Bug 1743794 - Nagios check_dns plugin unable to parse output of nslookup -querytype=AAAA on RHEL7.7
Summary: Nagios check_dns plugin unable to parse output of nslookup -querytype=AAAA on...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: nagios-plugins
Version: epel7
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Stephen John Smoogen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-08-20 17:09 UTC by Simon Gerber
Modified: 2022-11-14 14:59 UTC (History)
8 users (show)

Fixed In Version: nagios-plugins-2.2.1-17.20190829gitfb792ff.el7 nagios-plugins-2.2.1-17.20190829gitfb792ff.el6
Clone Of:
Environment:
Last Closed: 2019-09-14 00:40:42 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Simon Gerber 2019-08-20 17:09:26 UTC
Description of problem: On RHEL7.7 the EPEL-packaged Nagios check_dns plugin (nagios-plugins-dns) is unable to parse the new format introduced for nslookup -querytype=AAAA queries in bind 9.11. This has been addressed upstream in nagios-plugins in https://github.com/nagios-plugins/nagios-plugins/pull/398 but the latest available version of nagios-plugins-dns in epel7 is from January 2019.

Version-Release number of selected component (if applicable): 
# yum info nagios-plugins-dns bind-utils
Loaded plugins: product-id, search-disabled-repos, subscription-manager, versionlock
Installed Packages
Name        : bind-utils
Arch        : x86_64
Epoch       : 32
Version     : 9.11.4
Release     : 9.P2.el7
Size        : 584 k
Repo        : installed
From repo   : rhel-7-server-rpms
Summary     : Utilities for querying DNS name servers
URL         : http://www.isc.org/products/BIND/
License     : MPLv2.0
[... snipped description ...]

Name        : nagios-plugins-dns
Arch        : x86_64
Version     : 2.2.1
Release     : 16.20180725git3429dad.el7
Size        : 65 k
Repo        : installed
From repo   : epel
Summary     : Nagios Plugin - check_dns
URL         : https://www.nagios-plugins.org/
License     : GPLv2+
[... snipped description ...]


How reproducible: always with latest bind-utils and nagios-plugins-dns on RHEL7.7


Steps to Reproduce:
On RHEL:
1. subscription-manager repos --enable rhel-7-server-optional-rpms --enable rhel-7-server-extras-rpms
2. yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
2. yum update -y
3. yum install -y nagios-plugins-dns bind-utils
4. /usr/lib64/nagios/plugins/check_dns -q AAAA -H example.com

Actual results:
DNS CRITICAL - query type of -querytype=AAAA was not found for example.com

Expected results:
DNS OK: 0.017 seconds response time. example.com returns 2606:2800:220:1:248:1893:25c8:1946|time=0.017479s;;;0.000000

Additional info:

Example nslookup -querytype=AAAA output for bind-utils 9.9.4 and 9.11.4:

bind-utils 9.9.4:
# nslookup -querytype=AAAA example.com
Server:		5.102.144.102
Address:	5.102.144.102#53

Non-authoritative answer:
example.com	has AAAA address 2606:2800:220:1:248:1893:25c8:1946

Authoritative answers can be found from:
example.com	nameserver = b.iana-servers.net.
example.com	nameserver = a.iana-servers.net.
a.iana-servers.NET	internet address = 199.43.135.53
a.iana-servers.NET	has AAAA address 2001:500:8f::53
b.iana-servers.NET	internet address = 199.43.133.53
b.iana-servers.NET	has AAAA address 2001:500:8d::53

bind-utils 9.11.4:
# nslookup -querytype=AAAA example.com
Server:		5.102.144.102
Address:	5.102.144.102#53

Non-authoritative answer:
Name:	example.com
Address: 2606:2800:220:1:248:1893:25c8:1946

Comment 1 Stephen John Smoogen 2019-08-29 21:36:07 UTC
Sorry for the delay in this. I am not sure upstream has fixed it yet or not but have updated to newest git in hopes.

Comment 2 Fedora Update System 2019-08-29 21:51:24 UTC
FEDORA-EPEL-2019-9b63c08c0f has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-9b63c08c0f

Comment 3 Fedora Update System 2019-08-29 22:04:17 UTC
FEDORA-EPEL-2019-22c97df420 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-22c97df420

Comment 4 Simon Gerber 2019-08-30 12:42:21 UTC
Thanks for the update. Checking the git revision of the new package (https://github.com/nagios-plugins/nagios-plugins/tree/fb792ff), the fix implemented in https://github.com/nagios-plugins/nagios-plugins/pull/398 should be included. How long do packages on bodhi usually stay in "Pending"?

Comment 5 Fedora Update System 2019-08-30 16:07:47 UTC
nagios-plugins-2.2.1-17.20190829gitfb792ff.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-22c97df420

Comment 6 Fedora Update System 2019-08-30 16:07:50 UTC
nagios-plugins-2.2.1-17.20190829gitfb792ff.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-9b63c08c0f

Comment 7 Simon Gerber 2019-09-02 08:59:32 UTC
I've tested the check_dns plugin in the new EPEL7 package with the latest bind-utils 9.11 from RHEL7.7. The new version of the check_dns plugin can handle the AAAA nslookup output from 9.11:

# nslookup -version
nslookup 9.11.4-P2-RedHat-9.11.4-9.P2.el7
# yum info nagios-plugins-dns | egrep "^(Version|Release)"
Version     : 2.2.1
Release     : 17.20190829gitfb792ff.el7
# /usr/lib64/nagios/plugins/check_dns -q AAAA -H example.com
DNS OK: 0.022 seconds response time. example.com returns 2606:2800:220:1:248:1893:25c8:1946|time=0.021572s;;;0.000000
#

Comment 8 Fedora Update System 2019-09-14 00:40:42 UTC
nagios-plugins-2.2.1-17.20190829gitfb792ff.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2019-09-14 04:05:22 UTC
nagios-plugins-2.2.1-17.20190829gitfb792ff.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.

Comment 10 Attila 2022-11-14 09:32:30 UTC
Nagios throws out the line
"DNS CRITICAL - query type of -querytype=A was not found for 192.168.2.12"
on Fedora 36.

Same output when I run the command
/usr/lib64/nagios/plugins/check_dns -q A -H 192.168.2.12

nslookup -querytype=A 192.168.2.12 works as expected.

The version of nagios is: nagios-4.4.8-1.fc36.x86_64
The version of nagios-plugin-dns is: nagios-plugins-dns-2.4.0-6.fc36.x86_64

Any idea?

Comment 11 Stephen John Smoogen 2022-11-14 12:08:36 UTC
I was able to replicate the problem in `nagios-plugins-dns-2.3.3-2.el7.x86_64` so it has been there for a long time. I think it is some other reason as very few of the allowed querytypes work for an ip address. Only PTR and ANY 
```
[root@noc02 ~][PROD]# /usr/lib64/nagios/plugins/check_dns -q CNAME -H 152.19.134.192
DNS CRITICAL - query type of -querytype=CNAME was not found for 152.19.134.192
[root@noc02 ~][PROD]# /usr/lib64/nagios/plugins/check_dns --querytype=CNAME -H 152.19.134.192
DNS CRITICAL - query type of -querytype=CNAME was not found for 152.19.134.192
[root@noc02 ~][PROD]# /usr/lib64/nagios/plugins/check_dns --querytype=PTR -H 152.19.134.192
DNS OK: 0.011 seconds response time. 152.19.134.192 returns vm12.fedora.ibiblio.org.|time=0.010836s;;;0.000000
[root@noc02 ~][PROD]# /usr/lib64/nagios/plugins/check_dns --querytype=SOA -H 152.19.134.192
DNS CRITICAL - query type of -querytype=SOA was not found for 152.19.134.192
[root@noc02 ~][PROD]# /usr/lib64/nagios/plugins/check_dns --querytype=ANY -H 152.19.134.192
DNS OK: 0.010 seconds response time. 152.19.134.192 returns vm12.fedora.ibiblio.org.|time=0.010197s;;;0.000000
[root@noc02 ~][PROD]# /usr/lib64/nagios/plugins/check_dns --querytype=MX -H 152.19.134.192
DNS CRITICAL - query type of -querytype=MX was not found for 152.19.134.192
[root@noc02 ~][PROD]# /usr/lib64/nagios/plugins/check_dns --querytype=TXT -H 152.19.134.192
DNS CRITICAL - query type of -querytype=TXT was not found for 152.19.134.192

```

so my guess is that it only allows those for IP addresses?

Comment 12 Attila 2022-11-14 14:59:00 UTC
(In reply to Stephen John Smoogen from comment #11)
> I was able to replicate the problem in
> `nagios-plugins-dns-2.3.3-2.el7.x86_64` so it has been there for a long
> time. I think it is some other reason as very few of the allowed querytypes
> work for an ip address. Only PTR and ANY 
> ```
> [root@noc02 ~][PROD]# /usr/lib64/nagios/plugins/check_dns -q CNAME -H
> 152.19.134.192
> DNS CRITICAL - query type of -querytype=CNAME was not found for
> 152.19.134.192
> [root@noc02 ~][PROD]# /usr/lib64/nagios/plugins/check_dns --querytype=CNAME
> -H 152.19.134.192
> DNS CRITICAL - query type of -querytype=CNAME was not found for
> 152.19.134.192
> [root@noc02 ~][PROD]# /usr/lib64/nagios/plugins/check_dns --querytype=PTR -H
> 152.19.134.192
> DNS OK: 0.011 seconds response time. 152.19.134.192 returns
> vm12.fedora.ibiblio.org.|time=0.010836s;;;0.000000
> [root@noc02 ~][PROD]# /usr/lib64/nagios/plugins/check_dns --querytype=SOA -H
> 152.19.134.192
> DNS CRITICAL - query type of -querytype=SOA was not found for 152.19.134.192
> [root@noc02 ~][PROD]# /usr/lib64/nagios/plugins/check_dns --querytype=ANY -H
> 152.19.134.192
> DNS OK: 0.010 seconds response time. 152.19.134.192 returns
> vm12.fedora.ibiblio.org.|time=0.010197s;;;0.000000
> [root@noc02 ~][PROD]# /usr/lib64/nagios/plugins/check_dns --querytype=MX -H
> 152.19.134.192
> DNS CRITICAL - query type of -querytype=MX was not found for 152.19.134.192
> [root@noc02 ~][PROD]# /usr/lib64/nagios/plugins/check_dns --querytype=TXT -H
> 152.19.134.192
> DNS CRITICAL - query type of -querytype=TXT was not found for 152.19.134.192
> 
> ```
> 
> so my guess is that it only allows those for IP addresses?

Hi,

you did not try the "-querytype=A" as far as I can see.
Anyway, thanks for the hints.
I played around a bit in the meantime and here is the result:

/usr/lib64/nagios/plugins/check_dns -q A -H 8.8.8.8
DNS CRITICAL - query type of -querytype=A was not found for 8.8.8.8

/usr/lib64/nagios/plugins/check_dns -q A -H dns.google
DNS OK: 0,023 seconds response time. dns.google returns 8.8.4.4,8.8.8.8|time=0,022991s;;;0,000000

It works with hostname, but it doesn't with IP addresses.


Note You need to log in before you can comment on or make changes to this bug.