Use delv to monitor your DNSSEC configuration in icinga2

First you need to install delv. delv is a new diagnostic tool like dig, but with improved DNSSEC support (read more). It comes with bind 9.10 and newer. If you’re already using bind >9.10 then it should be already installed. Otherwise you can grab the latest bind tarball, compile it and use the compiled delv binary:

Then download the check_delv nagios plugin script:

Add a command definition to icinga2 by creating /etc/icinga2/conf.d/check_delv.conf with the following content:

Also add an service definition to /etc/icinga2/conf.d/services.conf:

Now configure the domains your want to monitor in your host definitions. For example to monitor markusbenning.de:

Checking your IP against RBLs in icinga2

To make sure that your IP is listed on any RBL you can implement a daily check in icinga2.

The check can be implement with the check_rbl script:

https://trac.id.ethz.ch/projects/nagios_plugins/wiki/check_rbl

The script has a few perl module dependencies. To install them on a debian system execute:

Then download the script and make it executable:

Also download a copy of the configuration file:

Edit the configuration file and add/remove RBLs as needed. When writting this, the list still included the retired AHBL blacklist. To disable it comment the following line:

Now its time to start a test run:

The script will display all checked RBLs and exit with a Nagios status line:

Now add the command/service definitions to your icinga2 configuration and apply the rbl_address to your hosts definition.

Create /etc/icinga2/conf.d/check_rbl.conf with the following content:

Add the following service description to your /etc/icinga2/conf.d/services.conf:

And a rbl_address variable to all hosts you want to check:

Restart the icinga2 service and see the results in icinga-web.

SMS notifications in icinga2 with sms77.de

The sms77.de service could be used to send SMS notifications from icinga2.

First create a service account at sms77.de and install the sms77send command which comes with the SMS::SMS77 perl module:

You may want to send a test message to your mobile:

To be able to call sms77send from icinga2 you need to place the following wrapper script in /etc/icinga2/scripts/sms77-service-notification.sh:

Place the following command definition in /etc/icinga2/conf.d/commands.conf:

Place a template for the notification in /etc/icinga2/conf.d/templates.conf:

And the notification in /etc/icinga2/conf.d/notifications.conf:

To activate SMS notifications for a host add the following lines to your host definition in /etc/icings2/conf.d/hosts.conf:

And your mobile phone number to your contact in /etc/icinga2/conf.d/users.conf (eg. within object User icingaadmin):