On Mon, 11 Mar 2019 at 10:08, John Horne <user-e95f1ec2f147@xymon.invalid> wrote:
Okay, but what if FQDN names are not used, and the 'testip' option is set?
So for example: 10.1.2.3 bob # testip !dns
It expands the shortname in the same way as if you typed "ping bob".
Does it do something like a reverse lookup - e.g. 'dig -x 10.1.2.3 @10.1.2.3
'?
Or does it do a lookup like 'dig bob @10.1.2.3'?
No, it uses the default domain and/or search list. So if you have "domain
example.com" in /etc/resolv.conf, it will do like "dig bob.example.com @bob",
or if "--dns=ip" is used, it would be "dig bob.example.com @<IP.of.b.ob>".
Although the exact behaviour in terms of determining how shortname
expansion works, is dependent on the c-ares library, and might not be
exactly the same as your system's libresolv.
I assume the 'dns' test uses UDP port 53?
yes
The timeout servers should have had
the UDP port opened up to them from the Xymon server. I'm wondering if
either
the TCP port has been opened on our network or if the Xymon test is using
TCP
instead of UDP.
No, it's unlikely to be anything to do with TCP. If a DNS service listens
only on the localhost address, queries from other nodes should be treated
the same as if there is no DNS service running at all - typically an
immediate "port unreachable" response or a timeout.
If you receive a timeout, it's almost certainly because the query was
dropped before it got to the TCP/IP protocol stack. This could be a
firewall device blocking the traffic, or a host-based firewall dropping the
traffic.
For Linux-based iptables/netfilter firewalling, you're likely to see this
behaviour if a packet does not match the permitted traffic, and instead
matches the default DROP policy. You would get the same behaviour for any
service not explicitly allowed (eg: telnet bob 13579). However, if the
iptables rules specify a REJECT response rather than a DROP, then the
kernel will send back an icmp-port-unreachable response (although you can
configure the response to be one of several other ICMP packets).
J