DNS record checks
Hi,
I have implemented a simple php script on one of my servers to take a query via GET method and returns the requested DNS record.
The site is restricted to updown.io servers and uses a URL in the following format :
https://webserver.com/lookup.php?T=A&D=google.co.uk&R=IP
This uses the following fields :
T - Type of record to return eg. MX/A/TXT
D - Domain to check eg. google.co.uk
R - Record field to return. eg. ip for ip address
The server code simple checks if the record type is a valid one we accept, checks the domain name is in a valid format and then performs a PHP dnsgetrecord(), it then checks if the R field is in the result and returns it if it is. If there are multiple matching records, then it simple returns them all separated by a ',' this allows using the 'contains' field within the check portal to check for the required data.
This allows me to check that a DNS record hasn't been changed by a third party (eg. I host a customers web page, but all there DNS etc is handled by someone else).
Would be happy to supply the scripts if anyone is interested, would be great to add to updown as a service (with rate limiting etc!)
marl_scot
Thanks for the suggestion, I’ve just merged this with another one about DNS check. This is something we’re thinking about but is not planned yet.
In the meantime what you made is a great workaround, if other users are interested I encourage them to leave a comment here with a way to contact them so you may give them the URL of your service if you want.
-
Frank Tegtmeyer commented
Sorry - it's not the tinydns package but the djbdns package. Just to avoid confusion.
-
Frank Tegtmeyer commented
The current monitoring seems to use resolvers with "hot" caches - hot means they are populated already by the periodic checks.
For many of ay checks this leads to a DNS resolution time of 0.What would be good is a check which does the resolution from the start (root-servers) and implements the whole resolution process itself.
These kind of checks are resource intensive so they should be limited to every 5 minutes or so.
Additionally the whole dns resolution paths could be investigated like dnstrace by D.J. Bernstein does (dnstrace/dnstracesort are part of the tinydns package).
This doesn't fit really good into updown.io - maybe it would be good as a separate service.