Module to monitor Public DNS Records.
Take in variables:
List fo Pubic DNS records to query: (google 8.8.8.8 etc)
Query: Records Type(CNAME, NS, A etc), Query Value (contoso.com, webmail.contoso.com), expected values: (single value or array of answers)
Alert if different etc.
This will allow us to monitor out public DNS records and give us a warning if something changes when it shouldn't critical if it is your Name Server records for example.
@Saqib this could be pretty easily achieved with PowerShell. PowerShell has a command Resolve-DnsName (https://docs.microsoft.com/en-us/powershell/module/dnsclient/resolve-dnsname) that allows you to poll for that information. You could set it up to do manual instances, and if you didn't want the results from the collector itself (which is where you'd be polling from), you could do PS Remoting and get those results from any windows machine that collector has access to (i.e., from different networks without having to install collectors at every location if you're not setup that way).
ProfessorI actually received a module from support a ways back that does this, or at least part of it. It works, but due to the limited communication channel, results are similarly limited. Input is a property, which is scanned via AD to build the instances, then those are checked using the server the property is defined upon. I just published the version I have now, but since it is code, it could be available soon or in months -- there is no way to know :).
WEW632
ProfessorI actually received a module from support a ways back that does this, or at least part of it. It works, but due to the limited communication channel, results are similarly limited. Input is a property, which is scanned via AD to build the instances, then those are checked using the server the property is defined upon. I just published the version I have now, but since it is code, it could be available soon or in months -- there is no way to know :).
WEW632
I'll probably be doing a session at LevelUp about running non-groovy/non-powershell scripts, which opens the door to doing python like this: https://www.adampalmer.me/iodigitalsec/2014/11/21/performing-dns-queries-python/
Really, it would be nice if we could build checks like this in the same way that we can build website checks, making them internal and/or external checks.
ProfessorIf there are integrations to get arguments, properties, etc. I agree. Embedded Powershell with token references is acceptable (sometimes very awkward). Passing values to scripts with the current argument specification methods is not great. It might be overkill to wrap everything up into JSON for external scripts, but something along those lines might work.
