Reverse DNS lookup check not working
list Sebastian Auriol
There seems to be a bug where DNS PTR (Reverse DNS lookup) checks do not work in Xymon (4.3.7, but I don't recall seeing any fixes in the commits). The man page for hosts.cfg says the format to use is: dns=TYPE:lookup and one of the examples underneath for TYPE is PTR (reverse). I have tried this in small and capitals and neither work (the result is Name not found). Using A does work though. I wonder if it could be related to the fact that DiG needs to be invoked with -x for PTR checks. A quick look at the DiG man page suggests you could use either: # dig -t PTR my.ip.ad.dr.ess Or: # dig my.ip.ad.dr.ess PTR However, this is not the case. A closer looks reveals you have to use: # dig -x my.ip.ad.dr.ess So what I am saying is that the treatment for type PTR differs from the other types, and that the parameters supplied to DiG (if Xymon uses DiG ) differ for PTR. Tested manually with DiG 9.2.4 and the latest RHEL5: 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6. Kind regards, SebA
list Jeremy Laidman
▸
On 5 April 2013 22:30, SebA <user-4631430d620a@xymon.invalid> wrote:
** I wonder if it could be related to the fact that DiG needs to be invoked with -x for PTR checks.
Not required for PTR checks.
▸
A quick look at the DiG man page suggests you could use either: # dig -t PTR my.ip.ad.dr.ess Or: # dig my.ip.ad.dr.ess PTR
No, it's more like this: # dig ess.addr.ip.my.in-addr.arpa PTR
▸
However, this is not the case. A closer looks reveals you have to use: # dig -x my.ip.ad.dr.ess
The -x option is a convenience, and it means not only "set type to PTR" but also "reverse octets and append 'in-addr.arpa'". I'm not in a position to check until tomorrow, but I'm confident that I successfully test for the localhost address like so DNS=PTR:1.0.0.127.in-addr.arpa J
list Jeremy Laidman
▸
On 8 April 2013 00:34, Jeremy Laidman <user-71895fb2e44c@xymon.invalid> wrote:
I'm not in a position to check until tomorrow, but I'm confident that I successfully test for the localhost address like so DNS=PTR:1.0.0.127.in-addr.arpa
I was wrong in the IP address that I test, but correct in the format and the fact that it works. You should be able to do PTR record checks by formatting in this "in-addr.arpa" format. An easy way to get this is from the output of "dig -x" which shows the question section in the "in-addr.arpa" format (and also in the answer section if it resolves). J
list Sebastian Auriol
Thanks Jeremy, that's awesome. There were no examples for PTR on Xymon out there so this may help others too. It works and thanks for the explanation. Kind regards, SebA
▸
From: Jeremy Laidman [mailto:user-71895fb2e44c@xymon.invalid]
Sent: 08 April 2013 02:32
To: SebA
Cc: xymon
Subject: Re: [Xymon] Reverse DNS lookup check not working
On 8 April 2013 00:34, Jeremy Laidman <user-71895fb2e44c@xymon.invalid> wrote:
I'm not in a position to check until tomorrow, but I'm confident that I
successfully test for the localhost address like so
DNS=PTR:1.0.0.127.in-addr.arpa
I was wrong in the IP address that I test, but correct in the format and the
fact that it works. You should be able to do PTR record checks by
formatting in this "in-addr.arpa" format. An easy way to get this is from
the output of "dig -x" which shows the question section in the
"in-addr.arpa" format (and also in the answer section if it resolves).
J