script to process dns responses
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


These scripts are here to monitor dns anycast deployments. There are three componets

  • - this is used to send spoofed dns queries to an anycast address
  • - this is expected to listen on spoofed address:port specifed in the client.
    When a packet is recived some preocessing is preformed and results are either written to zabbix or a yaml file
  • - this script reads the yaml files produced in the script and prints a rport to stdout (TODO: make this script compatible with nagios)


In the simplest example i have the following set up.

##Parametrs #####domain(s) to monitor this is a list of domains we want to check #####domain-filter this filter is used to filter out junk when we dont get an nsid (explained below) #####anycast address this is the address we will send the spoffed queries to #####monitoring server this is the server we are spoofing and therefore the one that will recive the response #####nodes list ./nodes.txt this is a text file which should contain a list of all the anycast nodes you expect to be sending packets


#####domain check: ./ --nsid -s -d -Q this will send an soa query, with the nsid bit set, for to the response will be sent to #####nsid check: ./ --nsid -s -d -Q $(hostname -f) We dont care what the response status of this query is, we just need the reponse to contain the original qname. At the monitoring server we use this to ensure the qname matches the nsid. without this the domain checks in the server will never work.

##server ./ --yaml -f this will output yaml files for each dnspacket recived. the filter option is used for the nsid check. if we recive a response that has no nsid and the qname ends with this filter then we will use this value to identify the node. this allows us to identify nodes that can reach us but are not senting an nsid.

TODO: explain zabbix configuration

##checker The checker is used to parse the yaml files preduced above and print a report to stdout if any errors are found, intended for a cronjob

./ -D '' this will check for yaml files produced by the server componet and print a report containing errors based on the following checks:

  • The server has has not produced a file for one of the nodes specified in the node list
  • we have never recived an nsid for this node
  • we have not recived an nsid for this node in the last day (TODO: make this an arg)
  • for each domain specified check:
    • we have recived an soa
    • we have not recived an soa in the last day (TODO: make this an arg)
    • the last serial we have matchs the one currently recived from the MNAME for this domain (TODO: should be able to override this)

#Yaml Output

        serial: 2014051200
        updated: 1399898912
    updated: 1399898917
  • domains: hash of domains that have been recived. the key is the domain name and each value conatins
    • updated: unix time stamp when we last recived a serial for this domain
    • serial: the serial number from the soa we recived
  • name: this is what we have identified as the node name and relates to the --filter-domain and the nsid check explaind above
  • nsid: this indicats the last nsid value we recived and when we recived it