48 lines
1.7 KiB
YAML
48 lines
1.7 KiB
YAML
groups:
|
|
- name: dns
|
|
rules:
|
|
- alert: DnsSerialDesync
|
|
for: 5m
|
|
expr: count by (zone) (count_values by (zone) ("serial", dns_probe_soa_serial)) > 1
|
|
labels:
|
|
severity: critical
|
|
annotations:
|
|
summary: Serial out of sync
|
|
description: Nameservers for zone {{ $labels.zone }} are serving {{ $value }} different values of the serial
|
|
|
|
- alert: DnsNsMismatch
|
|
for: 5m
|
|
expr:
|
|
count by (nameserver, zone) (dns_probe_ns_set) != on (zone) group_left count by (zone) (group by (target, zone) (dns_probe_ns_set))
|
|
labels:
|
|
severity: critical
|
|
annotations:
|
|
summary: NS out of sync
|
|
description: The nameserver {{ $labels.nameserver }} is not serving all NS for zone {{ $labels.zone }} (found {{ $value }} NS).
|
|
|
|
- alert: DnssecSignatureExpiration
|
|
expr: min by(zone, keytag) (dns_probe_soa_rrsig_expiration) - time() < (7 * 86400)
|
|
labels:
|
|
severity: warning
|
|
annotations:
|
|
summary: DNSSEC signatures expire soon
|
|
description: Signatures of zone {{ $labels.zone }} will expire in {{ $value | humanizeDuration }}.
|
|
|
|
- alert: DnsProbeNameserverFetchFailed
|
|
for: 5m
|
|
expr: dns_probe_resolve_nameservers_success == 0
|
|
labels:
|
|
severity: warning
|
|
annotations:
|
|
summary: Failed to resolved NS
|
|
description: The probe failed to resolve the nameserver list for the zone {{ $labels.zone }}.
|
|
|
|
- alert: DnsQueryFailed
|
|
for: 5m
|
|
expr: dns_probe_query_success == 0
|
|
labels:
|
|
severity: critical
|
|
annotations:
|
|
summary: Failed to query nameserver
|
|
description: The probe failed to query the nameserver {{ $labels.nameserver }} for name {{ $labels.name }} and type {{ $labels.type }}.
|