Add authoritative verification to check_dig [sf#3515506] #1042
Description
Submitted by bruce_p on 2012-04-06 16:50:48
This patch adds the -e option to check_dig, which checks that the 'aa' flag is returned in the 'flags' stanza from dig. This verifies that the responding name server is an authority for the for the domain being queried.
Patch against Plugin Version (-V output): check_dig v1.4.15 (nagios-plugins 1.4.15)
Plugin Name: check_dig
Example Plugin Commandline:
Tested on operating system: linux (RedHat 5.7)
Tested on architecture: x86, x86_64
Tested with compiler: gcc 4.1.2
Examples (demonstrates that ns-1.sourceforge.com is authoritative for sf.net):
[brucep@carbon:~/tmp] ./check_dig -H NS-1.SOURCEFORGE.COM -l sf.net -w 10 -c 20 -e
DNS OK - 0.012 seconds response time (sf.net. 3600 IN A 216.34.181.62)|time=0.012328s;10.000000;20.000000;0.000000
[brucep@carbon:~/tmp] echo $?
0
[brucep@carbon:~/tmp] ./check_dig -H 4.2.2.2 -l sf.net -w 10 -c 20 -e
DNS CRITICAL - 0.033 seconds response time (Non-authoritative answer when authoritative answer required.)|time=0.032638s;10.000000;20.000000;0.000000
[brucep@carbon:~/tmp] echo $?
2
[brucep@carbon:~/tmp] ./check_dig -H 4.2.2.2 -l sf.net -w 10 -c 20
DNS OK - 0.010 seconds response time (sf.net. 3576 IN A 216.34.181.62)|time=0.010212s;10.000000;20.000000;0.000000
[brucep@carbon:~/tmp] echo $?
0
Note: Last test does not use -e to ensure an otherwise valid response from dig.