I am having an issue with check_dns. I am needing to get an alert if a specified DNS server has hung and will not respond to requests. This should be testable by pointing the check_dns command to a non-DNS server. However, it doesn't matter if I use a DNS server IP or not, I still get that the IP is resolving.
I have attached a screenshot showing both attempts. The top attempt is pointing to a DNS server (10.96.36.19). The bottom attempt is pointing to a NON-DNS server (10.96.36.18). As you can see, both return a positive result.
The nearest thing I can figure is that the Check_DNS, after getting a fail from the supplied DNS server then moves to the DNS server list in /etc/resolve.conf. Is this the expected action of the Check_DNS service?
Thanks.
Check_DNS false positive
Check_DNS false positive
You do not have the required permissions to view the files attached to this post.
-
- Posts: 1597
- Joined: Tue Sep 27, 2016 4:57 pm
Re: Check_DNS false positive
It's working for me:
What is the output from:
Code: Select all
# /usr/local/nagios/libexec/check_dns -H google.com -s 192.168.10.10
CRITICAL - Plugin timed out while executing system call
Code: Select all
# dig @10.96.36.18 10.96.19.132
Previous Nagios employee
Re: Check_DNS false positive
Result in attachment.
You do not have the required permissions to view the files attached to this post.
Re: Check_DNS false positive
What version of check_dns are you on? Check this with ./check_dns --help
If you're on the 2.2.0 version, run the following commands:
strace -o check_dns_trace.txt ./check_dns -H 10.90.19.132 -s 10.96.36.18
tcpdump -s 0 -i any port 52 -w check_dns_capture.pcap
Allow the tcpdump to run while you run the check_dns command a couple times, then use ctrl+c to stop the trace. Provide us with the result check_dns_trace.txt and check_dns_capture.pcap.
If you're on the 2.2.0 version, run the following commands:
strace -o check_dns_trace.txt ./check_dns -H 10.90.19.132 -s 10.96.36.18
tcpdump -s 0 -i any port 52 -w check_dns_capture.pcap
Allow the tcpdump to run while you run the check_dns command a couple times, then use ctrl+c to stop the trace. Provide us with the result check_dns_trace.txt and check_dns_capture.pcap.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Check_DNS false positive
It is showing I am on v2.0.3. I went to gethub and tried downloading & installing the newest Advanced Nagios Plugin Collection but the date on the check_dns plugin didn't change even though the website says it was updated 3 months ago. I'm not sure what I did wrong.
-
- Posts: 1597
- Joined: Tue Sep 27, 2016 4:57 pm
Re: Check_DNS false positive
Where did you download it from and how exactly did you install it?
This is our repo: https://github.com/nagios-plugins/nagios-plugins
This is our repo: https://github.com/nagios-plugins/nagios-plugins
Previous Nagios employee
Re: Check_DNS false positive
I went and downloaded the one you pointed me to (just to make sure I had the right thing). I uncompressed the Nagios-plugin-master folder into /usr/local/nagios/libexec and did the steps in the README text file. The only one that seemed to actually work was step one.
-
- Posts: 1597
- Joined: Tue Sep 27, 2016 4:57 pm
Re: Check_DNS false positive
I just installed from there this morning. Can you share the commands and output from your steps?
Previous Nagios employee
Re: Check_DNS false positive
OK, apparently I lied. It doesn't even get step one done. It said it needed Autoconf version 2.60 or higher. I installed Autoconf 2.6.9 and then noticed that the permissions weren't correct on the nagios-plugins-master folder and files either. :-/ After addressing these two issues, the plugin bundle installed as it should.
Now I have tested the check_xi_service_dns command and it does seem to give a proper fail when trying to get a DNS resolution from a non-DNS server.
Thank you for your help. Everything seems to be working now.
Now I have tested the check_xi_service_dns command and it does seem to give a proper fail when trying to get a DNS resolution from a non-DNS server.
Thank you for your help. Everything seems to be working now.