From df49e77703dfe5bc61b1c4148c4823bb1887e910 Mon Sep 17 00:00:00 2001
From: Cyberes <cyberes@evulid.cc>
Date: Wed, 21 Jun 2023 17:57:46 -0600
Subject: [PATCH] add check_dns

---
 check_dns.sh            | 50 ++++++++++++++++++++++++++
 check_dns_over_https.sh | 79 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 129 insertions(+)
 create mode 100755 check_dns.sh
 create mode 100755 check_dns_over_https.sh

diff --git a/check_dns.sh b/check_dns.sh
new file mode 100755
index 0000000..cf108b7
--- /dev/null
+++ b/check_dns.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+
+# Default values
+dns_server="1.1.1.1"
+query_domain=""
+warning_time=200
+critical_time=250
+
+# Parse flag arguments
+while getopts "s:d:w:c:" flag; do
+  case "${flag}" in
+  s) dns_server="${OPTARG}" ;;
+  d) query_domain="${OPTARG}" ;;
+  w) warning_time="${OPTARG}" ;;
+  c) critical_time="${OPTARG}" ;;
+  *)
+    echo "Usage: $0 -s <dns_server> -d <query_domain> -w <warning_time> -c <critical_time>"
+    exit 1
+    ;;
+  esac
+done
+
+# Check if DNS server is provided
+if [ -z "$dns_server" ]; then
+  echo "Error: DNS server not provided"
+  echo "Usage: $0 -s <dns_server> -d <query_domain> -w <warning_time> -c <critical_time>"
+  exit 1
+fi
+
+# Perform DNS resolution check and measure the time
+start_time=$(date +%s%N)
+result=$(dig @$dns_server $query_domain +short)
+end_time=$(date +%s%N)
+response_time=$(((end_time - start_time) / 1000000))
+perfdata="response_time=${response_time}ms;${warning_time};${critical_time};0;"
+
+# Check response time against warning and critical levels
+if [ -z "$result" ] || echo "$result" | grep -q "no servers could be reached"; then
+  echo "CRITICAL - DNS resolution failed for $query_domain on $dns_server | $perfdata"
+  exit 2
+elif [ "$critical_time" -gt 0 ] && [ "$response_time" -gt "$critical_time" ]; then
+  echo "CRITICAL - DNS resolution took ${response_time}ms for $query_domain on $dns_server | $perfdata"
+  exit 2
+elif [ "$warning_time" -gt 0 ] && [ "$response_time" -gt "$warning_time" ]; then
+  echo "WARNING - DNS resolution took ${response_time}ms for $query_domain on $dns_server | $perfdata"
+  exit 1
+else
+  echo "OK - resolved $query_domain to $result using $dns_server in ${response_time}ms | $perfdata"
+  exit 0
+fi
diff --git a/check_dns_over_https.sh b/check_dns_over_https.sh
new file mode 100755
index 0000000..e10d887
--- /dev/null
+++ b/check_dns_over_https.sh
@@ -0,0 +1,79 @@
+#!/bin/bash
+
+# Default values
+server_domain="cloudflare-dns.com"
+port="443"
+resolve_domain=""
+warning_level=900
+critical_level=1000
+
+# Parse flag arguments
+while getopts ":d:p:r:w:c:" opt; do
+  case $opt in
+    d)
+      server_domain="$OPTARG"
+      ;;
+    p)
+      port="$OPTARG"
+      ;;
+    r)
+      resolve_domain="$OPTARG"
+      ;;
+    w)
+      warning_level="$OPTARG"
+      ;;
+    c)
+      critical_level="$OPTARG"
+      ;;
+    \?)
+      echo "Invalid option: -$OPTARG" >&2
+      exit 1
+      ;;
+    :)
+      echo "Option -$OPTARG requires an argument." >&2
+      exit 1
+      ;;
+  esac
+done
+
+# Check if the -r flag is provided
+if [ -z "$resolve_domain" ]; then
+  echo "The -r flag is required. Please provide a domain to resolve." >&2
+  exit 1
+fi
+
+# Perform DNS-over-HTTPS check and measure the time taken
+start_time=$(date +%s%N)
+response=$(curl -s -o /dev/null -w "%{http_code}" "https://$server_domain:$port/dns-query?ct=application/dns-json&name=$resolve_domain&type=A")
+end_time=$(date +%s%N)
+time_taken=$(((end_time - start_time) / 1000000))
+
+if [ "$response" == "200" ]; then
+  echo "OK - successfully resolved $resolve_domain using DoH on $server_domain:$port in $time_taken ms | response_time=${time_taken}ms"
+  exit 0
+else
+  echo "CRITICAL - failed to resolve $resolve_domain using DoH on $server_domain:$port "
+  exit 2
+fi
+
+start_time=$(date +%s%N)
+response=$(curl -s -o /dev/null -w "%{http_code}" "https://$server_domain:$port/dns-query?ct=application/dns-json&name=$resolve_domain&type=A")
+end_time=$(date +%s%N)
+response_time=$(( (end_time - start_time) / 1000000 ))
+perfdata="response_time=${response_time}ms;${warning_level};${critical_level};0;"
+
+# Check response time against warning and critical levels
+if [ -n "$critical_level" ] && [ "$time_taken" -ge "$critical_level" ]; then
+  echo "CRITICAL - $server_domain:$port response time is high: $time_taken ms | $perfdata"
+  exit 2
+elif [ -n "$warning_level" ] && [ "$time_taken" -ge "$warning_level" ]; then
+  echo "WARNING - $server_domain:$port response time is high: $time_taken ms | $perfdata"
+  exit 1
+elif [ "$response" == "200" ]; then
+  echo "OK - successfully resolved $resolve_domain using DoH on $server_domain:$port in $time_taken ms | response_time=${time_taken}ms"
+  exit 0
+else
+  echo "CRITICAL - $server_domain:$port is not responding"
+  exit 3
+fi
+