From df49e77703dfe5bc61b1c4148c4823bb1887e910 Mon Sep 17 00:00:00 2001 From: Cyberes Date: Wed, 21 Jun 2023 17:57:46 -0600 Subject: [PATCH] add check_dns --- check_dns.sh | 50 ++++++++++++++++++++++++++ check_dns_over_https.sh | 79 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 129 insertions(+) create mode 100755 check_dns.sh create mode 100755 check_dns_over_https.sh diff --git a/check_dns.sh b/check_dns.sh new file mode 100755 index 0000000..cf108b7 --- /dev/null +++ b/check_dns.sh @@ -0,0 +1,50 @@ +#!/bin/bash + +# Default values +dns_server="1.1.1.1" +query_domain="" +warning_time=200 +critical_time=250 + +# Parse flag arguments +while getopts "s:d:w:c:" flag; do + case "${flag}" in + s) dns_server="${OPTARG}" ;; + d) query_domain="${OPTARG}" ;; + w) warning_time="${OPTARG}" ;; + c) critical_time="${OPTARG}" ;; + *) + echo "Usage: $0 -s -d -w -c " + exit 1 + ;; + esac +done + +# Check if DNS server is provided +if [ -z "$dns_server" ]; then + echo "Error: DNS server not provided" + echo "Usage: $0 -s -d -w -c " + exit 1 +fi + +# Perform DNS resolution check and measure the time +start_time=$(date +%s%N) +result=$(dig @$dns_server $query_domain +short) +end_time=$(date +%s%N) +response_time=$(((end_time - start_time) / 1000000)) +perfdata="response_time=${response_time}ms;${warning_time};${critical_time};0;" + +# Check response time against warning and critical levels +if [ -z "$result" ] || echo "$result" | grep -q "no servers could be reached"; then + echo "CRITICAL - DNS resolution failed for $query_domain on $dns_server | $perfdata" + exit 2 +elif [ "$critical_time" -gt 0 ] && [ "$response_time" -gt "$critical_time" ]; then + echo "CRITICAL - DNS resolution took ${response_time}ms for $query_domain on $dns_server | $perfdata" + exit 2 +elif [ "$warning_time" -gt 0 ] && [ "$response_time" -gt "$warning_time" ]; then + echo "WARNING - DNS resolution took ${response_time}ms for $query_domain on $dns_server | $perfdata" + exit 1 +else + echo "OK - resolved $query_domain to $result using $dns_server in ${response_time}ms | $perfdata" + exit 0 +fi diff --git a/check_dns_over_https.sh b/check_dns_over_https.sh new file mode 100755 index 0000000..e10d887 --- /dev/null +++ b/check_dns_over_https.sh @@ -0,0 +1,79 @@ +#!/bin/bash + +# Default values +server_domain="cloudflare-dns.com" +port="443" +resolve_domain="" +warning_level=900 +critical_level=1000 + +# Parse flag arguments +while getopts ":d:p:r:w:c:" opt; do + case $opt in + d) + server_domain="$OPTARG" + ;; + p) + port="$OPTARG" + ;; + r) + resolve_domain="$OPTARG" + ;; + w) + warning_level="$OPTARG" + ;; + c) + critical_level="$OPTARG" + ;; + \?) + echo "Invalid option: -$OPTARG" >&2 + exit 1 + ;; + :) + echo "Option -$OPTARG requires an argument." >&2 + exit 1 + ;; + esac +done + +# Check if the -r flag is provided +if [ -z "$resolve_domain" ]; then + echo "The -r flag is required. Please provide a domain to resolve." >&2 + exit 1 +fi + +# Perform DNS-over-HTTPS check and measure the time taken +start_time=$(date +%s%N) +response=$(curl -s -o /dev/null -w "%{http_code}" "https://$server_domain:$port/dns-query?ct=application/dns-json&name=$resolve_domain&type=A") +end_time=$(date +%s%N) +time_taken=$(((end_time - start_time) / 1000000)) + +if [ "$response" == "200" ]; then + echo "OK - successfully resolved $resolve_domain using DoH on $server_domain:$port in $time_taken ms | response_time=${time_taken}ms" + exit 0 +else + echo "CRITICAL - failed to resolve $resolve_domain using DoH on $server_domain:$port " + exit 2 +fi + +start_time=$(date +%s%N) +response=$(curl -s -o /dev/null -w "%{http_code}" "https://$server_domain:$port/dns-query?ct=application/dns-json&name=$resolve_domain&type=A") +end_time=$(date +%s%N) +response_time=$(( (end_time - start_time) / 1000000 )) +perfdata="response_time=${response_time}ms;${warning_level};${critical_level};0;" + +# Check response time against warning and critical levels +if [ -n "$critical_level" ] && [ "$time_taken" -ge "$critical_level" ]; then + echo "CRITICAL - $server_domain:$port response time is high: $time_taken ms | $perfdata" + exit 2 +elif [ -n "$warning_level" ] && [ "$time_taken" -ge "$warning_level" ]; then + echo "WARNING - $server_domain:$port response time is high: $time_taken ms | $perfdata" + exit 1 +elif [ "$response" == "200" ]; then + echo "OK - successfully resolved $resolve_domain using DoH on $server_domain:$port in $time_taken ms | response_time=${time_taken}ms" + exit 0 +else + echo "CRITICAL - $server_domain:$port is not responding" + exit 3 +fi +