search

louislam / uptime-kuma

A fancy self-hosted monitoring tool
https://uptime.kuma.pet
MIT License
60.56k stars 5.41k forks source link

Compare serial return by all specified authoritatives DNS server #1481

Open Dryusdan opened 2 years ago

Dryusdan commented 2 years ago

⚠️ Please verify that this feature request has NOT been suggested before.

🏷️ Feature Request Type

New Monitor

🔖 Feature description

All DNS have a serial number (for dryusdan.space for exemple actually is it 1649768496 (SOA record in zone file)). Sometime (when I failed something), serial is not the same between my primary DNS server and the two other DNS server and I don't detect it automatically.

✔️ Solution

Kuma detects if the SOA records between the 3 authoritative DNS are identical (and if it returns something) and if it is the case it is OK otherwise NOK.

❓ Alternatives

Actually I don't found this feature in Zabbix community repository. I can develop a bash or python script for Zabbix but I think Kuma can do this ^^ I found this feature in ZoneMaster but is not a tool for monitoring, just a tool for diagnose some problem in domain

📝 Additional Context

No response

CommanderStorm commented 1 year ago

@Dryusdan Is the serial number you are referring to a duplicate of https://github.com/louislam/uptime-kuma/issues/432? If true, could you please close this Issue, as duplicates only create immortal zombies and are really hard to issue-manage? If false, could you explain what would be needed in addition to https://github.com/louislam/uptime-kuma/issues/432?

Dryusdan commented 1 year ago

In issue #432 Kuma is used to getting value in TXT.

In this issue Kuma is used to check if all nameserver have the same SOA.

CommanderStorm commented 1 year ago

In issue #432 Kuma is used to getting value in TXT.

Not quite true. TXT is just one example of said issue:

DNS should have a 'keyword'-like field

=> I think this issue can be closed in favour of #432

Computroniks commented 1 year ago

In issue #432 Kuma is used to getting value in TXT.

Not quite true. TXT is just one example of said issue:

DNS should have a 'keyword'-like field

=> I think this issue can be closed in favour of #432

I would argue that these are separate issues. The serial in the SOA record is updated each time the DNS records are updated. If the three authoritative servers are returning different serials, one or more of them is serving an old zone file. What makes this different is that we are not looking for a specific keyword, we are looking for a match between the three servers. Whilst this could be implemented with a key work check, the key word would have to be updated each time the zone file is updated (the serial of the zone must be increased on each update in order to propagate changes).