heise Netze has an updated article (in German) on how to monitor your own server's existance on a DNS black-list (DNSBL) with Nagios. (Icinga will work just as well, of course.)
The script is simple enough, and should pose no problem getting that into Nagios. It is also very easy to add or remove DNS black-lists, depending on your requirements.
(As far as I'm concerned, there is a bug in the script: if you run it on a
host that has its own local caching name server (i.e.
points to 127.0.0.1), then the
grep command will always be true because
nslookup stupidly gives out the address of the name server it uses. The
change is simple: replace the single word "
nslookup" on line 63 by "
+short" to fix the problem. The line should read
if dig +short $ip_arpa.$i | grep -q "127.0.0." ;
If they'd read my book they would know to never use
When the script runs via Nagios (test it on the command line first), it reverses the four octets (needs work for IPv6) of the IP address you specify and queries the DNS for this reversed IP. If all is well (i.e. your MTA is not on a black-list), you should see something like this:
$ nagdnsbl.sh -H 195.98.aa.bb OK - 195.98.aa.bb not on 21 DNSBLs
If, on the other hand, the IP you specif is listed, you'd see:
$ nagdnsbl.sh -H 84.61.xx.yy DNSBL-Alarm: 84.61.xx.yy is listed on blackholes.five-ten-sg.com DNSBL-Alarm: 84.61.xx.yy is listed on dnsbl.sorbs.net DNSBL-Alarm: 84.61.xx.yy is listed on pbl.spamhaus.org DNSBL-Alarm: 84.61.xx.yy is listed on l2.apews.org $ echo $? 1
The script exits with code 0 (OK) if the IP isn't listed, and with code 1 (WARNING) if it is. I'd set that to 2 (CRITICAL), because the mere existance of your IP on a DNSBL can be quite detrimental to your business.
Thanks, Michael, for the heads-up!