[Dshield] Nagios & DNS - Tuesday Morning

Mark Tombaugh mtombaugh at alliedcc.com
Wed Jun 16 19:41:29 GMT 2004

Hey list,

If anyone is wondering why their nagios DNS alerts lit up on Tuesday morning, 
its sort of a false positive. By default, nagios uses www.yahoo.com in its 
DNS checkcommand:

etc/checkcommands.cfg:  command_line    $USER1$/check_dns -H www.yahoo.com -s 

Since the ddos against Akamai diminished name resolution of www.yahoo.com our 
DNS monitors, and I'm assuming almost anyone using nagios, lit up across the 
board. Took me a minute to clue myself as to why this happened, I hope this 
helps others, if there are any, looking for the same clue.


Mark Tombaugh <mtombaugh at alliedcc.com>
Allied Computer Corporation <http://www.alliedcc.com>
USiHOST, iNC <http://www.usihost.com>

More information about the list mailing list