Browse Source

Icinga2: Merge DNS checks into one file, add checks for external NS, update internal checks.

Signed-off-by: Maximilian Wilhelm <max@sdn.clinic>
Maximilian Wilhelm 4 years ago
parent
commit
d3760e289d
2 changed files with 62 additions and 22 deletions
  1. 62 5
      icinga2/services/dns.conf
  2. 0 17
      icinga2/services/dns_sync.conf

+ 62 - 5
icinga2/services/dns.conf

@@ -1,8 +1,12 @@
 #
-# dns.srv.in.ffho.net
+# DNS service checks (Salt maanged)
 #
 
-# Anycast DNS server
+################################################################################
+#                            Internal DNS services                             #
+################################################################################
+
+# Check DNS Anycast address
 object Host "dns.srv.in.ffho.net" {
 	import "generic-dummy-host"
 
@@ -17,7 +21,7 @@ object Host "dns.srv.in.ffho.net" {
 }									
 
 
-# Check NTP servers
+# Check DNS anycast nodes
 apply Service "dns4" {
 	import "generic-service"
 
@@ -26,7 +30,7 @@ apply Service "dns4" {
         vars.dns_expected_answer = "10.132.251.53"
 	vars.dns_server = host.address
 
-	assign where host.address && "dns" in host.vars.roles
+	assign where host.address && "dns-auth" in host.vars.roles
 }
 
 apply Service "dns6" {
@@ -37,5 +41,58 @@ apply Service "dns6" {
         vars.dns_expected_answer = "10.132.251.53"
 	vars.dns_server = host.address6
 
-	assign where host.address6 && "dns" in host.vars.roles
+	assign where host.address6 && "dns-auth" in host.vars.roles
+}
+
+
+# Check if DNS nodes are in sync with auth server
+apply Service "dns_sync" {
+	import "generic-service"
+
+	check_command = "dns_sync"
+	vars.reference_ns = "80.70.181.58"
+	vars.replica_ns = host.address
+	vars.zones = [
+		"ffho.net",
+		"132.10.in-addr.arpa",
+		"30.172.in-addr.arpa",
+	]
+
+	assign where host.address && "dns-auth" in host.vars.roles
+	ignore where "dns-server-master" in host.vars.roles
+}
+
+
+################################################################################
+#                            External DNS services                             #
+################################################################################
+
+apply Service "dns_sync_dns01.srv.rfc2324.org" {
+	import "generic-service"
+
+	check_command = "dns_sync"
+	vars.reference_ns = "80.70.181.58"
+	vars.replica_ns = "31.172.8.66"
+	vars.zones = [
+		"ffho.net",
+		"hochstift.freifunk.net",
+		"paderborn.freifunk.net",
+	]
+
+	assign where "dns-server-master" in host.vars.roles
+}
+
+apply Service "dns_sync_ns.youngage.eu" {
+	import "generic-service"
+
+	check_command = "dns_sync"
+	vars.reference_ns = "80.70.181.58"
+	vars.replica_ns = "5.9.142.19"
+	vars.zones = [
+		"ffho.net",
+		"hochstift.freifunk.net",
+		"paderborn.freifunk.net",
+	]
+
+	assign where "dns-server-master" in host.vars.roles
 }

+ 0 - 17
icinga2/services/dns_sync.conf

@@ -1,17 +0,0 @@
-#
-# Check DNS sync
-apply Service "dns_sync" {
-	import "generic-service"
-
-	check_command = "dns_sync"
-	vars.reference_ns = "80.70.181.60"
-	vars.replica_ns = host.address
-	vars.zones = [
-		"ffho.net",
-		"132.10.in-addr.arpa",
-		"30.172.in-addr.arpa",
-	]
-
-	assign where host.address && "dns-auth" in host.vars.roles
-	ignore where "dns-server-master" in host.vars.roles
-}