In message <CAFw0=wj2xqqcc69uqetz6sc0oxdkjazt4o+vh0whfvuyia+...@mail.gmail.com>
, markus weber writes:
> --===============2070182502041634286==
> Content-Type: multipart/alternative; boundary=001a1134888407910a04f2b6036d
>
> --001a1134888407910a04f2b6036d
> Content-Type: text/plain; charset=UTF-8
>
> Hey Guys,
>
> I am new to administer a Bind server and after a few problems i ran into i
> need to monitor the zonefile transfers of my slave server.
> I have searched on google and nagios plugin sites but could not find
> anything that fits my needs entirely.
>
> Here is the Setup:
> - MS ActiveDirectory as primary Nameservers (not under my control)
> - 2 Bind server as slave for various zones (behind a loadbalancer)
>
> The problem i ran into, was that the zone transfer didn't work for some
> reason and the zone we hold expired causing our mailgateway to stop
> relaying mails :/
>
> As i sayed i googled around and as i could not find anything i hacked a
> nagios plugin myself ( you can find the code here
> https://github.com/seppovic/Nagios-plugins/blob/master/libexec/check_dns_zone
> transfer.pl).
> But i am curious if i took the right "route". These are my assumptions and
> a first approach:
>
> - read named.conf and get master servers
> - query soa of slave and get serial
> - query first master and get serial
> - if serial match:
> get zonefile modification time (not sure if this is significant)
> and compare it with localtime and "soa-expiretime"
> + warn or crit on threshold
> (stat($zoneFile)[9] + $SOA_S->expire) - time
> - if master serial > slave serial
> create tempfile and check for how long it stays lower then masters
> serial
> + warn or crit on threshold
> - else
> test next master
> on last master exit with error ( this should not become true ever,
> right?)
>
>
> A few problems i discovered:
> - sometimes have a higher serial then all masters have, is this normal on
> an AD DNS? or am I doing something wrong i thought this could not happen.
Only transfer from one AD master. Microsoft AD doesn't maintain
consistent serials across the servers. The serials should be
monotonically increasing from a individual server.
> - Some Zones nearly always reach expireation time. and i get a lot of
> critical messages and a few hours/minutes before expireation it does the
> update.
Choose sane SOA values. refresh and retry << expire
> i hope you can guide me a bit and tell me if this is what i want xD
>
> many thanks in advance
> seppovic
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
