Monitoring Zonefiletransfer

markus weber bumpemacvettn at googlemail.com
Tue Feb 18 22:44:15 UTC 2014


Hey Guys,

I am new to administer a Bind server and after a few problems i ran into i
need to monitor the zonefile transfers of my slave server.
I have searched on google and nagios plugin sites but could not find
anything that fits my needs entirely.

Here is the Setup:
- MS ActiveDirectory as primary Nameservers (not under my control)
- 2 Bind server as slave for various zones (behind a loadbalancer)

The problem i ran into, was that the zone transfer didn't work for some
reason and the zone we hold expired causing our mailgateway to stop
relaying mails :/

As i sayed i googled around and as i could not find anything i hacked a
nagios plugin myself ( you can find the code here
https://github.com/seppovic/Nagios-plugins/blob/master/libexec/check_dns_zonetransfer.pl).
But i am curious if i took the right "route". These are my assumptions and
a first approach:

- read named.conf and get master servers
- query soa of slave and get serial
- query first master and get serial
- if serial match:
        get zonefile modification time (not sure if this is significant)
and compare it with localtime and "soa-expiretime"
        + warn or crit on threshold
        (stat($zoneFile)[9] + $SOA_S->expire) - time
- if master serial > slave serial
        create tempfile and check for how long it stays lower then masters
serial
        + warn or crit on threshold
- else
        test next master
        on last master exit with error ( this should not become true ever,
right?)


A few problems i discovered:
- sometimes have a higher serial then all masters have, is this normal on
an AD DNS? or am I doing something wrong i thought this could not happen.
- Some Zones nearly always reach expireation time. and i get a lot of
critical messages and a few hours/minutes before expireation it does the
update.

i hope you can guide me a bit and tell me if this is what i want xD

many thanks in advance
seppovic
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140218/1bf24ce5/attachment-0001.html>


More information about the bind-users mailing list