DNS Test for IP Changes

[jdw730]

Doing a check to detect issues related to Unauthorized DNS Changes. So using the DNS check, and it is successfully working, except for two things.

We have a lot of flaky DNS Servers with very slow response times, so Set up an Advanced Alert that goes like this Only alert '%Status%'=='Bad' so that it will ignore No Answer alerts.

But There does not seem to be a Macro variable that will tell you the Actual address that was detected. For example, I noticed on the forums that mentioned %HOSTADDR% will not work. The Docs say this will work for the DNS Target system, which in the case of the DNS test is the DNS Server itself. I need to alert on the Specific address that is being returned and then I can set up an advanced alert for a Server Pool like this %MACRO%<>1.1.1.1 OR %MACRO%<>1.1.1.2

Is there a DNS Macro Variable that will actually tell you what DNS Address was resolved? When you click the Resolve Button on the test it actually fills in the current IP address. I need to know what that exact IP address changes to and will put that Macro in the Alert Message. Something like DNS Has changed from IP Address 1.1.1.1 to %MACRO_OF_NEW_IP%

[Yoorix]

I think, the following posts are the most relevant to your request.
http://www.ks-soft.net/cgi-bin/phpBB/vi ... hlight=dns
http://www.ks-soft.net/cgi-bin/phpBB/vi ... hlight=dns

Regards,
Yoorix

[jdw730]

Thank you for the reply. The only problem is that 95% of our customers block ICMP and Trace Always shows as Bad. The previous postings all look like people are asking for the same functionality. Is there anyway to add this to the Wish List? If we even just a had a Macro Variable that would return the Actual IP Address of the DNS Query that would be very beneficial.

[KS-Soft]

You missed information about lookup.exe utility. Utility performs DNS test and returns IP address, it should suite your needs
http://www.ks-soft.net/download/lookup.exe
Setup Shell Script test method to start utility

Regards
Alex

[jdw730]

I did see that and tested the utility, but I am unsure how to write a shell script to automate the IP Address changes. From what I could see it would be a manual process to verify what the IP address changed to.

[KS-Soft]

How to write Shell Script? Please read the manual.
Basically you should type "cmd /c lookup.exe %Params%" in "Start cmd" field

From what I could see it would be a manual process to verify what the IP address changed to

Manual process? It would be exactly the same process you have asked above. Just use %Reply% macro variable instead of suggested %MACRO_OF_NEW_IP%

Regards
Alex

[jdw730]

Thanks for the info, I had gotten that far, I was just hoping the IP result information would be built into Hostmonitor, like when you hit the resolve button store that information for the test into a macro variable.

The only other way I can see this happening is after creating the above script , write the standard out to a text file, and then using some tool like blat to email the contents of the file. Or maybe to have it write a Specialized System Event written to the System Event log and then set up another Hostmonitor test to scan the log every ten minutes or so looking for that event. Or is it possible to do something like "cmd /c lookup.exe www.myurl.com > %Reply%" and then have a profile in Hostmonitor send the contents of %Reply%?

[KS-Soft]

The only other way I can see this happening is after creating the above script , write the standard out to a text file, and then using some tool like blat to email the contents of the file. Or maybe to have it write a Specialized System Event written to the System Event log and then set up another Hostmonitor test to scan the log every ten minutes or so looking for that event. Or is it possible to do something like "cmd /c lookup.exe www.myurl.com > %Reply%" and then have a profile in Hostmonitor send the contents of %Reply%?

Why nobody reads the manual? Shell Script test does what you want. It will display result in Reply field without any special redirections.
You don't need any 3rd party tool to send e-mail. Use "Send e-mail" action to send e-mail (you may use "advanced" action and condition like ('%Reply%'<>'192.100.1.10') and ('%Reply%'<>'192.100.1.12')). You don't need 2nd test either.
Just read the manual http://www.ks-soft.net/hostmon.eng/mfra ... m#chkShell and type 4 words as "Start cmd" parameter (cmd /c lookup.exe %Params%)

Regards
Alex

[Steven]

Just wanted to mention that we never seem to have any trouble with our DNS servers, however about 10x/day hostmon will send an E-mail alert that one of our servers has "no answer" status and within 1 minute it sends the alert that it's fine again. Anyway to reduce these false negatives?
Other than (following this thread), to ignore "no answer" results.

[KS-Soft]

May be timeout issue or packet lost on some router..

Anyway to reduce these false negatives?

Simply configure action to send e-mail after 2nd bad result.
Also you may use "Repeat test" action

Regards
Alex

[Steven]

Simply configure action to send e-mail after 2nd bad result.
Also you may use "Repeat test" action

would work just fine; but was hoping for a cleaner solution than to ignore the first miss... rather not miss at all .

But that's fine, thanx,
Steve

[KS-Soft]

not miss at all?
Try to increase timeout, check your routers and switches... HostMonitor does not miss packet, it simply does not receive it.

Regards
Alex

[Steven]

That's what I thought, was just verifying that it's nothing with hostmon. The timeout is already set pretty high, but the recurrance is every 10 seconds, which I believe may be responsible. ? I changed it to 1 minute, to see if that would affect it... find out tomorrow.

Have a nice day.