There seems to be a bug where DNS PTR (Reverse DNS lookup) checks do not work in Xymon (4.3.7, but I don't recall seeing any fixes in the commits). The man page for hosts.cfg says the format to use is: dns=TYPE:lookup and one of the examples underneath for TYPE is PTR (reverse). I have tried this in small and capitals and neither work (the result is Name not found). Using A does work though. I wonder if it could be related to the fact that DiG needs to be invoked with -x for PTR checks. A quick look at the DiG man page suggests you could use either:
dig -t PTR my.ip.ad.dr.ess
Or:
dig my.ip.ad.dr.ess PTR
However, this is not the case. A closer looks reveals you have to use:
dig -x my.ip.ad.dr.ess
So what I am saying is that the treatment for type PTR differs from the other types, and that the parameters supplied to DiG (if Xymon uses DiG ) differ for PTR.
Tested manually with DiG 9.2.4 and the latest RHEL5: 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6.
Kind regards,
SebA
On 5 April 2013 22:30, SebA <spah at syntec.co.uk> wrote:
** I wonder if it could be related to the fact that DiG needs to be invoked with -x for PTR checks.
Not required for PTR checks.
A quick look at the DiG man page suggests you could use either:
dig -t PTR my.ip.ad.dr.ess
Or:
dig my.ip.ad.dr.ess PTR
No, it's more like this:
dig ess.addr.ip.my.in-addr.arpa PTR
However, this is not the case. A closer looks reveals you have to use:
dig -x my.ip.ad.dr.ess
The -x option is a convenience, and it means not only "set type to PTR" but also "reverse octets and append 'in-addr.arpa'".
I'm not in a position to check until tomorrow, but I'm confident that I successfully test for the localhost address like so
DNS=PTR:1.0.0.127.in-addr.arpa
J
On 8 April 2013 00:34, Jeremy Laidman <jlaidman at rebel-it.com.au> wrote:
I'm not in a position to check until tomorrow, but I'm confident that I successfully test for the localhost address like so
DNS=PTR:1.0.0.127.in-addr.arpa
I was wrong in the IP address that I test, but correct in the format and the fact that it works. You should be able to do PTR record checks by formatting in this "in-addr.arpa" format. An easy way to get this is from the output of "dig -x" which shows the question section in the "in-addr.arpa" format (and also in the answer section if it resolves).
J
Thanks Jeremy, that's awesome. There were no examples for PTR on Xymon out there so this may help others too. It works and thanks for the explanation.
Kind regards,
SebA
From: Jeremy Laidman [mailto:jlaidman at rebel-it.com.au] Sent: 08 April 2013 02:32 To: SebA Cc: xymon Subject: Re: [Xymon] Reverse DNS lookup check not working
On 8 April 2013 00:34, Jeremy Laidman <jlaidman at rebel-it.com.au> wrote:
I'm not in a position to check until tomorrow, but I'm confident that I successfully test for the localhost address like so
DNS=PTR:1.0.0.127.in-addr.arpa
I was wrong in the IP address that I test, but correct in the format and the fact that it works. You should be able to do PTR record checks by formatting in this "in-addr.arpa" format. An easy way to get this is from the output of "dig -x" which shows the question section in the "in-addr.arpa" format (and also in the answer section if it resolves).
J
participants (2)
-
jlaidman@rebel-it.com.au
-
spah@syntec.co.uk