Hey Guys, I am new to administer a Bind server and after a few problems i ran into i need to monitor the zonefile transfers of my slave server. I have searched on google and nagios plugin sites but could not find anything that fits my needs entirely.
Here is the Setup: - MS ActiveDirectory as primary Nameservers (not under my control) - 2 Bind server as slave for various zones (behind a loadbalancer) The problem i ran into, was that the zone transfer didn't work for some reason and the zone we hold expired causing our mailgateway to stop relaying mails :/ As i sayed i googled around and as i could not find anything i hacked a nagios plugin myself ( you can find the code here https://github.com/seppovic/Nagios-plugins/blob/master/libexec/check_dns_zonetransfer.pl). But i am curious if i took the right "route". These are my assumptions and a first approach: - read named.conf and get master servers - query soa of slave and get serial - query first master and get serial - if serial match: get zonefile modification time (not sure if this is significant) and compare it with localtime and "soa-expiretime" + warn or crit on threshold (stat($zoneFile)[9] + $SOA_S->expire) - time - if master serial > slave serial create tempfile and check for how long it stays lower then masters serial + warn or crit on threshold - else test next master on last master exit with error ( this should not become true ever, right?) A few problems i discovered: - sometimes have a higher serial then all masters have, is this normal on an AD DNS? or am I doing something wrong i thought this could not happen. - Some Zones nearly always reach expireation time. and i get a lot of critical messages and a few hours/minutes before expireation it does the update. i hope you can guide me a bit and tell me if this is what i want xD many thanks in advance seppovic
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
