check_dns works fine for half my servers, fails for other half

Sean Schertell sean at datafly.net
Sat Sep 1 04:51:31 CEST 2007

Previous message: check_dns works fine for half my servers, fails for other half
Next message: check_dns works fine for half my servers, fails for other half
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>> -----Original Message-----
>> From: nagios-users-bounces at lists.sourceforge.net [mailto:nagios- 
>> users-
>> bounces at lists.sourceforge.net] On Behalf Of Sean Schertell
>> Sent: Friday, August 31, 2007 8:05 PM
>> To: Nagios-users at lists.sourceforge.net
>> Subject: [Nagios-users] check_dns works fine for half my  
>> servers,fails
> for
>> other half
>>
>> I'm not really a DNS guru, so it's probably an obvious thing -- would
>> someone mind enlightening me as to why this happens? How come it
>> works fine for the first server but fails for the second? Their
>> definitely both running DNS.
>>
>> [root at turnip etc]# /usr/local/nagios/libexec/check_dns -H
>> microsoft.com -s rosemary.datafly.net
>> DNS OK: 0.324 seconds response time. microsoft.com returns
>> 207.46.197.32,207.46.232.182|time=0.323644s;;;0.000000
>>
>> [root at turnip etc]# /usr/local/nagios/libexec/check_dns -H
>> microsoft.com -s nutmeg.datafly.net
>> DNS CRITICAL - '/usr/bin/nslookup -sil' msg parsing exited with no
>> address
>
> nutmeg is returning output from nslookup that check_dns can't  
> parse. It
> would appear that nutmeg isn't configured to perform recursive lookups
> (lookups for domains it doesn't host) and you're expecting it to.
>
> $ nslookup -sil microsoft.com rosemary.datafly.net
> Server:         rosemary.datafly.net
> Address:        64.34.193.57#53
>
> Non-authoritative answer:
> Name:   microsoft.com
> Address: 207.46.232.182
> Name:   microsoft.com
> Address: 207.46.197.32
>
> $ nslookup -sil microsoft.com nutmeg.datafly.net
> Server:         nutmeg.datafly.net
> Address:        72.36.130.114#53
>
> Non-authoritative answer:
> *** Can't find microsoft.com: No answer
>
> As an aside, you shouldn't be allowing me to perform recursive lookups
> with your servers anyway. Rosemary could easily be hijacked to perform
> DNS based DOS attacks.
>
> -
> Marc
>


So does that mean then that it isn't possible to use the check_dns  
plugin without enabling recursive lookups and leaving my server open  
to DNS DOS attacks?

Is there any way to use dns_check safely?

Thanks :-)

Sean




::::  DataFly.Net  ::::
Complete Web Services
http://www.datafly.net


-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: check_dns works fine for half my servers, fails for other half
Next message: check_dns works fine for half my servers, fails for other half
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list