dns
indexsource tools

CHECK_WHOIS

Use this plugin with Nagios to be notified when a domain is about to expire. You can download the source.

Dependencies

  • Date::Manip Perl module

Operation

When called, the plugin spawns a whois query for the domain to be tested. It then parses the output for expiration times and registrar.

The plugin returns a "warning" when the domain expires in less than one month. It returns "critical" when the domain expires in less than one week.

How to use

Since Nagios normally monitors "hosts," instead of "zones" (or domains), we have to to trick it just a little bit. For example, create a pseudo-host with the name of the zone. Since you might already have a host named after the zone, prefix the host name with "zone":

define host {
        name                    dns-zone
        hostgroups              dns-zones
        ...
        register                0
        }

define host {
        use                     dns-zone
        host_name               zone.example.com
        alias                   ZONE example.com
        }

Next, define a command and service:

define command {
        command_name    check-whois
        command_line    /usr/local/libexec/nagios-local/check_whois $HOSTADDRESS$
        }

define service {
        name                    whois-service
        servicegroups           whois-service-group
        service_description     WHOIS
        check_command           check-whois
        ...
        register                0
        }

define service {
        use                     whois-service
        host_name               zone.example.com
        }

Note that the check_whois script will receive zone.example.com as the argument. The script strips off the leading "zone." from this argument.

Notes

The plugin may not yet work with all registrars, since their output formats differ. If you pass the -x option to the script, it won't complain about not finding registrar or expiration data. Please notify us if you find an example where the whois data is not correctly parsed.

You can use the -s string option to make it complain if it does not find "string" in the whois output. This might be useful, for example, to make sure that your primary name server is always listed (i.e., check for domain hijacking).

The .ORG whois server is known to rate limit queries. You may exceed this limit when Nagios first starts up, resulting in bogus alerts.

© 2020 The Measurement Factory.