Am 19.02.2014, 04:34 Uhr, schrieb /dev/rob0 <r...@gmx.co.uk>:
On Tue, Feb 18, 2014 at 11:44:15PM +0100, markus weber wrote:
I am new to administer a Bind server and after a few problems i ran
into i need to monitor the zonefile transfers of my slave server.
I think the terminology you use shows a part of the confusion. Zone
*data* is transferred to slave servers, not zone *files.*
from my understanding the terminology zonefiletransfer is quite common,
maybe it is just a german thing and in english its just zone transfer, but
i would not fight about this.
I have searched on google and nagios plugin sites but could not
find anything that fits my needs entirely.
Here is the Setup:
- MS ActiveDirectory as primary Nameservers (not under my control)
- 2 Bind server as slave for various zones (behind a loadbalancer)
The problem i ran into, was that the zone transfer didn't work for
some reason and the zone we hold expired causing our mailgateway to
stop relaying mails :/
As i sayed i googled around and as i could not find anything i
hacked a nagios plugin myself ( you can find the code here
https://github.com/seppovic/Nagios-plugins/blob/master/libexec/check_dns_zonetransfer.pl).
But i am curious if i took the right "route". These are my
assumptions and a first approach:
- read named.conf and get master servers
- query soa of slave and get serial
If "query" is something like "dig +short zone.example. soa @slave",
right.
jepp, exactly. i do it with a perlmodule but the outcome is the same
- query first master and get serial
Likewise here, s/slave/master/
true
- if serial match:
get zonefile modification time (not sure if this is significant)
It is not. Zone data is kept in memory and is written to the journal.
At 15-minute intervals, the zone file is written if it differs from
actual zone data.
I read somewhere that it is enough to look at the modification time. But
if you know a way how i can get the time of the last retry i could
determine for how long it did not update.
and compare it with localtime and "soa-expiretime"
+ warn or crit on threshold
(stat($zoneFile)[9] + $SOA_S->expire) - time
- if master serial > slave serial
create tempfile and check for how long it stays lower
then masters serial
+ warn or crit on threshold
- else
test next master
on last master exit with error ( this should not become
true ever, right?)
A few problems i discovered:
- sometimes have a higher serial then all masters have, is this
normal on an AD DNS? or am I doing something wrong i thought this
could not happen.
- Some Zones nearly always reach expireation time. and i get a lot
of critical messages and a few hours/minutes before expireation it
does the update.
Not enough here to know what's going on.
me neither :( what information could i provide for this? or where can i
look for help?
I will first look for the refresh and retry values as Mark pointed out and
come back then.
i hope you can guide me a bit and tell me if this is what i want xD
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
