nrpe.conf ip or hostname?

[kendallchenoweth]

In the nrpe.conf file, do you have to put the IP address for the argument to allowed_hosts or can you also put in a hostname that can be resolved by DNS?

Thanks!

[jdalrymple]

nrpe.cfg ...

DNS names do work - however I think it's cached at the time the daemon is spawned. I wouldn't expect it to relookup the name during each request. If that's something you need us to test in a lab we can.

[kendallchenoweth]

Can you test in a lab and let me know? It's not a big deal if the information is cached, but it is, then I have the information to know what is the best choice. Thanks!

[jdalrymple]

xinetd:

- At xinetd start time it does a forward lookup to get the address for "only_from" - this doesn't seem to matter though
- Every time a request comes in there is a reverse lookup. If the proper name isn't returned in the reverse lookup the connection fails with "CHECK_NRPE: Error - Could not complete SSL handshake."

nrpe -d:

- Every time a check_nrpe request comes in a forward lookup is done, if the IP matches it works, if the record doesn't match check_nrpe fails with "CHECK_NRPE: Error - Could not complete SSL handshake."

So both seem resilient to dynamic DNS. With xinetd you'll have to have a good functioning reverse lookup zone (for it to work at all), and with nrpe -d you'll need a quick to update forward lookup zone.