summaryrefslogtreecommitdiffstats
path: root/plugins/check_dns.c
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/check_dns.c')
-rw-r--r--plugins/check_dns.c61
1 files changed, 40 insertions, 21 deletions
diff --git a/plugins/check_dns.c b/plugins/check_dns.c
index 24205294..14d4306c 100644
--- a/plugins/check_dns.c
+++ b/plugins/check_dns.c
@@ -7,7 +7,7 @@
7 7
8 This program is distributed in the hope that it will be useful, 8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of 9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details. 11 GNU General Public License for more details.
12 12
13 You should have received a copy of the GNU General Public License 13 You should have received a copy of the GNU General Public License
@@ -42,6 +42,7 @@ char ptr_server[ADDRESS_LENGTH] = "";
42int verbose = FALSE; 42int verbose = FALSE;
43char expected_address[ADDRESS_LENGTH] = ""; 43char expected_address[ADDRESS_LENGTH] = "";
44int match_expected_address = FALSE; 44int match_expected_address = FALSE;
45int expect_authority = FALSE;
45 46
46int 47int
47main (int argc, char **argv) 48main (int argc, char **argv)
@@ -51,12 +52,13 @@ main (int argc, char **argv)
51 char *output = NULL; 52 char *output = NULL;
52 char *address = NULL; 53 char *address = NULL;
53 char *temp_buffer = NULL; 54 char *temp_buffer = NULL;
55 int non_authoritative = FALSE;
54 int result = STATE_UNKNOWN; 56 int result = STATE_UNKNOWN;
55 double elapsed_time; 57 double elapsed_time;
56 long microsec; 58 long microsec;
57 struct timeval tv; 59 struct timeval tv;
58 int multi_address; 60 int multi_address;
59 int parse_address = FALSE; /* This flag scans for Address: but only after Name: */ 61 int parse_address = FALSE; /* This flag scans for Address: but only after Name: */
60 62
61 setlocale (LC_ALL, ""); 63 setlocale (LC_ALL, "");
62 bindtextdomain (PACKAGE, LOCALEDIR); 64 bindtextdomain (PACKAGE, LOCALEDIR);
@@ -74,7 +76,7 @@ main (int argc, char **argv)
74 } 76 }
75 77
76 /* get the command to run */ 78 /* get the command to run */
77 asprintf (&command_line, "%s %s %s", NSLOOKUP_COMMAND, query_address, dns_server); 79 asprintf (&command_line, "%s %s %s", NSLOOKUP_COMMAND, query_address, dns_server);
78 80
79 alarm (timeout_interval); 81 alarm (timeout_interval);
80 gettimeofday (&tv, NULL); 82 gettimeofday (&tv, NULL);
@@ -111,7 +113,8 @@ main (int argc, char **argv)
111 /* the server is responding, we just got the host name... */ 113 /* the server is responding, we just got the host name... */
112 if (strstr (input_buffer, "Name:")) 114 if (strstr (input_buffer, "Name:"))
113 parse_address = TRUE; 115 parse_address = TRUE;
114 else if (parse_address == TRUE && (strstr (input_buffer, "Address:") || strstr (input_buffer, "Addresses:"))) { 116 else if (parse_address == TRUE && (strstr (input_buffer, "Address:") ||
117 strstr (input_buffer, "Addresses:"))) {
115 temp_buffer = index (input_buffer, ':'); 118 temp_buffer = index (input_buffer, ':');
116 temp_buffer++; 119 temp_buffer++;
117 120
@@ -121,8 +124,9 @@ main (int argc, char **argv)
121 124
122 strip(temp_buffer); 125 strip(temp_buffer);
123 if (temp_buffer==NULL || strlen(temp_buffer)==0) { 126 if (temp_buffer==NULL || strlen(temp_buffer)==0) {
124 die (STATE_CRITICAL, _("DNS CRITICAL - '%s' returned empty host name string\n"), 127 die (STATE_CRITICAL,
125 NSLOOKUP_COMMAND); 128 _("DNS CRITICAL - '%s' returned empty host name string\n"),
129 NSLOOKUP_COMMAND);
126 } 130 }
127 131
128 if (address == NULL) 132 if (address == NULL)
@@ -131,6 +135,10 @@ main (int argc, char **argv)
131 asprintf(&address, "%s,%s", address, temp_buffer); 135 asprintf(&address, "%s,%s", address, temp_buffer);
132 } 136 }
133 137
138 else if (strstr (input_buffer, "Non-authoritative answer:")) {
139 non_authoritative = TRUE;
140 }
141
134 result = error_scan (input_buffer); 142 result = error_scan (input_buffer);
135 if (result != STATE_OK) { 143 if (result != STATE_OK) {
136 output = strdup (1 + index (input_buffer, ':')); 144 output = strdup (1 + index (input_buffer, ':'));
@@ -163,8 +171,8 @@ main (int argc, char **argv)
163 and we can segfault if we do not */ 171 and we can segfault if we do not */
164 if (address==NULL || strlen(address)==0) 172 if (address==NULL || strlen(address)==0)
165 die (STATE_CRITICAL, 173 die (STATE_CRITICAL,
166 _("DNS CRITICAL - '%s' output parsing exited with no address\n"), 174 _("DNS CRITICAL - '%s' output parsing exited with no address\n"),
167 NSLOOKUP_COMMAND); 175 NSLOOKUP_COMMAND);
168 176
169 /* compare to expected address */ 177 /* compare to expected address */
170 if (result == STATE_OK && match_expected_address && strcmp(address, expected_address)) { 178 if (result == STATE_OK && match_expected_address && strcmp(address, expected_address)) {
@@ -172,6 +180,12 @@ main (int argc, char **argv)
172 asprintf(&output, _("expected %s but got %s"), expected_address, address); 180 asprintf(&output, _("expected %s but got %s"), expected_address, address);
173 } 181 }
174 182
183 /* check if authoritative */
184 if (result == STATE_OK && expect_authority && non_authoritative) {
185 result = STATE_CRITICAL;
186 asprintf(&output, _("server %s is not authoritative for %s"), dns_server, query_address);
187 }
188
175 microsec = deltime (tv); 189 microsec = deltime (tv);
176 elapsed_time = (double)microsec / 1.0e6; 190 elapsed_time = (double)microsec / 1.0e6;
177 191
@@ -188,13 +202,13 @@ main (int argc, char **argv)
188 } 202 }
189 else if (result == STATE_WARNING) 203 else if (result == STATE_WARNING)
190 printf (_("DNS WARNING - %s\n"), 204 printf (_("DNS WARNING - %s\n"),
191 !strcmp (output, "") ? _(" Probably a non-existent host/domain") : output); 205 !strcmp (output, "") ? _(" Probably a non-existent host/domain") : output);
192 else if (result == STATE_CRITICAL) 206 else if (result == STATE_CRITICAL)
193 printf (_("DNS CRITICAL - %s\n"), 207 printf (_("DNS CRITICAL - %s\n"),
194 !strcmp (output, "") ? _(" Probably a non-existent host/domain") : output); 208 !strcmp (output, "") ? _(" Probably a non-existent host/domain") : output);
195 else 209 else
196 printf (_("DNS problem - %s\n"), 210 printf (_("DNS problem - %s\n"),
197 !strcmp (output, "") ? _(" Probably a non-existent host/domain") : output); 211 !strcmp (output, "") ? _(" Probably a non-existent host/domain") : output);
198 212
199 return result; 213 return result;
200} 214}
@@ -204,7 +218,7 @@ error_scan (char *input_buffer)
204{ 218{
205 219
206 /* the DNS lookup timed out */ 220 /* the DNS lookup timed out */
207 if (strstr (input_buffer, "Note: nslookup is deprecated and may be removed from future releases.") || 221 if (strstr (input_buffer, "Note: nslookup is deprecated and may be removed from future releases.") ||
208 strstr (input_buffer, "Consider using the `dig' or `host' programs instead. Run nslookup with") || 222 strstr (input_buffer, "Consider using the `dig' or `host' programs instead. Run nslookup with") ||
209 strstr (input_buffer, "the `-sil[ent]' option to prevent this message from appearing.")) 223 strstr (input_buffer, "the `-sil[ent]' option to prevent this message from appearing."))
210 return STATE_OK; 224 return STATE_OK;
@@ -219,9 +233,9 @@ error_scan (char *input_buffer)
219 233
220 /* Connection was refused */ 234 /* Connection was refused */
221 else if (strstr (input_buffer, "Connection refused") || 235 else if (strstr (input_buffer, "Connection refused") ||
236 strstr (input_buffer, "Refused") ||
222 (strstr (input_buffer, "** server can't find") && 237 (strstr (input_buffer, "** server can't find") &&
223 strstr (input_buffer, ": REFUSED")) || 238 strstr (input_buffer, ": REFUSED")))
224 (strstr (input_buffer, "Refused")))
225 die (STATE_CRITICAL, _("Connection to name server %s was refused\n"), dns_server); 239 die (STATE_CRITICAL, _("Connection to name server %s was refused\n"), dns_server);
226 240
227 /* Host or domain name does not exist */ 241 /* Host or domain name does not exist */
@@ -263,6 +277,7 @@ process_arguments (int argc, char **argv)
263 {"server", required_argument, 0, 's'}, 277 {"server", required_argument, 0, 's'},
264 {"reverse-server", required_argument, 0, 'r'}, 278 {"reverse-server", required_argument, 0, 'r'},
265 {"expected-address", required_argument, 0, 'a'}, 279 {"expected-address", required_argument, 0, 'a'},
280 {"expect-authority", no_argument, 0, 'A'},
266 {0, 0, 0, 0} 281 {0, 0, 0, 0}
267 }; 282 };
268 283
@@ -274,7 +289,7 @@ process_arguments (int argc, char **argv)
274 strcpy (argv[c], "-t"); 289 strcpy (argv[c], "-t");
275 290
276 while (1) { 291 while (1) {
277 c = getopt_long (argc, argv, "hVvt:H:s:r:a:", long_opts, &opt_index); 292 c = getopt_long (argc, argv, "hVvAt:H:s:r:a:", long_opts, &opt_index);
278 293
279 if (c == -1 || c == EOF) 294 if (c == -1 || c == EOF)
280 break; 295 break;
@@ -302,8 +317,8 @@ process_arguments (int argc, char **argv)
302 strcpy (query_address, optarg); 317 strcpy (query_address, optarg);
303 break; 318 break;
304 case 's': /* server name */ 319 case 's': /* server name */
305 /* TODO: this is_host check is probably unnecessary. Better to confirm nslookup 320 /* TODO: this is_host check is probably unnecessary. */
306 response matches */ 321 /* Better to confirm nslookup response matches */
307 if (is_host (optarg) == FALSE) { 322 if (is_host (optarg) == FALSE) {
308 printf (_("Invalid server name/address\n\n")); 323 printf (_("Invalid server name/address\n\n"));
309 print_usage (); 324 print_usage ();
@@ -330,6 +345,9 @@ process_arguments (int argc, char **argv)
330 strcpy (expected_address, optarg); 345 strcpy (expected_address, optarg);
331 match_expected_address = TRUE; 346 match_expected_address = TRUE;
332 break; 347 break;
348 case 'A': /* expect authority */
349 expect_authority = TRUE;
350 break;
333 } 351 }
334 } 352 }
335 353
@@ -386,7 +404,9 @@ print_help (void)
386-s, --server=HOST\n\ 404-s, --server=HOST\n\
387 Optional DNS server you want to use for the lookup\n\ 405 Optional DNS server you want to use for the lookup\n\
388-a, --expected-address=IP-ADDRESS\n\ 406-a, --expected-address=IP-ADDRESS\n\
389 Optional IP address you expect the DNS server to return\n")); 407 Optional IP address you expect the DNS server to return\n\
408-A, --expect-authority\n\
409 Optionally expect the DNS server to be authoritative for the lookup\n"));
390 410
391 printf (_(UT_TIMEOUT), DEFAULT_SOCKET_TIMEOUT); 411 printf (_(UT_TIMEOUT), DEFAULT_SOCKET_TIMEOUT);
392 412
@@ -406,8 +426,7 @@ void
406print_usage (void) 426print_usage (void)
407{ 427{
408 printf (_("\ 428 printf (_("\
409Usage: %s -H host [-s server] [-a expected-address] [-t timeout]\n\ 429Usage: %s -H host [-s server] [-a expected-address] [-A] [-t timeout]\n\
410 %s --help\n\ 430 %s --help\n\
411 %s --version\n"), 431 %s --version\n"), progname, progname, progname);
412 progname, progname, progname);
413} 432}