If your like me your always looking for ways to be notified of things changing in your IT Environment. There are many tools that you can use to help do this. StatusCake is a great free online tool for monitoring website and IP level uptime and downtime with baked in email notifications. Zeonoss and NAGIOS are great tools that can offer the same with SNMP Monitoring baked in as well.
But what about DNS monitoring. You heard me, what if you want to monitor or be notified on DNS record change. I know what your thinking likely DNS changes are cleared by tons of red tape, requiring access to the domain registrar in most cases and when a change is made its typically planned, right? Not always. If your part of a large web team perhaps you want the added peace of mind knowing that you have a monitoring system to notify you if a DNS record changes.
Thats where this little GEM that I wrote today, comes into play. DIG is a little known tool on Linux and OSX servers that allows you to check a DNS record. You can then use Bash to search for a word in the record to ensure that it hasn’t been changed. In this example what I am doing is monitoring a _dmarc record for the word reject. DMARC is a great email DNS tool that forces any email provider to pass SPF and DKIM checks before an email is accepted from their system in an attempt to stop spoofing.
On our team sometimes we change this record to P=NONE while testing and sometimes we forget to put it back to P=REJECT which has caused our fair share of problems. This little script comes in handy to notify us when this is forgotten.
As you can see the code is pretty self explanatory and well commented. I will just note, this script uses SendGrid a great tool for adding email notifications to your bash scripts. I highly recommend setting up a free account, you will likely never need to pay for it if its used for daily monitoring. Now lets talk about installation and scheduling.
To install this simply copy the script to a file on your server. My favorite method for doing this is using touch.
Once done, change the permissions on the file to allow it to execute.
To schedule this setup a CRON JOB on your server by running these commands
Thats it. I hope you find my script useful. Please post suggestions for improvements and questions in the comments below. If you like it you can check the script out directly at my GIT Repo and like and follow me there!
We have assisted many businesses in implementing MDMs, developing custom security policies and procedures, and redesigning their networks.The list goes on and on. Contact us today and see how we can help you too.Contact Sales
We are a remote and fully distributed, Nationwide Apple focused MSP serving Washington DC, Philadelphia, New York, Chicago, San Francisco, San Diego & more.
We focus on providing top notch Mac Support for small to mid-sized businesses. Contact us, and learn how we can help your company.