service/dns: Monitor authroitive dns server

Monitors the zones of authorative dns servers. Does not validate DNSSEC or the resulting ip address. Signed-off-by: Tobias Wiese <tobias@tobiaswiese.com>
author: Tobias Wiese <tobias@tobiaswiese.com> 2020-05-13 16:26:04 +0200
committer: Tobias Wiese <tobias@tobiaswiese.com> 2020-05-14 12:15:16 +0200
commit: ab656fb6bc13de4d263ca3d05979f0d2bebf3d50 (patch)
tree: 8415d89b0ad71c4d6b409d4900ed565f65bb4fa5 /zones.d
parent: 71c820054059b801ed53ef5c12bef57d975879fa (diff)
2 files changed, 24 insertions, 0 deletions
diff --git a/zones.d/master/hosts.conf b/zones.d/master/hosts.conf
index dba700d..b6ecb28 100644
--- a/zones.d/master/hosts.conf
+++ b/zones.d/master/hosts.conf
@@ -8,6 +8,16 @@ object Host "new-babbage.server.tobiaswiese.net" {
 	vars.os_family = "debian"
 	vars.kernel = "linux"
 
+	vars.dns_zones = {
+		"tobiaswiese.net" = { }
+		"server.tobiaswiese.net" = {
+			dig_record_type = "SOA"
+		}
+		"wieto.net" = {
+			dig_record_type = "SOA"
+		}
+	}
+
 	vars.http_vhosts = {
 		"icinga.tobiaswiese.net" = {
 			http_uri = "/icingaweb2"
diff --git a/zones.d/master/services.conf b/zones.d/master/services.conf
index 2b31393..6f2be19 100644
--- a/zones.d/master/services.conf
+++ b/zones.d/master/services.conf
@@ -37,6 +37,20 @@ apply Service "ssh" {
  * Network Service checks
  */
 
+apply Service "dns-" for (dns_zone => config in host.vars.dns_zones) {
+	import "generic-network-service"
+
+	check_command = "dig"
+
+	vars += {
+		dig_server = host.address || host.address6
+		dig_lookup = dns_zone
+		dig_warning = 0.1s
+		dig_critical = 0.15s
+	}
+	vars += config
+}
+
 template Service "http" {
 	import "generic-network-service"
author	Tobias Wiese <tobias@tobiaswiese.com>	2020-05-13 16:26:04 +0200
committer	Tobias Wiese <tobias@tobiaswiese.com>	2020-05-14 12:15:16 +0200
commit	ab656fb6bc13de4d263ca3d05979f0d2bebf3d50 (patch)
tree	8415d89b0ad71c4d6b409d4900ed565f65bb4fa5 /zones.d
parent	71c820054059b801ed53ef5c12bef57d975879fa (diff)