What problems this application tries to solve? UDP can't be easily checked. This application checks the local DNS and optionally Consul DNS and serves the status through a Web page.
This applications runs a Web server and it:
I use it in conjunction with LVS and my understanding is that LVS does not allow to run multiple instances of the same check. For instance, LVS has a `DNS_CHECK` statement, but in my case I need to run it multiple times, to check either the DNS and Consul DNS.
* runs an external command to create a JSON file (this functionality should be moved into this app)
* transform json object into html table
This application runs as a daemon on the same machine where the DNS is running and it can be used in conjunction with your UDP load-balancer to check the status of your DNS.
* serves json object as API
* serves html pages
You can also use it from Nagios, Sensu and issue a simple HTTP check.
go build -ldflags"-s -w -X main.appVersion=${PROG_VERSION} -X main.buildTime=${BUILDTIME}"-o acme-web
go get -ldflags"-s -w -X main.appVersion=${PROG_VERSION} -X main.buildTime=${BUILD_TIME}" .
```
## Keepalived and LVS
For instance, with Keepalived + LVS I am using a configuration as follows:
```txt
HTTP_GET {
connect_port 10053
connect_timeout 3
delay_before_retry 1
http_protocol 1.1
nb_get_retry 2
url {
digest 6d3bcaba1fff8c5a461669b409c1a6d2
path /ipv4
}
}
```
the digest is calculated using this command (`genhash` belongs to keepalived package):
```bash
genhash -s 127.0.0.1 -p 10053 -u /ipv4
```
And if you receive a 200 status code, you'll get the same digest as mine, because the digest is computed against the small HTML snippet embedded in the `main.go`.
You could also use the HTTP status code: `man keepalived.conf` and search for `status_code`.
## Available options
You can check the options as follows:
```shell
$ dns-checker --help
DNS Checker:
- checks DNS and optionally Consul and report the status on a Web page
-b--build Print version and build information and exit
-v--version Print version information and exit
--listen-address=LISTENADDRESS Web server address. Check Go net/http documentation [default: any]
--listen-port=LISTENPORT Web server port [default: 8000]
--verbose Log also successful connections
```
Once it is installed you can check the status using curl (with `curl -I` you get the status code):
```bash
curl http://localhost:8000/sectigo_ev/index.html
```
```
## Setting up systemd
## Setting up systemd
In this case I am also checking Consul, and I check the existance of one local record called `dumb-record.dumb.zone` in the DNS and one record called `consul.service.domain.org` in Consul.
Check `acme-web.service` in this repository
It is not sensible to check for a record on a forwarded zone, because there can be a problem elsewhere (in the network, or in he SOA of the other domain) and we don't want to bring our DNS down if something else is broken.
In this case I run it as `unbound` user because I use unbound:
