq soa mydomain.com $server|grep ^answer:|awk '{ print $7 }';done|uniq|wc -l
If the answer is 1, then green, anything else is red.
Of course, I've only tested this against my own domain on my NS, and it worked, but your results may vary. You should add a whole bunch of error checking to ensure that each lookup is successful, returns valid results, etc... The main reason for doing this was to simply see how hard it would be to complete the task using the djb tools as they are claimed to be easier to use for scripting. I didn't actually attempt this with the bind tools, but past experience suggests it would be more difficult to parse the correct answers/etc...
Sharing was just in case it is useful to others...
Regards, Adam
Adam Goryachev Website Managers www.websitemanagers.com.au