Am 19.02.2014, 01:39 Uhr, schrieb Mark Andrews <ma...@isc.org>:
In message
<CAFw0=wj2xqqcc69uqetz6sc0oxdkjazt4o+vh0whfvuyia+...@mail.gmail.com>
, markus weber writes:
--===============2070182502041634286==
Content-Type: multipart/alternative;
boundary=001a1134888407910a04f2b6036d
--001a1134888407910a04f2b6036d
Content-Type: text/plain; charset=UTF-8
Hey Guys,
I am new to administer a Bind server and after a few problems i ran
into i
need to monitor the zonefile transfers of my slave server.
I have searched on google and nagios plugin sites but could not find
anything that fits my needs entirely.
Here is the Setup:
- MS ActiveDirectory as primary Nameservers (not under my control)
- 2 Bind server as slave for various zones (behind a loadbalancer)
The problem i ran into, was that the zone transfer didn't work for some
reason and the zone we hold expired causing our mailgateway to stop
relaying mails :/
As i sayed i googled around and as i could not find anything i hacked a
nagios plugin myself ( you can find the code here
https://github.com/seppovic/Nagios-plugins/blob/master/libexec/check_dns_zone
transfer.pl).
But i am curious if i took the right "route". These are my assumptions
and
a first approach:
- read named.conf and get master servers
- query soa of slave and get serial
- query first master and get serial
- if serial match:
get zonefile modification time (not sure if this is significant)
and compare it with localtime and "soa-expiretime"
+ warn or crit on threshold
(stat($zoneFile)[9] + $SOA_S->expire) - time
- if master serial > slave serial
create tempfile and check for how long it stays lower then
masters
serial
+ warn or crit on threshold
- else
test next master
on last master exit with error ( this should not become true
ever,
right?)
A few problems i discovered:
- sometimes have a higher serial then all masters have, is this normal
on
an AD DNS? or am I doing something wrong i thought this could not
happen.
Only transfer from one AD master. Microsoft AD doesn't maintain
consistent serials across the servers. The serials should be
monotonically increasing from a individual server.
Oh, i didn't know that. Thats weird behavior isn't it? I will give it
definitely a try, I just added 3 of those servers to Masters option
because i thought it would increase the reliability in case of an error.
- Some Zones nearly always reach expireation time. and i get a lot of
critical messages and a few hours/minutes before expireation it does the
update.
Choose sane SOA values. refresh and retry << expire
I will check these values, i thought they were kind of standard values
i hope you can guide me a bit and tell me if this is what i want xD
many thanks in advance
seppovic
Thanks.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
