4
0

check_dns.c 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520
  1. /*****************************************************************************
  2. *
  3. * Monitoring check_dns plugin
  4. *
  5. * License: GPL
  6. * Copyright (c) 2000-2008 Monitoring Plugins Development Team
  7. *
  8. * Description:
  9. *
  10. * This file contains the check_dns plugin
  11. *
  12. * LIMITATION: nslookup on Solaris 7 can return output over 2 lines, which
  13. * will not be picked up by this plugin
  14. *
  15. *
  16. * This program is free software: you can redistribute it and/or modify
  17. * it under the terms of the GNU General Public License as published by
  18. * the Free Software Foundation, either version 3 of the License, or
  19. * (at your option) any later version.
  20. *
  21. * This program is distributed in the hope that it will be useful,
  22. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  23. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  24. * GNU General Public License for more details.
  25. *
  26. * You should have received a copy of the GNU General Public License
  27. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  28. *
  29. *
  30. *****************************************************************************/
  31. const char *progname = "check_dns";
  32. const char *copyright = "2000-2008";
  33. const char *email = "devel@monitoring-plugins.org";
  34. #include "common.h"
  35. #include "utils.h"
  36. #include "utils_base.h"
  37. #include "netutils.h"
  38. #include "runcmd.h"
  39. int process_arguments (int, char **);
  40. int validate_arguments (void);
  41. int error_scan (char *);
  42. void print_help (void);
  43. void print_usage (void);
  44. #define ADDRESS_LENGTH 256
  45. char query_address[ADDRESS_LENGTH] = "";
  46. char dns_server[ADDRESS_LENGTH] = "";
  47. char ptr_server[ADDRESS_LENGTH] = "";
  48. int verbose = FALSE;
  49. char **expected_address = NULL;
  50. int expected_address_cnt = 0;
  51. int expect_authority = FALSE;
  52. thresholds *time_thresholds = NULL;
  53. static int
  54. qstrcmp(const void *p1, const void *p2)
  55. {
  56. /* The actual arguments to this function are "pointers to
  57. pointers to char", but strcmp() arguments are "pointers
  58. to char", hence the following cast plus dereference */
  59. return strcmp(* (char * const *) p1, * (char * const *) p2);
  60. }
  61. int
  62. main (int argc, char **argv)
  63. {
  64. char *command_line = NULL;
  65. char input_buffer[MAX_INPUT_BUFFER];
  66. char *address = NULL; /* comma seperated str with addrs/ptrs (sorted) */
  67. char **addresses = NULL;
  68. int n_addresses = 0;
  69. char *msg = NULL;
  70. char *temp_buffer = NULL;
  71. int non_authoritative = FALSE;
  72. int result = STATE_UNKNOWN;
  73. double elapsed_time;
  74. long microsec;
  75. struct timeval tv;
  76. int parse_address = FALSE; /* This flag scans for Address: but only after Name: */
  77. output chld_out, chld_err;
  78. size_t i;
  79. setlocale (LC_ALL, "");
  80. bindtextdomain (PACKAGE, LOCALEDIR);
  81. textdomain (PACKAGE);
  82. /* Set signal handling and alarm */
  83. if (signal (SIGALRM, runcmd_timeout_alarm_handler) == SIG_ERR) {
  84. usage_va(_("Cannot catch SIGALRM"));
  85. }
  86. /* Parse extra opts if any */
  87. argv=np_extra_opts (&argc, argv, progname);
  88. if (process_arguments (argc, argv) == ERROR) {
  89. usage_va(_("Could not parse arguments"));
  90. }
  91. /* get the command to run */
  92. xasprintf (&command_line, "%s %s %s", NSLOOKUP_COMMAND, query_address, dns_server);
  93. alarm (timeout_interval);
  94. gettimeofday (&tv, NULL);
  95. if (verbose)
  96. printf ("%s\n", command_line);
  97. /* run the command */
  98. if((np_runcmd(command_line, &chld_out, &chld_err, 0)) != 0) {
  99. msg = (char *)_("nslookup returned an error status");
  100. result = STATE_WARNING;
  101. }
  102. /* scan stdout */
  103. for(i = 0; i < chld_out.lines; i++) {
  104. if (addresses == NULL)
  105. addresses = malloc(sizeof(*addresses)*10);
  106. else if (!(n_addresses % 10))
  107. addresses = realloc(addresses,sizeof(*addresses) * (n_addresses + 10));
  108. if (verbose)
  109. puts(chld_out.line[i]);
  110. if (strcasestr (chld_out.line[i], ".in-addr.arpa")) {
  111. if ((temp_buffer = strstr (chld_out.line[i], "name = ")))
  112. addresses[n_addresses++] = strdup (temp_buffer + 7);
  113. else {
  114. msg = (char *)_("Warning plugin error");
  115. result = STATE_WARNING;
  116. }
  117. }
  118. /* bug ID: 2946553 - Older versions of bind will use all available dns
  119. servers, we have to match the one specified */
  120. if (strstr (chld_out.line[i], "Server:") && strlen(dns_server) > 0) {
  121. temp_buffer = strchr (chld_out.line[i], ':');
  122. temp_buffer++;
  123. /* Strip leading tabs */
  124. for (; *temp_buffer != '\0' && *temp_buffer == '\t'; temp_buffer++)
  125. /* NOOP */;
  126. strip(temp_buffer);
  127. if (temp_buffer==NULL || strlen(temp_buffer)==0) {
  128. die (STATE_CRITICAL,
  129. _("DNS CRITICAL - '%s' returned empty server string\n"),
  130. NSLOOKUP_COMMAND);
  131. }
  132. if (strcmp(temp_buffer, dns_server) != 0) {
  133. die (STATE_CRITICAL, _("DNS CRITICAL - No response from DNS %s\n"), dns_server);
  134. }
  135. }
  136. /* the server is responding, we just got the host name... */
  137. if (strstr (chld_out.line[i], "Name:"))
  138. parse_address = TRUE;
  139. else if (parse_address == TRUE && (strstr (chld_out.line[i], "Address:") ||
  140. strstr (chld_out.line[i], "Addresses:"))) {
  141. temp_buffer = index (chld_out.line[i], ':');
  142. temp_buffer++;
  143. /* Strip leading spaces */
  144. for (; *temp_buffer != '\0' && *temp_buffer == ' '; temp_buffer++)
  145. /* NOOP */;
  146. strip(temp_buffer);
  147. if (temp_buffer==NULL || strlen(temp_buffer)==0) {
  148. die (STATE_CRITICAL,
  149. _("DNS CRITICAL - '%s' returned empty host name string\n"),
  150. NSLOOKUP_COMMAND);
  151. }
  152. addresses[n_addresses++] = strdup(temp_buffer);
  153. }
  154. else if (strstr (chld_out.line[i], _("Non-authoritative answer:"))) {
  155. non_authoritative = TRUE;
  156. }
  157. result = error_scan (chld_out.line[i]);
  158. if (result != STATE_OK) {
  159. msg = strchr (chld_out.line[i], ':');
  160. if(msg) msg++;
  161. break;
  162. }
  163. }
  164. /* scan stderr */
  165. for(i = 0; i < chld_err.lines; i++) {
  166. if (verbose)
  167. puts(chld_err.line[i]);
  168. if (error_scan (chld_err.line[i]) != STATE_OK) {
  169. result = max_state (result, error_scan (chld_err.line[i]));
  170. msg = strchr(input_buffer, ':');
  171. if(msg) msg++;
  172. }
  173. }
  174. if (addresses) {
  175. int i,slen;
  176. char *adrp;
  177. qsort(addresses, n_addresses, sizeof(*addresses), qstrcmp);
  178. for(i=0, slen=1; i < n_addresses; i++) {
  179. slen += strlen(addresses[i])+1;
  180. }
  181. adrp = address = malloc(slen);
  182. for(i=0; i < n_addresses; i++) {
  183. if (i) *adrp++ = ',';
  184. strcpy(adrp, addresses[i]);
  185. adrp += strlen(addresses[i]);
  186. }
  187. *adrp = 0;
  188. } else
  189. die (STATE_CRITICAL,
  190. _("DNS CRITICAL - '%s' msg parsing exited with no address\n"),
  191. NSLOOKUP_COMMAND);
  192. /* compare to expected address */
  193. if (result == STATE_OK && expected_address_cnt > 0) {
  194. result = STATE_CRITICAL;
  195. temp_buffer = "";
  196. for (i=0; i<expected_address_cnt; i++) {
  197. /* check if we get a match and prepare an error string */
  198. if (strcmp(address, expected_address[i]) == 0) result = STATE_OK;
  199. xasprintf(&temp_buffer, "%s%s; ", temp_buffer, expected_address[i]);
  200. }
  201. if (result == STATE_CRITICAL) {
  202. /* Strip off last semicolon... */
  203. temp_buffer[strlen(temp_buffer)-2] = '\0';
  204. xasprintf(&msg, _("expected '%s' but got '%s'"), temp_buffer, address);
  205. }
  206. }
  207. /* check if authoritative */
  208. if (result == STATE_OK && expect_authority && non_authoritative) {
  209. result = STATE_CRITICAL;
  210. xasprintf(&msg, _("server %s is not authoritative for %s"), dns_server, query_address);
  211. }
  212. microsec = deltime (tv);
  213. elapsed_time = (double)microsec / 1.0e6;
  214. if (result == STATE_OK) {
  215. result = get_status(elapsed_time, time_thresholds);
  216. if (result == STATE_OK) {
  217. printf ("DNS %s: ", _("OK"));
  218. } else if (result == STATE_WARNING) {
  219. printf ("DNS %s: ", _("WARNING"));
  220. } else if (result == STATE_CRITICAL) {
  221. printf ("DNS %s: ", _("CRITICAL"));
  222. }
  223. printf (ngettext("%.3f second response time", "%.3f seconds response time", elapsed_time), elapsed_time);
  224. printf (_(". %s returns %s"), query_address, address);
  225. if ((time_thresholds->warning != NULL) && (time_thresholds->critical != NULL)) {
  226. printf ("|%s\n", fperfdata ("time", elapsed_time, "s",
  227. TRUE, time_thresholds->warning->end,
  228. TRUE, time_thresholds->critical->end,
  229. TRUE, 0, FALSE, 0));
  230. } else if ((time_thresholds->warning == NULL) && (time_thresholds->critical != NULL)) {
  231. printf ("|%s\n", fperfdata ("time", elapsed_time, "s",
  232. FALSE, 0,
  233. TRUE, time_thresholds->critical->end,
  234. TRUE, 0, FALSE, 0));
  235. } else if ((time_thresholds->warning != NULL) && (time_thresholds->critical == NULL)) {
  236. printf ("|%s\n", fperfdata ("time", elapsed_time, "s",
  237. TRUE, time_thresholds->warning->end,
  238. FALSE, 0,
  239. TRUE, 0, FALSE, 0));
  240. } else
  241. printf ("|%s\n", fperfdata ("time", elapsed_time, "s", FALSE, 0, FALSE, 0, TRUE, 0, FALSE, 0));
  242. }
  243. else if (result == STATE_WARNING)
  244. printf (_("DNS WARNING - %s\n"),
  245. !strcmp (msg, "") ? _(" Probably a non-existent host/domain") : msg);
  246. else if (result == STATE_CRITICAL)
  247. printf (_("DNS CRITICAL - %s\n"),
  248. !strcmp (msg, "") ? _(" Probably a non-existent host/domain") : msg);
  249. else
  250. printf (_("DNS UNKNOWN - %s\n"),
  251. !strcmp (msg, "") ? _(" Probably a non-existent host/domain") : msg);
  252. return result;
  253. }
  254. int
  255. error_scan (char *input_buffer)
  256. {
  257. /* the DNS lookup timed out */
  258. if (strstr (input_buffer, _("Note: nslookup is deprecated and may be removed from future releases.")) ||
  259. strstr (input_buffer, _("Consider using the `dig' or `host' programs instead. Run nslookup with")) ||
  260. strstr (input_buffer, _("the `-sil[ent]' option to prevent this message from appearing.")))
  261. return STATE_OK;
  262. /* DNS server is not running... */
  263. else if (strstr (input_buffer, "No response from server"))
  264. die (STATE_CRITICAL, _("No response from DNS %s\n"), dns_server);
  265. /* Host name is valid, but server doesn't have records... */
  266. else if (strstr (input_buffer, "No records"))
  267. die (STATE_CRITICAL, _("DNS %s has no records\n"), dns_server);
  268. /* Connection was refused */
  269. else if (strstr (input_buffer, "Connection refused") ||
  270. strstr (input_buffer, "Couldn't find server") ||
  271. strstr (input_buffer, "Refused") ||
  272. (strstr (input_buffer, "** server can't find") &&
  273. strstr (input_buffer, ": REFUSED")))
  274. die (STATE_CRITICAL, _("Connection to DNS %s was refused\n"), dns_server);
  275. /* Query refused (usually by an ACL in the namserver) */
  276. else if (strstr (input_buffer, "Query refused"))
  277. die (STATE_CRITICAL, _("Query was refused by DNS server at %s\n"), dns_server);
  278. /* No information (e.g. nameserver IP has two PTR records) */
  279. else if (strstr (input_buffer, "No information"))
  280. die (STATE_CRITICAL, _("No information returned by DNS server at %s\n"), dns_server);
  281. /* Host or domain name does not exist */
  282. else if (strstr (input_buffer, "Non-existent") ||
  283. strstr (input_buffer, "** server can't find") ||
  284. strstr (input_buffer,"NXDOMAIN"))
  285. die (STATE_CRITICAL, _("Domain %s was not found by the server\n"), query_address);
  286. /* Network is unreachable */
  287. else if (strstr (input_buffer, "Network is unreachable"))
  288. die (STATE_CRITICAL, _("Network is unreachable\n"));
  289. /* Internal server failure */
  290. else if (strstr (input_buffer, "Server failure"))
  291. die (STATE_CRITICAL, _("DNS failure for %s\n"), dns_server);
  292. /* Request error or the DNS lookup timed out */
  293. else if (strstr (input_buffer, "Format error") ||
  294. strstr (input_buffer, "Timed out"))
  295. return STATE_WARNING;
  296. return STATE_OK;
  297. }
  298. /* process command-line arguments */
  299. int
  300. process_arguments (int argc, char **argv)
  301. {
  302. int c;
  303. char *warning = NULL;
  304. char *critical = NULL;
  305. int opt_index = 0;
  306. static struct option long_opts[] = {
  307. {"help", no_argument, 0, 'h'},
  308. {"version", no_argument, 0, 'V'},
  309. {"verbose", no_argument, 0, 'v'},
  310. {"timeout", required_argument, 0, 't'},
  311. {"hostname", required_argument, 0, 'H'},
  312. {"server", required_argument, 0, 's'},
  313. {"reverse-server", required_argument, 0, 'r'},
  314. {"expected-address", required_argument, 0, 'a'},
  315. {"expect-authority", no_argument, 0, 'A'},
  316. {"warning", required_argument, 0, 'w'},
  317. {"critical", required_argument, 0, 'c'},
  318. {0, 0, 0, 0}
  319. };
  320. if (argc < 2)
  321. return ERROR;
  322. for (c = 1; c < argc; c++)
  323. if (strcmp ("-to", argv[c]) == 0)
  324. strcpy (argv[c], "-t");
  325. while (1) {
  326. c = getopt_long (argc, argv, "hVvAt:H:s:r:a:w:c:", long_opts, &opt_index);
  327. if (c == -1 || c == EOF)
  328. break;
  329. switch (c) {
  330. case 'h': /* help */
  331. print_help ();
  332. exit (STATE_UNKNOWN);
  333. case 'V': /* version */
  334. print_revision (progname, NP_VERSION);
  335. exit (STATE_UNKNOWN);
  336. case 'v': /* version */
  337. verbose = TRUE;
  338. break;
  339. case 't': /* timeout period */
  340. timeout_interval = atoi (optarg);
  341. break;
  342. case 'H': /* hostname */
  343. if (strlen (optarg) >= ADDRESS_LENGTH)
  344. die (STATE_UNKNOWN, _("Input buffer overflow\n"));
  345. strcpy (query_address, optarg);
  346. break;
  347. case 's': /* server name */
  348. /* TODO: this host_or_die check is probably unnecessary.
  349. * Better to confirm nslookup response matches */
  350. host_or_die(optarg);
  351. if (strlen (optarg) >= ADDRESS_LENGTH)
  352. die (STATE_UNKNOWN, _("Input buffer overflow\n"));
  353. strcpy (dns_server, optarg);
  354. break;
  355. case 'r': /* reverse server name */
  356. /* TODO: Is this host_or_die necessary? */
  357. host_or_die(optarg);
  358. if (strlen (optarg) >= ADDRESS_LENGTH)
  359. die (STATE_UNKNOWN, _("Input buffer overflow\n"));
  360. strcpy (ptr_server, optarg);
  361. break;
  362. case 'a': /* expected address */
  363. if (strlen (optarg) >= ADDRESS_LENGTH)
  364. die (STATE_UNKNOWN, _("Input buffer overflow\n"));
  365. expected_address = (char **)realloc(expected_address, (expected_address_cnt+1) * sizeof(char**));
  366. expected_address[expected_address_cnt] = strdup(optarg);
  367. expected_address_cnt++;
  368. break;
  369. case 'A': /* expect authority */
  370. expect_authority = TRUE;
  371. break;
  372. case 'w':
  373. warning = optarg;
  374. break;
  375. case 'c':
  376. critical = optarg;
  377. break;
  378. default: /* args not parsable */
  379. usage5();
  380. }
  381. }
  382. c = optind;
  383. if (strlen(query_address)==0 && c<argc) {
  384. if (strlen(argv[c])>=ADDRESS_LENGTH)
  385. die (STATE_UNKNOWN, _("Input buffer overflow\n"));
  386. strcpy (query_address, argv[c++]);
  387. }
  388. if (strlen(dns_server)==0 && c<argc) {
  389. /* TODO: See -s option */
  390. host_or_die(argv[c]);
  391. if (strlen(argv[c]) >= ADDRESS_LENGTH)
  392. die (STATE_UNKNOWN, _("Input buffer overflow\n"));
  393. strcpy (dns_server, argv[c++]);
  394. }
  395. set_thresholds(&time_thresholds, warning, critical);
  396. return validate_arguments ();
  397. }
  398. int
  399. validate_arguments ()
  400. {
  401. if (query_address[0] == 0)
  402. return ERROR;
  403. return OK;
  404. }
  405. void
  406. print_help (void)
  407. {
  408. print_revision (progname, NP_VERSION);
  409. printf ("Copyright (c) 1999 Ethan Galstad <nagios@nagios.org>\n");
  410. printf (COPYRIGHT, copyright, email);
  411. printf ("%s\n", _("This plugin uses the nslookup program to obtain the IP address for the given host/domain query."));
  412. printf ("%s\n", _("An optional DNS server to use may be specified."));
  413. printf ("%s\n", _("If no DNS server is specified, the default server(s) specified in /etc/resolv.conf will be used."));
  414. printf ("\n\n");
  415. print_usage ();
  416. printf (UT_HELP_VRSN);
  417. printf (UT_EXTRA_OPTS);
  418. printf (" -H, --hostname=HOST\n");
  419. printf (" %s\n", _("The name or address you want to query"));
  420. printf (" -s, --server=HOST\n");
  421. printf (" %s\n", _("Optional DNS server you want to use for the lookup"));
  422. printf (" -a, --expected-address=IP-ADDRESS|HOST\n");
  423. printf (" %s\n", _("Optional IP-ADDRESS you expect the DNS server to return. HOST must end with"));
  424. printf (" %s\n", _("a dot (.). This option can be repeated multiple times (Returns OK if any"));
  425. printf (" %s\n", _("value match). If multiple addresses are returned at once, you have to match"));
  426. printf (" %s\n", _("the whole string of addresses separated with commas (sorted alphabetically)."));
  427. printf (" -A, --expect-authority\n");
  428. printf (" %s\n", _("Optionally expect the DNS server to be authoritative for the lookup"));
  429. printf (" -w, --warning=seconds\n");
  430. printf (" %s\n", _("Return warning if elapsed time exceeds value. Default off"));
  431. printf (" -c, --critical=seconds\n");
  432. printf (" %s\n", _("Return critical if elapsed time exceeds value. Default off"));
  433. printf (UT_CONN_TIMEOUT, DEFAULT_SOCKET_TIMEOUT);
  434. printf (UT_SUPPORT);
  435. }
  436. void
  437. print_usage (void)
  438. {
  439. printf ("%s\n", _("Usage:"));
  440. printf ("%s -H host [-s server] [-a expected-address] [-A] [-t timeout] [-w warn] [-c crit]\n", progname);
  441. }