#!/bin/ksh # $Id: resolver,v 1.8 2011/12/01 21:03:53 ksb Exp $ # check nameservers, missing, etc. (ksb, petef) # PATH=$PATH:/usr/local/libexec #****p* netlint/resolver # NAME # resolver # DESCRIPTION # Every host uses DNS to resolve hostnames in a modern installation. # IMPACT # Minor network disruptions will create strange behavior of applications, # slow boots the node, and 30 second timeouts to start an ssh session. #*** progname=`basename $0` : ${RESCONF=/etc/resolv.conf} : ${CARP:=echo} # go find the AndIt function from netlint . $NETLINT_FUNCS if [ _-V = _$1 ] ; then echo "$progname: "'$Id: resolver,v 1.8 2011/12/01 21:03:53 ksb Exp $' [ -s "$RESCONF" ] || echo "$progname: $RESCONF: missing?" typeset -f AndIt >/dev/null || echo "$progname: AndIt not defined in $NETLINT_FUNCS" exit 0 fi #****a* resolver/RESOLVER_MISSING # NAME # RESOLVER_MISSING # FORMAT # RESOLVER_MISSING: path # DESCRIPTION # Netlint looks for the system resolver configuration in: # * $RESCONF # * /etc/resolv.conf # REMEDIATION # When it cannot find the resolver configuration you should check: # * The size and existance of /etc/resolv.conf # * The modes on the file: should be world readable, only writable by root # * The sanity of $RESCONF in netlints environment #*** if [ ! -s "$RESCONF" ] ; then $CARP "RESOLVER_MISSING: $RESCONF" exit 0 fi TFILE=/tmp/rnle.$$ if [ `uname` = Linux ] ; then awk '/^nameserver/ {print $2}' $RESCONF | xapply -S /bin/ksh -f "nslookup www.fedex.com %1 | head -1 | grep -v timed >/dev/null || echo '%1'" - >$TFILE else awk '/^nameserver/ {print $2}' $RESCONF | xapply -S /bin/ksh -f "nslookup www.fedex.com %1 >/dev/null || echo '%1'" - >$TFILE fi # We must point this out because some people do not read well -- ksb # The RE below could be more egrep-ish if we had egrep everyplace, we don't. awk '/^nameserver/ {print $2}' $RESCONF | grep -v '^[0-9][0-9]*[.][0-9][0-9]*[.][0-9][0-9]*[.][0-9][0-9]*$' | xapply -S /bin/ksh -f "$CARP 'RESOLVER_BADIP: %1'" - #****a* resolver/RESOLVER_DEAD # NAME # RESOLVER_DEAD # FORMAT # RESOLVER_DEAD: list # DESCRIPTION # This is almost always a real issue: the IPs named in the list are not # really running a named (BIND), or that name server is refusing to serve us. # REMEDIATION # Either changing our list of resolvers, or assuring that the listed IPs do, # in fact, reply to our requests. #*** if [ -s $TFILE ] ; then $CARP "RESOLVER_DEAD:" `cat $TFILE` fi #****a* resolver/RESOLVER_DATA # NAME # RESOLVER_DATA # FORMAT # RESOLVER_DATA: no subnets from netlint # DESCRIPTION # The netlint program didn't include an environment varaible "SUBNET_LIST" in # out envronment (or we were not called from netlint). # REMEDIATION # Make sure that the correct version of netlint and the # plugins are installed on the host. #*** #****a* resolver/RESOLVER_NOLOCAL # NAME # RESOLVER_NOLOCAL # FORMAT # RESOLVER_NOLOCAL: subnets # DESCRIPTION # The node has no nameserver listed in the resolver configuration which is # also on the local subnet. Because a host might have to run # static.routes before it has a good route off the local network it is # important to have a local name server. # REMEDIATION # Make at least 2 hosts on the local network a caching name server to serve # client nodes. #*** # make sure there's a nameserver on a local subnet if [ -z "$SUBNET_LIST" ]; then $CARP "RESOLVER_DATA: no subnets from netlint" else LOCALNS=false for ns in `awk '/^nameserver/ {print $2;}' /etc/resolv.conf`; do if [ "$ns" = "0.0.0.0" -o "$ns" = "127.0.0.1" ] ; then LOCALNS=true continue fi for pair in $SUBNET_LIST; do if [ ${pair%%/*} = `AndIt $ns ${pair#*/}` ] ; then LOCALNS=true fi done done $LOCALNS || $CARP "RESOLVER_NOLOCAL: $SUBNET_LIST" fi rm $TFILE exit 0