You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
arguments = {
"-H" = {
value = "$dns_lookup$"
description = "The name or address you want to query."
}
"-s" = {
value = "$dns_server$"
description = "Optional DNS server you want to use for the lookup."
}
"-a" = {
value = "$dns_expected_answers$"
description = "Optional ip address or host you expect the DNS server to return. Host must end with a dot (.). This option can be repeated multiple times (Returns OK if any value match). If multiple addresses are returned at once, you have to match the whole string of addresses separated with commas (sorted alphabetically)."
}
"-a_old" = {
key = "-a"
value ="$dns_expected_answer$"
}
"-A" = {
set_if = "$dns_authoritative$"
}
"-w" = {
value = "$dns_wtime$"
description = "Return warning if elapsed time exceeds value."
}
"-c" = {
value = "$dns_ctime$"
description = "Return critical if elapsed time exceeds value."
}
"-t" = {
value = "$dns_timeout$"
description = "Seconds before connection times out. Defaults to 10."
}
}
As you can see from the comment "Optional ip address or host you expect the DNS server to return" the parameter -a is supposed to be an optional parameter, but further down in the config vars.dns_expected_answer = "$check_address$" is explicitly set to $check_address$ causing it to allways be set. This means that you can not configure checks that asks your resolver to look up other hosts than it self, since it allways expects the reply to bet the ip address of the resolving server it self. So to get in to trouble with this, you need to create a host for your resolver, e.g. resolver.example.com and then configure a service for that host with vars.dns_lookup set to e.g. google.com. If you do this the service check will allways be in error state, since you can not override vars.dns_expected_answer in any way.
To fix this the line 'vars.dns_expected_answer = "$check_address$"' should be removed from configuration completly, making it an optional parameter as intended.
"expected_answer" was deprecated and should be removed (#13439). Please use expected_answers instead.
But the problem is that -a is all ways set as long as the line 'vars.dns_expected_answer = "$check_address$"' is still in the configuration. I don't want -a to be used, I want this to be optional as the documentation sais, so that line should be removed from the configuration file all together.
This issue has been migrated from Redmine: https://dev.icinga.com/issues/14023
Created by micke on 2017-01-16 11:08:08 +00:00
Assignee: (none)
Status: Closed (closed on 2017-01-16 12:39:34 +00:00)
Target Version: (none)
Last Update: 2017-01-16 12:39:34 +00:00 (in Redmine)
The definition of the dns CheckCommand is:
object CheckCommand "dns" {
import "plugin-check-command"
import "ipv4-or-ipv6"
command = [ PluginDir + "/check_dns" ]
arguments = {
"-H" = {
value = "$dns_lookup$"
description = "The name or address you want to query."
}
"-s" = {
value = "$dns_server$"
description = "Optional DNS server you want to use for the lookup."
}
"-a" = {
value = "$dns_expected_answers$"
description = "Optional ip address or host you expect the DNS server to return. Host must end with a dot (.). This option can be repeated multiple times (Returns OK if any value match). If multiple addresses are returned at once, you have to match the whole string of addresses separated with commas (sorted alphabetically)."
}
"-a_old" = {
key = "-a"
value ="$dns_expected_answer$"
}
"-A" = {
set_if = "$dns_authoritative$"
}
"-w" = {
value = "$dns_wtime$"
description = "Return warning if elapsed time exceeds value."
}
"-c" = {
value = "$dns_ctime$"
description = "Return critical if elapsed time exceeds value."
}
"-t" = {
value = "$dns_timeout$"
description = "Seconds before connection times out. Defaults to 10."
}
}
vars.dns_lookup = "$host.name$"
vars.dns_expected_answer = "$check_address$"
vars.dns_timeout = 10
}
As you can see from the comment "Optional ip address or host you expect the DNS server to return" the parameter -a is supposed to be an optional parameter, but further down in the config vars.dns_expected_answer = "$check_address$" is explicitly set to$check_address$ causing it to allways be set. This means that you can not configure checks that asks your resolver to look up other hosts than it self, since it allways expects the reply to bet the ip address of the resolving server it self. So to get in to trouble with this, you need to create a host for your resolver, e.g. resolver.example.com and then configure a service for that host with vars.dns_lookup set to e.g. google.com. If you do this the service check will allways be in error state, since you can not override vars.dns_expected_answer in any way.
To fix this the line 'vars.dns_expected_answer = "$check_address$"' should be removed from configuration completly, making it an optional parameter as intended.
Relations:
The text was updated successfully, but these errors were encountered: