Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
Directory Tree
check_dnssec.sh
Meet The New Nagios Core Services Platform
Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.
Monitoring Made Magically Better
- Nagios Core on Overdrive
- Powerful Monitoring Dashboards
- Time-Saving Configuration Wizards
- Open Source Powered Monitoring On Steroids
- And So Much More!
of a correctly configured domain. The records are flags checked for validity are;
DS (Delegation Of Signing) record.
DNSKEY (Public Key) record.
AD (Authentic Data) flag.
RRSIG (Resource Record Signature) flag.
Finally the plugin checks how many days the zone will remain signed valid until resigning is required,
the initial default is 30 days. The plugin requires that correctly configured Bind DNS server has a valid DNSSEC installation with corresponding configured zone files to match. The configuration of the server and corresponding DNSSEC zone files and records are beyond the scope of this manual.
Copyright (c) 2021 Ryan Wilgoss (ryan.wilgoss@tridata-solutions.com)
Version: 1.5
Last Modified: 04/06/2021
License: GPL v3
System Requirements:
Nagios, Bash, Dig, NRPE Client (daemon), Bind DNS Server with DNSSEC and domain zones installed accordingly.
Usage: check_dnssec
Options:
/h = Display this help page
Command Line Example:
From the command line on the local DNS server:
# ./check_dnssec example.com 10 3
Result:
OK - Signed Zone Expires in 12 days: DS=OK, DNSKEY=OK, AD=OK, RRSEG=OK
Remote Command Line Example Using NRPE:
From Nagios server remotely via NRPE
# ./check_nrpe -H -c check_dnssec -a example.com 10 3
Result:
OK - Signed Zone Expires in 12 days: DS=OK, DNSKEY=OK, AD=OK, RRSEG=OK
Description:
This plugin checks the validity of the vital DNSSEC components required for secure DNS resolution of a correctly configured domain. The records are flags checked for validity are;
DS (Delegation Of Signing) record.
DNSKEY (Public Key) record.
AD (Authentic Data) flag.
RRSIG (Resource Record Signature) flag.
Finally the plugin checks how many days the zone will remain signed valid until resigning is required, the initial default is 30 days. The plugin requires that correctly configured Bind DNS server has a valid DNSSEC installation with corresponding configured zone files to match. The configuration of the server and corresponding DNSSEC zone files and records are beyond the scope of this manual.
Nagios Server Configuration:
commands.cfg:
define command{
command_name check_dnssec_remote
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c check_dnssec -a $ARG1$ $ARG2$ $ARG3$
}
hostedserver.cfg:
define service {
use generic-service
host_name ns1.bind-dns-server.com
service_description DNSSEC - example.com
check_command check_dnssec_remote!example.com!10!3
}
DNS Remote Server To Be Monitored:
nrpe.cfg:
command[check_dnssec]=/usr/lib64/nagios/plugins/check_dnssec.sh $ARG1$ $ARG2$ $ARG3$
Notes:
Install this plugin into the path /usr/lib64/nagios/plugins/ (or wherever you plugins are clearresiding), on the remote DNS server ensuring that the file check_dnssec.sh has executable capabilities.
Version: 1.5
Last Modified: 04/06/2021
License: GPL v3
System Requirements:
Nagios, Bash, Dig, NRPE Client (daemon), Bind DNS Server with DNSSEC and domain zones installed accordingly.
Usage: check_dnssec
Options:
/h = Display this help page
Command Line Example:
From the command line on the local DNS server:
# ./check_dnssec example.com 10 3
Result:
OK - Signed Zone Expires in 12 days: DS=OK, DNSKEY=OK, AD=OK, RRSEG=OK
Remote Command Line Example Using NRPE:
From Nagios server remotely via NRPE
# ./check_nrpe -H
Result:
OK - Signed Zone Expires in 12 days: DS=OK, DNSKEY=OK, AD=OK, RRSEG=OK
Description:
This plugin checks the validity of the vital DNSSEC components required for secure DNS resolution of a correctly configured domain. The records are flags checked for validity are;
DS (Delegation Of Signing) record.
DNSKEY (Public Key) record.
AD (Authentic Data) flag.
RRSIG (Resource Record Signature) flag.
Finally the plugin checks how many days the zone will remain signed valid until resigning is required, the initial default is 30 days. The plugin requires that correctly configured Bind DNS server has a valid DNSSEC installation with corresponding configured zone files to match. The configuration of the server and corresponding DNSSEC zone files and records are beyond the scope of this manual.
Nagios Server Configuration:
commands.cfg:
define command{
command_name check_dnssec_remote
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c check_dnssec -a $ARG1$ $ARG2$ $ARG3$
}
hostedserver.cfg:
define service {
use generic-service
host_name ns1.bind-dns-server.com
service_description DNSSEC - example.com
check_command check_dnssec_remote!example.com!10!3
}
DNS Remote Server To Be Monitored:
nrpe.cfg:
command[check_dnssec]=/usr/lib64/nagios/plugins/check_dnssec.sh $ARG1$ $ARG2$ $ARG3$
Notes:
Install this plugin into the path /usr/lib64/nagios/plugins/ (or wherever you plugins are clearresiding), on the remote DNS server ensuring that the file check_dnssec.sh has executable capabilities.
Reviews (0)
Be the first to review this listing!