Page 1 of 1
nrpe.conf ip or hostname?
Posted: Tue Jun 02, 2015 3:50 pm
by kendallchenoweth
In the nrpe.conf file, do you have to put the IP address for the argument to allowed_hosts or can you also put in a hostname that can be resolved by DNS?
Thanks!
Re: nrpe.conf ip or hostname?
Posted: Tue Jun 02, 2015 4:05 pm
by jdalrymple
nrpe.cfg ...
DNS names do work - however I think it's cached at the time the daemon is spawned. I wouldn't expect it to relookup the name during each request. If that's something you need us to test in a lab we can.
Re: nrpe.conf ip or hostname?
Posted: Thu Jun 04, 2015 10:07 am
by kendallchenoweth
Can you test in a lab and let me know? It's not a big deal if the information is cached, but it is, then I have the information to know what is the best choice. Thanks!
Re: nrpe.conf ip or hostname?
Posted: Thu Jun 04, 2015 11:02 am
by jdalrymple
xinetd:
- At xinetd start time it does a forward lookup to get the address for "only_from" - this doesn't seem to matter though
- Every time a request comes in there is a reverse lookup. If the proper name isn't returned in the reverse lookup the connection fails with "CHECK_NRPE: Error - Could not complete SSL handshake."
nrpe -d:
- Every time a check_nrpe request comes in a forward lookup is done, if the IP matches it works, if the record doesn't match check_nrpe fails with "CHECK_NRPE: Error - Could not complete SSL handshake."
So both seem resilient to dynamic DNS. With xinetd you'll have to have a good functioning reverse lookup zone (for it to work at all), and with nrpe -d you'll need a quick to update forward lookup zone.