dns-checker
Table of contents
Preamble
This application checks the local DNS and optionally consul and serves the status through a Web page.
What problems tries to solve this application? UDP can't be easily checked. I run a check and report it through HTTP status code.
This application runs as a daemon on the same machine running the DNS and it can to be used in conjunction with your UDP load-balancer to check the status of your DNS.
You can also use it from Nagios, Sensu and issue a simple HTTP check.
Compiling the program
You can install GO and copy/paste the followings:
git checkout main
git pull
LATEST_TAG=$(git describe --tags $(git rev-list --tags --max-count=1))
PROG_VERSION=${LATEST_TAG:1}
BUILD_TIME=$(date -u '+%Y-%m-%d_%H:%M:%S')
git checkout $LATEST_TAG
go get -ldflags "-s -w -X main.appVersion=${PROG_VERSION} -X main.buildTime=${BUILD_TIME}" .
Keepalived and LVS
For instance, with Keepalived + LVS I am using a configuration as follows:
HTTP_GET {
connect_port 10053
connect_timeout 3
delay_before_retry 1
http_protocol 1.1
nb_get_retry 2
url {
digest 6d3bcaba1fff8c5a461669b409c1a6d2
path /ipv4
}
}
the digest is calculated using this command (genhash belongs to keepalived package):
genhash -s 127.0.0.1 -p 10053 -u /ipv4
And if you receive a 200 status code, you'll get the same digest as mine, because the digest is computed against the small HTML snippet embedded in the main.go.
You could also use the HTTP status code: man keepalived.conf and search for status_code.
Available options
You can check the options as follows:
$ dns-checker --help
DNS Checker:
- checks DNS and optionally Consul and report the status on a Web page
Usage:
dns-checker --dns-record=DNSRECORD [--dns-port=DNSPORT] [--consul-port=CONSULPORT] [--consul-record=CONSULRECORD] [--consul] [--verbose] [--listen-port=LISTENPORT] [--listen-address=LISTENADDRESS]
dns-checker -h | --help
dns-checker -b | --build
dns-checker -v | --version
Options:
-h --help Show this screen
-v --version Print version information and exit
-b --build Print version and build information and exit
--dns-record=DNSRECORD DNS record to check. A local record is recommended.
--dns-port=DNSPORT DNS port [default: 53]
--consul-port=CONSULPORT Consul port [default: 8600]
--consul-record=CONSULRECORD Consul record to check [default: consul.service.consul]
--consul Check consul DNS as well
--listen-port=LISTENPORT Web server port [default: 10053]
--listen-address=LISTENADDRESS Web server address. Check Go net/http documentation [default: any]
--verbose Log also successful connections
Once it is installed you can check the status using curl (with curl -I you get the status code):
curl http://localhost:10053/ipv4
Setting up systemd
In this case I am also checking for Consul, and I check the existance of one local record called dumb-record.dumb.zone in the DNS and one record called consul.service.domain.org in Consul.
It is not sensible to check for a record on a forwarded zone, because there can be a problem in the network, or in he SOA of the other domain and we don't want to bring our DNS down if something else is broken.
#
# Start DNS checker web service on port 10053
#
[Unit]
Description=DNS and Consul Checker written in Go
Wants=basic.target
After=basic.target network.target
[Service]
User=root
Group=root
ExecStart=/usr/bin/dns-checker --consul --consul-record=consul.service.domain.org --dns-record=dumb-record.dumb.zone
Restart=on-failure
RestartSec=10
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=dns-checker
[Install]
WantedBy=multi-user.target
you can change user and group as you don't need to run it as root :-)
