The status is now exposed in SNMP, carbon and prometheus.
static const oid dynBlockedOID[] = { DNSDIST_STATS_OID, 35 };
static const oid dynBlockedNMGSizeOID[] = { DNSDIST_STATS_OID, 36 };
static const oid ruleServFailOID[] = { DNSDIST_STATS_OID, 37 };
+static const oid securityStatusOID[] = { DNSDIST_STATS_OID, 38 };
static std::unordered_map<oid, DNSDistStats::entry_t> s_statsMap;
registerGauge64Stat("cpuSysMSec", cpuSysMSecOID, OID_LENGTH(cpuSysMSecOID), &getCPUTimeSystem);
registerGauge64Stat("fdUsage", fdUsageOID, OID_LENGTH(fdUsageOID), &getOpenFileDescriptors);
registerGauge64Stat("dynBlockedNMGSize", dynBlockedNMGSizeOID, OID_LENGTH(dynBlockedNMGSizeOID), [](const std::string&) { return g_dynblockNMG.getLocal()->size(); });
+ registerGauge64Stat("securityStatus", securityStatusOID, OID_LENGTH(securityStatusOID), [](const std::string&) { return g_stats.securityStatus.load(); });
netsnmp_table_registration_info* table_info = SNMP_MALLOC_TYPEDEF(netsnmp_table_registration_info);
stat_t cacheHits{0};
stat_t cacheMisses{0};
stat_t latency0_1{0}, latency1_10{0}, latency10_50{0}, latency50_100{0}, latency100_1000{0}, latencySlow{0};
+ stat_t securityStatus{0};
double latencyAvg100{0}, latencyAvg1000{0}, latencyAvg10000{0}, latencyAvg1000000{0};
typedef std::function<uint64_t(const std::string&)> statfunction_t;
- typedef boost::variant<stat_t*, double*, statfunction_t> entry_t;
+ typedef boost::variant<stat_t*, double*, statfunction_t, uint64_t*> entry_t;
std::vector<std::pair<std::string, entry_t>> entries{
{"responses", &responses},
{"servfail-responses", &servfailResponses},
{"cpu-sys-msec", getCPUTimeSystem},
{"fd-usage", getOpenFileDescriptors},
{"dyn-blocked", &dynBlocked},
- {"dyn-block-nmg-size", [](const std::string&) { return g_dynblockNMG.getLocal()->size(); }}
+ {"dyn-block-nmg-size", [](const std::string&) { return g_dynblockNMG.getLocal()->size(); }},
+ {"security-status", &securityStatus}
};
};
{ "fd-usage", MetricDefinition(PrometheusMetricType::gauge, "Number of currently used file descriptors")},
{ "dyn-blocked", MetricDefinition(PrometheusMetricType::counter, "Number of queries dropped because of a dynamic block")},
{ "dyn-block-nmg-size", MetricDefinition(PrometheusMetricType::gauge, "Number of dynamic blocks entries") },
+ { "security-status", MetricDefinition(PrometheusMetricType::gauge, "Security status of this software. 0=unknown, 1=OK, 2=upgrade recommended, 3=upgrade mandatory") },
};
};
"Number of ServFail responses returned because of a rule"
::= { stats 37 }
+securityStatus OBJECT-TYPE
+ SYNTAX CounterBasedGauge64
+ MAX-ACCESS read-only
+ STATUS current
+ DESCRIPTION
+ "Security status of this software. 0=unknown, 1=OK, 2=upgrade recommended, 3=upgrade mandatory"
+ ::= { stats 38 }
+
backendStatTable OBJECT-TYPE
SYNTAX SEQUENCE OF BackendStatEntry
MAX-ACCESS not-accessible
fdUsage,
dynBlocked,
dynBlockNMGSize,
+ securityStatus,
backendName,
backendLatency,
backendWeight,
errlog("PowerDNS DNSDist Security Update Mandatory: %s", securityMessage);
}
+ g_stats.securityStatus = securityStatus;
g_secPollDone = true;
return;
}
-------------
Number of ServFail answers returned because of a rule.
+security-status
+---------------
+.. versionadded:: 1.3.4
+
+The security status of :program:`dnsdist`. This is regularly polled.
+
+ * 0 = Unknown status or unreleased version
+ * 1 = OK
+ * 2 = Upgrade recommended
+ * 3 = Upgrade required (most likely because there is a known security issue)
+
self-answered
-------------
Number of self-answered responses.
'latency-avg1000000', 'uptime', 'real-memory-usage', 'noncompliant-queries',
'noncompliant-responses', 'rdqueries', 'empty-queries', 'cache-hits',
'cache-misses', 'cpu-user-msec', 'cpu-sys-msec', 'fd-usage', 'dyn-blocked',
- 'dyn-block-nmg-size', 'rule-servfail']
+ 'dyn-block-nmg-size', 'rule-servfail', 'security-status']
for key in expected:
self.assertIn(key, values)
projects / pdns / commitdiff