heise Netze has an updated article (in German) on how to monitor your own server’s existance on a DNS black-list (DNSBL) with Nagios. (Icinga will work just as well, of course.)

The script is simple enough, and should pose no problem getting that into Nagios. It is also very easy to add or remove DNS black-lists, depending on your requirements.

(As far as I’m concerned, there is a bug in the script: if you run it on a host that has its own local caching name server (i.e. /etc/resolv.conf points to, then the grep command will always be true because nslookup stupidly gives out the address of the name server it uses. The change is simple: replace the single word “nslookup” on line 63 by “dig +short” to fix the problem. The line should read

    if dig +short $ip_arpa.$i | grep -q "127.0.0." ;

If they’d read my book they would know to never use nslookup. :-) )

When the script runs via Nagios (test it on the command line first), it reverses the four octets (needs work for IPv6) of the IP address you specify and queries the DNS for this reversed IP. If all is well (i.e. your MTA is not on a black-list), you should see something like this:

    $ nagdnsbl.sh -H 195.98.aa.bb
    OK - 195.98.aa.bb not on 21 DNSBLs

If, on the other hand, the IP you specif is listed, you’d see:

    $ nagdnsbl.sh -H 84.61.xx.yy
    DNSBL-Alarm: 84.61.xx.yy is listed on blackholes.five-ten-sg.com
    DNSBL-Alarm: 84.61.xx.yy is listed on dnsbl.sorbs.net
    DNSBL-Alarm: 84.61.xx.yy is listed on pbl.spamhaus.org
    DNSBL-Alarm: 84.61.xx.yy is listed on l2.apews.org
    $ echo $?

The script exits with code 0 (OK) if the IP isn’t listed, and with code 1 (WARNING) if it is. I’d set that to 2 (CRITICAL), because the mere existance of your IP on a DNSBL can be quite detrimental to your business.

Thanks, Michael, for the heads-up!

Mail, Exim, Nagios, DNS, CLI, MTA, and DNSBL :: 11 Sep 2009 :: e-mail