These entries were parsed from the syslog file on your recursive name server. Using aggregate zones instead of many separate might help see Using SORBS. SORBS may refuse queries if there are too many in too short period. IN queries to check against SORBS Listings. PTR queries for HELO mismatch checks etc.In BIND, see options like allow-query or in recursive servers allow-recursion.Ī common denominator here is most likely an SMTP server performing DNS based measurements against spam: This is most likely an access configuration problem: for some reason you are not allowed to perform the query. Server may not wish to perform a particular operation (e.g., zone To provide the information to the particular requester, or a name See your logs for further investigation.ĥ Refused - The name server refuses to perform the specified If this is permanent, check network connectivity including firewalls, first. This is exactly why we have multiple DNS servers, if one is temporarily unavailable. Values have the following interpretation:Ģ Server failure - The name server was unable to process this query #Rcode servfail codeResponse code - this 4 bit field is set as part of responses. The entries look like these to be more exact: named: error (connection refused) resolving '/A/IN': 62.75.191.6#53 Thank you so much once again and appreciate your help. The entries in logs for my Bind9 server are generated in my syslog file as I haven't created a separate log file for my Bind9 yet. These entries come from the logs that Logwatch emails me on a regular basis. This is my name server, Bind9 that I run, maintain, and use. (serfail) means that my name server was unable to process the query when clients asked for it / or was I a client here and my query failed? (refused) means that my name server refused to provide information to a requester / or I am the requester here and I was refused? However, I still cannot seem to get it straight. What does those mean? What is mis-configured here? Please, note that it does not say "resolving errors" or something after refused and serfail. #Rcode servfail licenseLicensed under the Apache License Version 2.Could anyone advise on the following entries, please. Run visudo as root and add the following: nrpe ALL=(root) NOPASSWD: /usr/sbin/unbound-controlĬonfigure your monitoring server to use check_nrpe to query nrpe. The most secure way to do that is to give nrpe root priviledges executing unbound-control using sudo. The script check_unbound-ng.sh uses the command /usr/sbin/unbound-control which needs root priviledges. #Rcode servfail installInstall nrpe on the server running unbound in case you don't already have it.Ĭopy check_unbound-ng.sh to the server running unbound in for example /usr/lib64/nagios/plugins/Ĭonfigure nrpe and add a new command in /etc/nagios/nrpe.cfg command=/usr/lib64/nagios/plugins/check_unbound-ng.sh Example check_nrpe -s -H 10.10.10.10 -c check_unbound This plugin outputs usually more than that. Older versions of check_nrpe has a limitation of 1024 bytes of output. Note that you need to run check_nrpe 3 or later. It should work with other Nagios compatible products as well. I have tested the script with Op5 Monitor. These are the statistics shown: Īn explanation for all the values can be found in the man page for Unbound-control. Then it runs unbound-control stats to get the statistics. The script uses unbound-control to check that Unbound is running. I didn't want to confuse my new script with the original so I added "-ng" to the name of my script. There was already a script named check_unbound which didn't give the metrics I was interested in, so I wrote a new one. This is a script for monitoring Unbound DNS resolvers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |