[dev.icinga.com #14023] Wrong default service definition of check_dns

[icinga-migration]

This issue has been migrated from Redmine: https://dev.icinga.com/issues/14023

Created by micke on 2017-01-16 11:08:08 +00:00

Assignee: (none)
Status: Closed (closed on 2017-01-16 12:39:34 +00:00)
Target Version: (none)
Last Update: 2017-01-16 12:39:34 +00:00 (in Redmine)

Icinga Version: r2.5.4-1
Backport?: Not yet backported
Include in Changelog: 1

---

The definition of the dns CheckCommand is:

object CheckCommand "dns" {
import "plugin-check-command"
import "ipv4-or-ipv6"

command = [ PluginDir + "/check_dns" ]

arguments = {
"-H" = {
value = "$dns_lookup$"
description = "The name or address you want to query."
}
"-s" = {
value = "$dns_server$"
description = "Optional DNS server you want to use for the lookup."
}
"-a" = {
value = "$dns_expected_answers$"
description = "Optional ip address or host you expect the DNS server to return. Host must end with a dot (.). This option can be repeated multiple times (Returns OK if any value match). If multiple addresses are returned at once, you have to match the whole string of addresses separated with commas (sorted alphabetically)."
}
"-a_old" = {
key = "-a"
value ="$dns_expected_answer$"
}
"-A" = {
set_if = "$dns_authoritative$"
}
"-w" = {
value = "$dns_wtime$"
description = "Return warning if elapsed time exceeds value."
}
"-c" = {
value = "$dns_ctime$"
description = "Return critical if elapsed time exceeds value."
}
"-t" = {
value = "$dns_timeout$"
description = "Seconds before connection times out. Defaults to 10."
}
}

vars.dns_lookup = "$host.name$"
vars.dns_expected_answer = "$check_address$"
vars.dns_timeout = 10
}

As you can see from the comment "Optional ip address or host you expect the DNS server to return" the parameter -a is supposed to be an optional parameter, but further down in the config vars.dns_expected_answer = "$check_address$" is explicitly set to $check_address$ causing it to allways be set. This means that you can not configure checks that asks your resolver to look up other hosts than it self, since it allways expects the reply to bet the ip address of the resolving server it self. So to get in to trouble with this, you need to create a host for your resolver, e.g. resolver.example.com and then configure a service for that host with vars.dns_lookup set to e.g. google.com. If you do this the service check will allways be in error state, since you can not override vars.dns_expected_answer in any way.

To fix this the line 'vars.dns_expected_answer = "$check_address$"' should be removed from configuration completly, making it an optional parameter as intended.

---

Relations:

• relates #13439

[icinga-migration]

Updated by mfriedrich on 2017-01-16 12:02:34 +00:00

• Status changed from New to Feedback
• Assigned to set to micke

"expected_answer" was deprecated and should be removed (#13439). Please use expected_answers instead.

[icinga-migration]

Updated by mfriedrich on 2017-01-16 12:02:41 +00:00

• Relates set to 13439

[icinga-migration]

Updated by micke on 2017-01-16 12:22:20 +00:00

mfriedrich wrote:

"expected_answer" was deprecated and should be removed (#13439). Please use expected_answers instead.

But the problem is that -a is all ways set as long as the line 'vars.dns_expected_answer = "$check_address$"' is still in the configuration. I don't want -a to be used, I want this to be optional as the documentation sais, so that line should be removed from the configuration file all together.

[icinga-migration]

Updated by mfriedrich on 2017-01-16 12:39:34 +00:00

• Status changed from Feedback to Closed
• Assigned to deleted micke

That's exactly what #13439 is supposed to do. I'm assigning that change for the next major version and closing this one as duplicate.