IP address - from where? 🔗 link

Hi all

Probably need some of the coder types to answer this one for me.
For the different network tests, where does Xymon get the IP address from?

In particular, ping, ssh, oratns, dns etc.
I think I read somewhere that for ping, Xymon does a host name lookup.
But is this the case for the other tests?

Thanks
    Vernon

If you have "testip" in the server's stanza in bb-hosts then Hobbit uses the
ip address in the bb-hosts file. Otherwise it does a DNS lookup based on the
server's name.

Thanks,
Larry Barber

On Mon, Jul 19, 2010 at 3:36 AM, Vernon Everett <user-b3f8dacb72c8@xymon.invalid>wrote:

Can somebody confirm this?
We had a monitored host, configured incorrectly in bb-hosts. The IP address
was incorrect.
(The IP address was allocated to a router somewhere on the network)
The entry was as follows. (Name & IP changed)
1.2.3.4  dbsrv1        #       ssh     oratns:1578     NOCOLUMNS:memory
Should have been
2.3.4.5  dbsrv1        #       ssh     oratns:1578     NOCOLUMNS:memory

The conn test was green. It could have been pinging the real host (nslookup
dbserv1 gave the correct IP)
Or it could have used the 1.2.3.4 IP of the router, which responds to a
ping.

However, the oratns and ssh columns were perpetually red.
Obviously, the router has no database listener, nor was it accepting ssh
connections (limited using ACLs)
So it looked like it was using the bb-hosts IP. If it was doing a name
lookup, it would  have used the correct IP, and returned green.
When I changed the IP in bb-hosts to the correct IP, oratns and ssh both
went green.

I always thought that Xymon does a name lookup, but from this, it appears as
if oratns and ssh use the IP address in bb-hosts.
Which was it using for the ping? Lookup, or bb-hosts?

Cheers
    Vernon

On Mon, Jul 19, 2010 at 9:43 PM, Larry Barber <user-6ef9c2864140@xymon.invalid> wrote:

On Mon, 19 Jul 2010 16:36:12 +0800, Vernon Everett wrote:

If the host has a "testip", Xymon uses the IP in bb-hosts.

Otherwise it tries a DNS lookup on the hostname, and uses the IP returned
from that. If the DNS lookup fails, it will fall back to the IP listed in
bb-hosts.


Henrik

Vernon Everett wrote:

See 'man bbtest-net' - it depends on what options you have under [bbnet]
against bbtest-net in hobbitlaunch.cfg

...
       Note: bbtest-net performs the connectivity test (ping) based on
the hostname, unless the host is
       tagged  with  "testip"  or the "--dns=ip" option is used. So the
target of the connectivity test
       can be determined by your /etc/hosts file or DNS.
...
       --dns=[ip|only|standard]
              Determines  how  bbtest-net  finds the IP adresses of the
hosts to test.  By default (the
              "standard"), bbtest-net does a DNS lookup of the hostname
to determine  the  IP  address,
              unless the host has the "testip" tag, or the DNS lookup fails.
              With  "--dns=only" bbtest-net will ONLY do the DNS lookup;
it it fails, then all services
              on that host will be reported as being down.
              With "--dns=ip" bbtest-net will never do a DNS lookup; it
will use the IP adresse  speci-
              fied  in  bb-hosts for the tests. Thus, this setting is
equivalent to having the "testip"
              tag on all hosts. Note that http tests will ignore this
setting and still perform  a  DNS
              lookup  for  the hostname given in the URL; see the
"bbtest-net tags for HTTP tests" sec-
              tion in bb-hosts(5)

David.

-- 
David Baldwin - IT Unit
Australian Sports Commission          www.ausport.gov.au
Tel 02 62147830 Fax 02 62141830       PO Box 176 Belconnen ACT 2616
user-cbbf693f2c89@xymon.invalid          Leverrier Street Bruce ACT 2617


Keep up to date with what's happening in Australian sport visit http://www.ausport.gov.au

This message is intended for the addressee named and may contain confidential and privileged information. If you are not the intended recipient please note that any form of distribution, copying or use of this communication or the information in it is strictly prohibited and may be unlawful. If you receive this message in error, please delete it and notify the sender.

Hi Henrik

Thanks for that.
If I recall, about 2 or 3 years ago, it was you who told me that it first
does a name lookup.
Larry, sorry I didn't take you on your word. Although I was sure you were
right, it contradicted what we were seeing here.

Tried another test, and set the server IP to 0.0.0.0 in bb-hosts, and it all
went red again. :-(

It seems to resolve using nslookup on CLI, but not in bbtest.net
Eventually added the --no-ares option, and all is good in our again.

This is the second time I have seen this issue.
Any idea what causes it?

Cheers
     Vernon

On Tue, Jul 20, 2010 at 1:58 PM, Henrik Størner <user-ce4a2c883f75@xymon.invalid> wrote:

In <user-5df869c251cd@xymon.invalid> Vernon Everett <user-b3f8dacb72c8@xymon.invalid> writes:

Are you using a local DNS resolver, or a remote one ? Xymon tends to
hit DNS servers pretty hard when starting all the network tests, so
I strongly recommend using a local DNS cache.

It could be a bug in the C-ARES library, of course.


Henrik

Hi Henrik

Our DNS servers exist in Wintendo land. so I guess that's remote.
I could set up a local DNS, but, because of the nature of this contract, and
the way the support company works, I don't think I should.
(We are setting up everything, and a remote services mob are going to be
administering it all. Transition to remote services is supposed to happen in
the next 2 months)
It works with --no-ares, so I am not going to pursue it any further - unless
I can  assist in some way with debugging info.
If there is benefit to be gained for the dev team, let me know you would
like me to do.

Cheers
    Vernon

On Sun, Aug 1, 2010 at 11:50 PM, Henrik Størner <user-ce4a2c883f75@xymon.invalid> wrote:

On Sun, August 1, 2010 18:37, Vernon Everett wrote:

Vernon,

You're the best judge of what's appropriate vis-a-vis your contract and
support channels, but if there's any cordiality there, you might touch
base with them on setting up a caching-only named on your Xymon server. 
You'd be greatly decreasing somewhat gratuitous hits on their servers, and
they might welcome it.  You probably know that it's a very simple setup.

regards,
j.

I will have a chat.
There is a very cordial relationship, but politics, as always, makes
it.....interesting.
I am not going to go into any further detail in an open forum. :-)

Before I have my chat though, I need to be armed with more info.
Using little words, and sock-puppets (if required), can you explain exactly
what the ares doo-hicky actually does?
What happens differently when we run Xymon with and without the --no-ares?

Cheers
    Vernon


On Mon, Aug 2, 2010 at 7:44 AM, Xymon User in Richmond <

user-24d6f8323faa@xymon.invalid> wrote:

On Sun, August 1, 2010 21:41, Vernon Everett wrote:

You may get better answers from folks familiar with the actual code, but
my take is that with --no-ares Xymon uses the threaded, synchronous system
resolver library, which would tend to choke down the rate of hits against
whatever DNS servers are used (and slow down the loop through bb-hosts),
compared to ares.

With a caching local DNS server, you'd be optimizing the use of the hits
against the "real" DNS servers, not repeating a lookup until the TTL has
run on the last real lookup of the hostname.  This would tend to mitigate
the hammering from using the ares resolver functions.

Again, that's my take.  Wait and see if anyone says I'm horribly wrong
before taking that into a meeting.