diff --git a/contrib/README b/contrib/README index b68e0d76a..2528d5128 100644 --- a/contrib/README +++ b/contrib/README @@ -16,3 +16,5 @@ distribution but may be helpful. * unbound.plist: launchd configuration file for MacOSX. * build-unbound-localzone-from-hosts.pl: perl script to turn /etc/hosts into a local-zone and local-data include file for unbound.conf. +* unbound-host.nagios.patch: makes unbound-host return status that fits right + in with the nagios monitoring framework. Contributed by Migiel de Vos. diff --git a/contrib/unbound-host.nagios.patch b/contrib/unbound-host.nagios.patch new file mode 100644 index 000000000..5b249b636 --- /dev/null +++ b/contrib/unbound-host.nagios.patch @@ -0,0 +1,134 @@ +Index: smallapp/unbound-host.c +=================================================================== +--- smallapp/unbound-host.c (revision 2115) ++++ smallapp/unbound-host.c (working copy) +@@ -62,9 +62,18 @@ + #include "libunbound/unbound.h" + #include + ++/** status variable ala nagios */ ++#define FINAL_STATUS_OK 0 ++#define FINAL_STATUS_WARNING 1 ++#define FINAL_STATUS_CRITICAL 2 ++#define FINAL_STATUS_UNKNOWN 3 ++ + /** verbosity for unbound-host app */ + static int verb = 0; + ++/** variable to determine final output */ ++static int final_status = FINAL_STATUS_UNKNOWN; ++ + /** Give unbound-host usage, and exit (1). */ + static void + usage() +@@ -93,7 +102,7 @@ + printf("Version %s\n", PACKAGE_VERSION); + printf("BSD licensed, see LICENSE in source package for details.\n"); + printf("Report bugs to %s\n", PACKAGE_BUGREPORT); +- exit(1); ++ exit(FINAL_STATUS_UNKNOWN); + } + + /** determine if str is ip4 and put into reverse lookup format */ +@@ -138,7 +147,7 @@ + *res = strdup(buf); + if(!*res) { + fprintf(stderr, "error: out of memory\n"); +- exit(1); ++ exit(FINAL_STATUS_UNKNOWN); + } + return 1; + } +@@ -158,7 +167,7 @@ + } + if(!res) { + fprintf(stderr, "error: out of memory\n"); +- exit(1); ++ exit(FINAL_STATUS_UNKNOWN); + } + return res; + } +@@ -172,7 +181,7 @@ + if(r == 0 && strcasecmp(t, "TYPE0") != 0 && + strcmp(t, "") != 0) { + fprintf(stderr, "error unknown type %s\n", t); +- exit(1); ++ exit(FINAL_STATUS_UNKNOWN); + } + return r; + } +@@ -191,7 +200,7 @@ + if(r == 0 && strcasecmp(c, "CLASS0") != 0 && + strcmp(c, "") != 0) { + fprintf(stderr, "error unknown class %s\n", c); +- exit(1); ++ exit(FINAL_STATUS_UNKNOWN); + } + return r; + } +@@ -207,6 +216,19 @@ + return "(insecure)"; + } + ++/** update the final status for the exit code */ ++void ++update_final_status(struct ub_result* result) ++{ ++ if (final_status == FINAL_STATUS_UNKNOWN || final_status == FINAL_STATUS_OK) { ++ if (result->secure) final_status = FINAL_STATUS_OK; ++ else if (result->bogus) final_status = FINAL_STATUS_CRITICAL; ++ else final_status = FINAL_STATUS_WARNING; ++ } ++ else if (final_status == FINAL_STATUS_WARNING && result->bogus) ++ final_status = FINAL_STATUS_CRITICAL; ++} ++ + /** nice string for type */ + static void + pretty_type(char* s, size_t len, int t) +@@ -353,7 +375,7 @@ + } else { + fprintf(stderr, "could not parse " + "reply packet to ANY query\n"); +- exit(1); ++ exit(FINAL_STATUS_UNKNOWN); + } + ldns_pkt_free(p); + +@@ -388,9 +410,10 @@ + ret = ub_resolve(ctx, q, t, c, &result); + if(ret != 0) { + fprintf(stderr, "resolve error: %s\n", ub_strerror(ret)); +- exit(1); ++ exit(FINAL_STATUS_UNKNOWN); + } + pretty_output(q, t, c, result, docname); ++ update_final_status(result); + ret = result->nxdomain; + ub_resolve_free(result); + return ret; +@@ -427,7 +450,7 @@ + { + if(r != 0) { + fprintf(stderr, "error: %s\n", ub_strerror(r)); +- exit(1); ++ exit(FINAL_STATUS_UNKNOWN); + } + } + +@@ -448,7 +471,7 @@ + ctx = ub_ctx_create(); + if(!ctx) { + fprintf(stderr, "error: out of memory\n"); +- exit(1); ++ exit(FINAL_STATUS_UNKNOWN); + } + + /* parse the options */ +@@ -509,5 +532,5 @@ + usage(); + + lookup(ctx, argv[0], qtype, qclass); +- return 0; ++ return final_status; + } diff --git a/doc/Changelog b/doc/Changelog index 3df67f323..a41464bc7 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,8 @@ +26 May 2010: Wouter + - Contribution from Migiel de Vos (Surfnet): nagios patch for + unbound-host, in contrib/ (in the source tarball). Makes + unbound-host suitable for monitoring dnssec(-chain) status. + 21 May 2010: Wouter - EDNS timeout code will not fire if EDNS status already known. - EDNS failure not stored if EDNS status known to work.