Re: [Nagios-users] domain hijacking: using Nagios to monitor 100s (possibly 1000s) of domains / hosts
On Tue, Jul 10, 2007 at 12:53:57PM -0700, Rogelio Bastardo wrote: I've got several hundred important domains that need to be checked for domain hijacking. I'm assuming that this is as easy as check_dns -H domain.com -s (nameserver) -A (expected IP) How well will method scale to several thousand? Someone I know recently said that he has to worry about close to 300,000 domains getting possibly hijacked. Is this beyond Nagios at this point? Is nagios the right sort of tool for this ? Would you not be better writing a perl script to do this ? -- Alain Williams Linux Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 http://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php #include std_disclaimer.h - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] domain hijacking: using Nagios to monitor 100s(possibly 1000s) of domains / hosts
-Original Message- From: [EMAIL PROTECTED] [mailto:nagios-users- [EMAIL PROTECTED] On Behalf Of Rogelio Bastardo Sent: Tuesday, July 10, 2007 2:54 PM To: Nagios Users mailinglist Subject: [Nagios-users] domain hijacking: using Nagios to monitor 100s(possibly 1000s) of domains / hosts I've got several hundred important domains that need to be checked for domain hijacking. I'm assuming that this is as easy as check_dns -H domain.com -s (nameserver) -A (expected IP) How well will method scale to several thousand? I don't see why it would be a problem. What nameserver are you going to be testing? -A indicates that you'll be checking the nameserver hosting the domain. That won't tell you if your domain has been hijacked though. The DNS server hosting the domain will always answer that it is authoritative, no matter if the rest of the Internet thinks it is or not. Any other nameserver you test will fail since you're requiring Authority. If you're going to test a recursive nameserver, use -a instead. Presumably you're more interested in the nameservers that the rest of the world thinks are authoritative. You'd probably want to use check_dig against a recursive nameserver (or the root servers) to verify that the NS records they're reporting are accurate. Something like check_dig -T ns -H recursiveserver.yourdomain.foo -l yourdomain.foo -a nameserver.yourdomain.foo You should, of course, perform any research necessary to determine if the above tests against the nameservers (particularly the root nameservers) are prohibited before implementing it. -- Marc - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
