domain hijacking: using Nagios to monitor 100s(possibly 1000s) of domains / hosts

Marc Powell marc at ena.com
Tue Jul 10 23:22:14 CEST 2007

Previous message: domain hijacking: using Nagios to monitor 100s (possibly 1000s) of domains / hosts
Next message: Nagios Configuration
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]


> -----Original Message-----
> From: nagios-users-bounces at lists.sourceforge.net [mailto:nagios-users-
> bounces at lists.sourceforge.net] On Behalf Of Rogelio Bastardo
> Sent: Tuesday, July 10, 2007 2:54 PM
> To: Nagios Users mailinglist
> Subject: [Nagios-users] domain hijacking: using Nagios to monitor
> 100s(possibly 1000s) of domains / hosts
> 
> I've got several hundred important domains that need to be checked for
> domain hijacking.  I'm assuming that this is as easy as "check_dns -H
> domain.com -s (nameserver) -A (expected IP)"
> 
> How well will method scale to several thousand?

I don't see why it would be a problem. What nameserver are you going to
be testing? -A indicates that you'll be checking the nameserver hosting
the domain. That won't tell you if your domain has been hijacked though.
The DNS server hosting the domain will always answer that it is
authoritative, no matter if the rest of the Internet thinks it is or
not. Any other nameserver you test will fail since you're requiring
Authority. If you're going to test a recursive nameserver, use -a
instead.

Presumably you're more interested in the nameservers that the rest of
the world thinks are authoritative. You'd probably want to use check_dig
against a recursive nameserver (or the root servers) to verify that the
NS records they're reporting are accurate. Something like

check_dig -T ns -H recursiveserver.yourdomain.foo -l yourdomain.foo -a
nameserver.yourdomain.foo

You should, of course, perform any research necessary to determine if
the above tests against the nameservers (particularly the root
nameservers) are prohibited before implementing it.

--
Marc

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: domain hijacking: using Nagios to monitor 100s (possibly 1000s) of domains / hosts
Next message: Nagios Configuration
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list