DNS Resolv Checker

[splitice]

If you use your hosting company or datacenter provided DNS servers you have probably experienced your fair share of blips and outages of these services. Although some companies are quite good, some can be quite bad.

Lots of programs seem to behave strangely when DNS servers listed in resolv.conf stop working. For this reason I present a simple script to keep your resolv.conf filled with only valid name servers. Run it on a cron job (at an acceptable interval) to achieve the required effect.


#!/bin/bash

NAMESERVERS="--NAMESERVERS HERE--"
NMAP_V5=$(nmap -V | grep 5.00 | wc -l)
NMAP_V6=$(nmap -V | grep 5.00 | wc -l)

if [ "$NMAP_V5" -eq "1" ]
then
echo "nmap version 5"
IPS_VALID=$(nmap -sP $NAMESERVERS | grep "is up" | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')
elif [ "$NMAP_V6" -eq "1" ]
then
echo "nmap version 6"
nmap -n -sn -sP -oG /tmp/resolv.nmap $NAMESERVERS
IPS_VALID=$(cat /tmp/resolv.nmap | grep "Status: Up" | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')
else
echo "Unknown nmap version"
exit
fi
IPS_COUNT=$(echo "$IPS_VALID" | grep -v "^$" | wc -l)

if [ "$IPS_COUNT" -eq 0 ]
then
echo "Unable to find online DNS servers"
else
echo "$IPS_COUNT DNS Servers found, updating resolv.conf"
echo "$IPS_VALID" | sed -e 's/^/nameserver /' > /etc/resolv.conf
fi


Requires nmap (5.0 or 6.0)

Quite a simple script but essential to those running services such as rsyslog or zabbix (both of which do not nicely handle failing DNS services where they are used for resolving upstream servers).

Enjoy.

 

[shinehost]

@splitice thanks for script. We will try. 

 

[sv01]

NMAP_V5=$(nmap -V | grep 5.00 | wc -l)NMAP_V6=$(nmap -V | grep 5.00 | wc -l)   // typo? 6.00

Requires nmap (5.0 or 6.0)

if I use greater than 6.00 that command will fail, for example 6.01. Why not checking using command something like this, and check if nmap > 5.00 ?


nmap -version | grep "Nmap version" | cut -d " " -f 3
btw thanks for your script, that usefull.

 

[splitice]

Here is a version with the typo fixed as well as @sv01 inspired improvements.

I have a V1.1 currently being developed with a primary and backup list of servers as well as possibly a few other features (including an optional configuration file for listing the servers). Although this only tests now for nmap 5.x and 6.x it has only been tested on 5.00 and 6.00.

#!/bin/bash

NAMESERVERS="208.98.0.8 208.98.0.7 8.8.8.8 8.8.4.4 209.244.0.3 74.82.42.42 4.2.2.2"
NMAP_VERSION=$(nmap -version | grep "Nmap version" | cut -d " " -f 3 | head -c 2)

if [ "$NMAP_VERSION" == "5." ]
then
echo "nmap version 5"
IPS_VALID=$(nmap -sP $NAMESERVERS | grep "is up" | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')
elif [ "$NMAP_VERSION" == "6." ]
then
echo "nmap version 6"
nmap -n -sn -sP -oG /tmp/resolv.nmap $NAMESERVERS
IPS_VALID=$(cat /tmp/resolv.nmap | grep "Status: Up" | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')
else
echo "Unknown nmap version"
exit
fi
IPS_COUNT=$(echo "$IPS_VALID" | grep -v "^$" | wc -l)

if [ "$IPS_COUNT" -eq 0 ]
then
	echo "Unable to find online DNS servers"
else
	echo "$IPS_COUNT DNS Servers found, updating resolv.conf"
	echo "$IPS_VALID" | sed -e 's/^/nameserver /' > /etc/resolv.conf
fi

 

[splitice]

Still one of my favourite little scripts

Better late than never.

Features Added:

• Perform DNS Test using DIG
• Configuration file for specification of DNS servers
• resolv.conf timeout option for rotating failing DNS servers in the interim until the cron job removes them

#!/bin/bash

NAMESERVERS="8.8.8.8 8.8.4.4 209.244.0.3 74.82.42.42 4.2.2.2 127.0.0.1"
DOMAIN_TO_CHECK="google.com"
if [[ -f /etc/defaults/resolv_checker ]]
then
	./etc/defaults/resolv_checker
fi

NMAP_VERSION=$(nmap -version | grep "Nmap version" | cut -d " " -f 3 | head -c 2)

if [ "$NMAP_VERSION" == "5." ]
then
echo "nmap version 5"
IPS_VALID=$(nmap -sP $NAMESERVERS | grep "is up" | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')
elif [ "$NMAP_VERSION" == "6." ]
then
echo "nmap version 6"
nmap -n -sn -sP -oG /tmp/resolv.nmap $NAMESERVERS
IPS_VALID=$(cat /tmp/resolv.nmap | grep "Status: Up" | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')
else
echo "Unknown nmap version"
exit
fi
IPS_COUNT=$(echo "$IPS_VALID" | grep -v "^$" | wc -l)

DIG_QUERY_ARGS=""
while read -r line; do
	DIG_QUERY_ARGS="${DIG_QUERY_ARGS} ${DOMAIN_TO_CHECK} @${line}"
done <<< "$IPS_VALID"
DIG_COMMAND="/usr/bin/dig${DIG_QUERY_ARGS} +time=1 +tries=1 +noanswer +noquestion +noadditional +nocmd"
DIG_OUTPUTTED=$($DIG_COMMAND | grep "connection timed out\|SERVER:")
NEWLINE=$'\n'
VALID_DNS=""
while read -r line; do
	if grep -q "$line" <<<"${DIG_OUTPUTTED}"; then
		VALID_DNS="$line${NEWLINE}${VALID_DNS}"
	fi
done <<< "$IPS_VALID"

if [ "$IPS_COUNT" -eq 0 ]
then
	echo "Unable to find online DNS servers"
else
	FILE_DATA=$(echo "$VALID_DNS" | sed '/^\s*$/d' | sed -e 's/^/nameserver /')
	CURRENT_DATA=$(grep nameserver /etc/resolv.conf)
	if [ "$CURRENT_DATA" != "$FILE_DATA" ]
	then
		echo "$IPS_COUNT DNS Servers found, updating resolv.conf"
		echo "options timeout:1 rotate" > /etc/resolv.conf
		echo "$FILE_DATA" >> /etc/resolv.conf
	else
		echo "$IPS_COUNT DNS Servers found, resolv.conf unchanged"
	fi
fi