dns monitoring scripts

Lately I am contributing to a repository on github which contains several test-scripts for DNS & DNSSEC Monitoring to verify the functionality of your authoritative nameserver or rather your nameserver configuration…

…currently there are 17 scripts which just use standard system utilities, dig and delv. Those scripts are especially useful to be run if you do change your nameserver settings. Though running that tests regularly might be useful, too. Assuming you do modify your Firewall and due to that your nameserver stops responding on TCP using IPv6 – test04.sh might be for you:

jean@christine ~/Projekte/generic/dns-monitoring-scripts $ ./test04.sh jeanbruenn.info
 == #4 - TCPv6 reachability == 
Server: dns2.ip-minds.de. (2a00:f820:51::5)
OK
Server: dns1.ip-minds.de. (2a00:f820:51::21)
OK

Another nice script might be helpful if your new colleague just told you that he/she tuned your nameserver and you would like to make sure that things like recursion are disabled:

jean@christine ~/Projekte/generic/dns-monitoring-scripts $ ./test17.sh jeanbruenn.info
 == #17 - Recursion check == 
Server: dns2.ip-minds.de. 
 Recursion disabled, good 
Server: dns1.ip-minds.de. 
 Recursion disabled, good

Wondering why recursion should be disabled? We’re also implementing per-script documentation. Got something valuable to add? Take a look at:

No Comments

Post a Comment