check_dns.c 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526
  1. /*****************************************************************************
  2. *
  3. * Monitoring check_dns plugin
  4. *
  5. * License: GPL
  6. * Copyright (c) 2000-2008 Monitoring Plugins Development Team
  7. *
  8. * Description:
  9. *
  10. * This file contains the check_dns plugin
  11. *
  12. * LIMITATION: nslookup on Solaris 7 can return output over 2 lines, which
  13. * will not be picked up by this plugin
  14. *
  15. *
  16. * This program is free software: you can redistribute it and/or modify
  17. * it under the terms of the GNU General Public License as published by
  18. * the Free Software Foundation, either version 3 of the License, or
  19. * (at your option) any later version.
  20. *
  21. * This program is distributed in the hope that it will be useful,
  22. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  23. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  24. * GNU General Public License for more details.
  25. *
  26. * You should have received a copy of the GNU General Public License
  27. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  28. *
  29. *
  30. *****************************************************************************/
  31. const char *progname = "check_dns";
  32. const char *copyright = "2000-2008";
  33. const char *email = "devel@monitoring-plugins.org";
  34. #include "common.h"
  35. #include "utils.h"
  36. #include "utils_base.h"
  37. #include "netutils.h"
  38. #include "runcmd.h"
  39. int process_arguments (int, char **);
  40. int validate_arguments (void);
  41. int error_scan (char *);
  42. void print_help (void);
  43. void print_usage (void);
  44. #define ADDRESS_LENGTH 256
  45. char query_address[ADDRESS_LENGTH] = "";
  46. char dns_server[ADDRESS_LENGTH] = "";
  47. char ptr_server[ADDRESS_LENGTH] = "";
  48. int verbose = FALSE;
  49. char **expected_address = NULL;
  50. int expected_address_cnt = 0;
  51. int expect_authority = FALSE;
  52. thresholds *time_thresholds = NULL;
  53. static int
  54. qstrcmp(const void *p1, const void *p2)
  55. {
  56. /* The actual arguments to this function are "pointers to
  57. pointers to char", but strcmp() arguments are "pointers
  58. to char", hence the following cast plus dereference */
  59. return strcmp(* (char * const *) p1, * (char * const *) p2);
  60. }
  61. int
  62. main (int argc, char **argv)
  63. {
  64. char *command_line = NULL;
  65. char input_buffer[MAX_INPUT_BUFFER];
  66. char *address = NULL; /* comma seperated str with addrs/ptrs (sorted) */
  67. char **addresses = NULL;
  68. int n_addresses = 0;
  69. char *msg = NULL;
  70. char *temp_buffer = NULL;
  71. int non_authoritative = FALSE;
  72. int result = STATE_UNKNOWN;
  73. double elapsed_time;
  74. long microsec;
  75. struct timeval tv;
  76. int multi_address;
  77. int parse_address = FALSE; /* This flag scans for Address: but only after Name: */
  78. output chld_out, chld_err;
  79. size_t i;
  80. setlocale (LC_ALL, "");
  81. bindtextdomain (PACKAGE, LOCALEDIR);
  82. textdomain (PACKAGE);
  83. /* Set signal handling and alarm */
  84. if (signal (SIGALRM, runcmd_timeout_alarm_handler) == SIG_ERR) {
  85. usage_va(_("Cannot catch SIGALRM"));
  86. }
  87. /* Parse extra opts if any */
  88. argv=np_extra_opts (&argc, argv, progname);
  89. if (process_arguments (argc, argv) == ERROR) {
  90. usage_va(_("Could not parse arguments"));
  91. }
  92. /* get the command to run */
  93. xasprintf (&command_line, "%s %s %s", NSLOOKUP_COMMAND, query_address, dns_server);
  94. alarm (timeout_interval);
  95. gettimeofday (&tv, NULL);
  96. if (verbose)
  97. printf ("%s\n", command_line);
  98. /* run the command */
  99. if((np_runcmd(command_line, &chld_out, &chld_err, 0)) != 0) {
  100. msg = (char *)_("nslookup returned an error status");
  101. result = STATE_WARNING;
  102. }
  103. /* scan stdout */
  104. for(i = 0; i < chld_out.lines; i++) {
  105. if (addresses == NULL)
  106. addresses = malloc(sizeof(*addresses)*10);
  107. else if (!(n_addresses % 10))
  108. addresses = realloc(addresses,sizeof(*addresses) * (n_addresses + 10));
  109. if (verbose)
  110. puts(chld_out.line[i]);
  111. if (strstr (chld_out.line[i], ".in-addr.arpa")) {
  112. if ((temp_buffer = strstr (chld_out.line[i], "name = ")))
  113. addresses[n_addresses++] = strdup (temp_buffer + 7);
  114. else {
  115. msg = (char *)_("Warning plugin error");
  116. result = STATE_WARNING;
  117. }
  118. }
  119. /* bug ID: 2946553 - Older versions of bind will use all available dns
  120. servers, we have to match the one specified */
  121. if (strstr (chld_out.line[i], "Server:") && strlen(dns_server) > 0) {
  122. temp_buffer = strchr (chld_out.line[i], ':');
  123. temp_buffer++;
  124. /* Strip leading tabs */
  125. for (; *temp_buffer != '\0' && *temp_buffer == '\t'; temp_buffer++)
  126. /* NOOP */;
  127. strip(temp_buffer);
  128. if (temp_buffer==NULL || strlen(temp_buffer)==0) {
  129. die (STATE_CRITICAL,
  130. _("DNS CRITICAL - '%s' returned empty server string\n"),
  131. NSLOOKUP_COMMAND);
  132. }
  133. if (strcmp(temp_buffer, dns_server) != 0) {
  134. die (STATE_CRITICAL, _("DNS CRITICAL - No response from DNS %s\n"), dns_server);
  135. }
  136. }
  137. /* the server is responding, we just got the host name... */
  138. if (strstr (chld_out.line[i], "Name:"))
  139. parse_address = TRUE;
  140. else if (parse_address == TRUE && (strstr (chld_out.line[i], "Address:") ||
  141. strstr (chld_out.line[i], "Addresses:"))) {
  142. temp_buffer = index (chld_out.line[i], ':');
  143. temp_buffer++;
  144. /* Strip leading spaces */
  145. for (; *temp_buffer != '\0' && *temp_buffer == ' '; temp_buffer++)
  146. /* NOOP */;
  147. strip(temp_buffer);
  148. if (temp_buffer==NULL || strlen(temp_buffer)==0) {
  149. die (STATE_CRITICAL,
  150. _("DNS CRITICAL - '%s' returned empty host name string\n"),
  151. NSLOOKUP_COMMAND);
  152. }
  153. addresses[n_addresses++] = strdup(temp_buffer);
  154. }
  155. else if (strstr (chld_out.line[i], _("Non-authoritative answer:"))) {
  156. non_authoritative = TRUE;
  157. }
  158. result = error_scan (chld_out.line[i]);
  159. if (result != STATE_OK) {
  160. msg = strchr (chld_out.line[i], ':');
  161. if(msg) msg++;
  162. break;
  163. }
  164. }
  165. /* scan stderr */
  166. for(i = 0; i < chld_err.lines; i++) {
  167. if (verbose)
  168. puts(chld_err.line[i]);
  169. if (error_scan (chld_err.line[i]) != STATE_OK) {
  170. result = max_state (result, error_scan (chld_err.line[i]));
  171. msg = strchr(input_buffer, ':');
  172. if(msg) msg++;
  173. }
  174. }
  175. if (addresses) {
  176. int i,slen;
  177. char *adrp;
  178. qsort(addresses, n_addresses, sizeof(*addresses), qstrcmp);
  179. for(i=0, slen=1; i < n_addresses; i++) {
  180. slen += strlen(addresses[i])+1;
  181. }
  182. adrp = address = malloc(slen);
  183. for(i=0; i < n_addresses; i++) {
  184. if (i) *adrp++ = ',';
  185. strcpy(adrp, addresses[i]);
  186. adrp += strlen(addresses[i]);
  187. }
  188. *adrp = 0;
  189. } else
  190. die (STATE_CRITICAL,
  191. _("DNS CRITICAL - '%s' msg parsing exited with no address\n"),
  192. NSLOOKUP_COMMAND);
  193. /* compare to expected address */
  194. if (result == STATE_OK && expected_address_cnt > 0) {
  195. result = STATE_CRITICAL;
  196. temp_buffer = "";
  197. for (i=0; i<expected_address_cnt; i++) {
  198. /* check if we get a match and prepare an error string */
  199. if (strcmp(address, expected_address[i]) == 0) result = STATE_OK;
  200. xasprintf(&temp_buffer, "%s%s; ", temp_buffer, expected_address[i]);
  201. }
  202. if (result == STATE_CRITICAL) {
  203. /* Strip off last semicolon... */
  204. temp_buffer[strlen(temp_buffer)-2] = '\0';
  205. xasprintf(&msg, _("expected '%s' but got '%s'"), temp_buffer, address);
  206. }
  207. }
  208. /* check if authoritative */
  209. if (result == STATE_OK && expect_authority && non_authoritative) {
  210. result = STATE_CRITICAL;
  211. xasprintf(&msg, _("server %s is not authoritative for %s"), dns_server, query_address);
  212. }
  213. microsec = deltime (tv);
  214. elapsed_time = (double)microsec / 1.0e6;
  215. if (result == STATE_OK) {
  216. if (strchr (address, ',') == NULL)
  217. multi_address = FALSE;
  218. else
  219. multi_address = TRUE;
  220. result = get_status(elapsed_time, time_thresholds);
  221. if (result == STATE_OK) {
  222. printf ("DNS %s: ", _("OK"));
  223. } else if (result == STATE_WARNING) {
  224. printf ("DNS %s: ", _("WARNING"));
  225. } else if (result == STATE_CRITICAL) {
  226. printf ("DNS %s: ", _("CRITICAL"));
  227. }
  228. printf (ngettext("%.3f second response time", "%.3f seconds response time", elapsed_time), elapsed_time);
  229. printf (_(". %s returns %s"), query_address, address);
  230. if ((time_thresholds->warning != NULL) && (time_thresholds->critical != NULL)) {
  231. printf ("|%s\n", fperfdata ("time", elapsed_time, "s",
  232. TRUE, time_thresholds->warning->end,
  233. TRUE, time_thresholds->critical->end,
  234. TRUE, 0, FALSE, 0));
  235. } else if ((time_thresholds->warning == NULL) && (time_thresholds->critical != NULL)) {
  236. printf ("|%s\n", fperfdata ("time", elapsed_time, "s",
  237. FALSE, 0,
  238. TRUE, time_thresholds->critical->end,
  239. TRUE, 0, FALSE, 0));
  240. } else if ((time_thresholds->warning != NULL) && (time_thresholds->critical == NULL)) {
  241. printf ("|%s\n", fperfdata ("time", elapsed_time, "s",
  242. TRUE, time_thresholds->warning->end,
  243. FALSE, 0,
  244. TRUE, 0, FALSE, 0));
  245. } else
  246. printf ("|%s\n", fperfdata ("time", elapsed_time, "s", FALSE, 0, FALSE, 0, TRUE, 0, FALSE, 0));
  247. }
  248. else if (result == STATE_WARNING)
  249. printf (_("DNS WARNING - %s\n"),
  250. !strcmp (msg, "") ? _(" Probably a non-existent host/domain") : msg);
  251. else if (result == STATE_CRITICAL)
  252. printf (_("DNS CRITICAL - %s\n"),
  253. !strcmp (msg, "") ? _(" Probably a non-existent host/domain") : msg);
  254. else
  255. printf (_("DNS UNKNOWN - %s\n"),
  256. !strcmp (msg, "") ? _(" Probably a non-existent host/domain") : msg);
  257. return result;
  258. }
  259. int
  260. error_scan (char *input_buffer)
  261. {
  262. /* the DNS lookup timed out */
  263. if (strstr (input_buffer, _("Note: nslookup is deprecated and may be removed from future releases.")) ||
  264. strstr (input_buffer, _("Consider using the `dig' or `host' programs instead. Run nslookup with")) ||
  265. strstr (input_buffer, _("the `-sil[ent]' option to prevent this message from appearing.")))
  266. return STATE_OK;
  267. /* DNS server is not running... */
  268. else if (strstr (input_buffer, "No response from server"))
  269. die (STATE_CRITICAL, _("No response from DNS %s\n"), dns_server);
  270. /* Host name is valid, but server doesn't have records... */
  271. else if (strstr (input_buffer, "No records"))
  272. die (STATE_CRITICAL, _("DNS %s has no records\n"), dns_server);
  273. /* Connection was refused */
  274. else if (strstr (input_buffer, "Connection refused") ||
  275. strstr (input_buffer, "Couldn't find server") ||
  276. strstr (input_buffer, "Refused") ||
  277. (strstr (input_buffer, "** server can't find") &&
  278. strstr (input_buffer, ": REFUSED")))
  279. die (STATE_CRITICAL, _("Connection to DNS %s was refused\n"), dns_server);
  280. /* Query refused (usually by an ACL in the namserver) */
  281. else if (strstr (input_buffer, "Query refused"))
  282. die (STATE_CRITICAL, _("Query was refused by DNS server at %s\n"), dns_server);
  283. /* No information (e.g. nameserver IP has two PTR records) */
  284. else if (strstr (input_buffer, "No information"))
  285. die (STATE_CRITICAL, _("No information returned by DNS server at %s\n"), dns_server);
  286. /* Host or domain name does not exist */
  287. else if (strstr (input_buffer, "Non-existent") ||
  288. strstr (input_buffer, "** server can't find") ||
  289. strstr (input_buffer,"NXDOMAIN"))
  290. die (STATE_CRITICAL, _("Domain %s was not found by the server\n"), query_address);
  291. /* Network is unreachable */
  292. else if (strstr (input_buffer, "Network is unreachable"))
  293. die (STATE_CRITICAL, _("Network is unreachable\n"));
  294. /* Internal server failure */
  295. else if (strstr (input_buffer, "Server failure"))
  296. die (STATE_CRITICAL, _("DNS failure for %s\n"), dns_server);
  297. /* Request error or the DNS lookup timed out */
  298. else if (strstr (input_buffer, "Format error") ||
  299. strstr (input_buffer, "Timed out"))
  300. return STATE_WARNING;
  301. return STATE_OK;
  302. }
  303. /* process command-line arguments */
  304. int
  305. process_arguments (int argc, char **argv)
  306. {
  307. int c;
  308. char *warning = NULL;
  309. char *critical = NULL;
  310. int opt_index = 0;
  311. static struct option long_opts[] = {
  312. {"help", no_argument, 0, 'h'},
  313. {"version", no_argument, 0, 'V'},
  314. {"verbose", no_argument, 0, 'v'},
  315. {"timeout", required_argument, 0, 't'},
  316. {"hostname", required_argument, 0, 'H'},
  317. {"server", required_argument, 0, 's'},
  318. {"reverse-server", required_argument, 0, 'r'},
  319. {"expected-address", required_argument, 0, 'a'},
  320. {"expect-authority", no_argument, 0, 'A'},
  321. {"warning", required_argument, 0, 'w'},
  322. {"critical", required_argument, 0, 'c'},
  323. {0, 0, 0, 0}
  324. };
  325. if (argc < 2)
  326. return ERROR;
  327. for (c = 1; c < argc; c++)
  328. if (strcmp ("-to", argv[c]) == 0)
  329. strcpy (argv[c], "-t");
  330. while (1) {
  331. c = getopt_long (argc, argv, "hVvAt:H:s:r:a:w:c:", long_opts, &opt_index);
  332. if (c == -1 || c == EOF)
  333. break;
  334. switch (c) {
  335. case 'h': /* help */
  336. print_help ();
  337. exit (STATE_OK);
  338. case 'V': /* version */
  339. print_revision (progname, NP_VERSION);
  340. exit (STATE_OK);
  341. case 'v': /* version */
  342. verbose = TRUE;
  343. break;
  344. case 't': /* timeout period */
  345. timeout_interval = atoi (optarg);
  346. break;
  347. case 'H': /* hostname */
  348. if (strlen (optarg) >= ADDRESS_LENGTH)
  349. die (STATE_UNKNOWN, _("Input buffer overflow\n"));
  350. strcpy (query_address, optarg);
  351. break;
  352. case 's': /* server name */
  353. /* TODO: this host_or_die check is probably unnecessary.
  354. * Better to confirm nslookup response matches */
  355. host_or_die(optarg);
  356. if (strlen (optarg) >= ADDRESS_LENGTH)
  357. die (STATE_UNKNOWN, _("Input buffer overflow\n"));
  358. strcpy (dns_server, optarg);
  359. break;
  360. case 'r': /* reverse server name */
  361. /* TODO: Is this host_or_die necessary? */
  362. host_or_die(optarg);
  363. if (strlen (optarg) >= ADDRESS_LENGTH)
  364. die (STATE_UNKNOWN, _("Input buffer overflow\n"));
  365. strcpy (ptr_server, optarg);
  366. break;
  367. case 'a': /* expected address */
  368. if (strlen (optarg) >= ADDRESS_LENGTH)
  369. die (STATE_UNKNOWN, _("Input buffer overflow\n"));
  370. expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**));
  371. expected_address[expected_address_cnt] = strdup(optarg);
  372. expected_address_cnt++;
  373. break;
  374. case 'A': /* expect authority */
  375. expect_authority = TRUE;
  376. break;
  377. case 'w':
  378. warning = optarg;
  379. break;
  380. case 'c':
  381. critical = optarg;
  382. break;
  383. default: /* args not parsable */
  384. usage5();
  385. }
  386. }
  387. c = optind;
  388. if (strlen(query_address)==0 && c<argc) {
  389. if (strlen(argv[c])>=ADDRESS_LENGTH)
  390. die (STATE_UNKNOWN, _("Input buffer overflow\n"));
  391. strcpy (query_address, argv[c++]);
  392. }
  393. if (strlen(dns_server)==0 && c<argc) {
  394. /* TODO: See -s option */
  395. host_or_die(argv[c]);
  396. if (strlen(argv[c]) >= ADDRESS_LENGTH)
  397. die (STATE_UNKNOWN, _("Input buffer overflow\n"));
  398. strcpy (dns_server, argv[c++]);
  399. }
  400. set_thresholds(&time_thresholds, warning, critical);
  401. return validate_arguments ();
  402. }
  403. int
  404. validate_arguments ()
  405. {
  406. if (query_address[0] == 0)
  407. return ERROR;
  408. return OK;
  409. }
  410. void
  411. print_help (void)
  412. {
  413. print_revision (progname, NP_VERSION);
  414. printf ("Copyright (c) 1999 Ethan Galstad <nagios@nagios.org>\n");
  415. printf (COPYRIGHT, copyright, email);
  416. printf ("%s\n", _("This plugin uses the nslookup program to obtain the IP address for the given host/domain query."));
  417. printf ("%s\n", _("An optional DNS server to use may be specified."));
  418. printf ("%s\n", _("If no DNS server is specified, the default server(s) specified in /etc/resolv.conf will be used."));
  419. printf ("\n\n");
  420. print_usage ();
  421. printf (UT_HELP_VRSN);
  422. printf (UT_EXTRA_OPTS);
  423. printf (" -H, --hostname=HOST\n");
  424. printf (" %s\n", _("The name or address you want to query"));
  425. printf (" -s, --server=HOST\n");
  426. printf (" %s\n", _("Optional DNS server you want to use for the lookup"));
  427. printf (" -a, --expected-address=IP-ADDRESS|HOST\n");
  428. printf (" %s\n", _("Optional IP-ADDRESS you expect the DNS server to return. HOST must end with"));
  429. printf (" %s\n", _("a dot (.). This option can be repeated multiple times (Returns OK if any"));
  430. printf (" %s\n", _("value match). If multiple addresses are returned at once, you have to match"));
  431. printf (" %s\n", _("the whole string of addresses separated with commas (sorted alphabetically)."));
  432. printf (" -A, --expect-authority\n");
  433. printf (" %s\n", _("Optionally expect the DNS server to be authoritative for the lookup"));
  434. printf (" -w, --warning=seconds\n");
  435. printf (" %s\n", _("Return warning if elapsed time exceeds value. Default off"));
  436. printf (" -c, --critical=seconds\n");
  437. printf (" %s\n", _("Return critical if elapsed time exceeds value. Default off"));
  438. printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
  439. printf (UT_SUPPORT);
  440. }
  441. void
  442. print_usage (void)
  443. {
  444. printf ("%s\n", _("Usage:"));
  445. printf ("%s -H host [-s server] [-a expected-address] [-A] [-t timeout] [-w warn] [-c crit]\n", progname);
  446. }