On 03/04/2011 01:56, Andy Smith wrote:
Hello,
As you may be aware, BitFolk offers free authoritative DNS services
to VPS customers. This is provided by means of the BitFolk DNS
servers taking a zone transfer (AXFR) from the customer's name
server.
As part of this service we monitor the customer's name server as a
matter of course. That's because it saves everyone's time to know
where any problems lie.
What we currently monitor:
- Customer's server responds on TCP/53
- Query of server for SOA record of the customer's domain produces
a positive, authoritative response
That's pretty good but it misses one class of misconfiguration:
where a customer's name server is misconfigured to refuse zone
transfer from BitFolk's servers.
<SNIP>
Alternatively, if BitFolk's Nagios tried an AXFR say once a day for
each of your zones would you consider that excessive?
Wouldn't this still have the (albeit much reduced) chance of the dns
servers being denied but nagios allowed?
Can the DNS servers report (maybe via logfile parsing, etc) to nagios
which then reports as normal?
This should also handle varying the TTLs, and possibly other errors too.
--
Dee Earley (dee(a)earlsoft.co.uk)
irc:
irc://irc.blitzed.org/
web:
http://www.earlsoft.co.uk
phone: +44 (0)780 8369596