I have got TXT records that I need to check on my domain because SPF, DKIM, or other services require these records. I would like PRTG to confirm that the records exist and that their content is correct.
How can I monitor the TXT records with PRTG?
I have got TXT records that I need to check on my domain because SPF, DKIM, or other services require these records. I would like PRTG to confirm that the records exist and that their content is correct.
How can I monitor the TXT records with PRTG?
custom-exe custom-script-exe custom-sensor data-txt dns prtg record txt
Created on Nov 15, 2016 11:11:24 AM by
Luciano Lingnau [Paessler]
Last change on Nov 16, 2016 1:02:25 PM by
Martina Wittmann [Paessler Support]
7 Replies
This article applies to PRTG Network Monitor 16 or later
Update: As of PRTG 20.2.59, you can use the native DNS v2 sensor to monitor TXT records.
If you need to monitor your Domain Name Service (DNS) server, PRTG offers you a built-in DNS Sensor. It is compatible with the following record types:
Currently, the DNS Sensor cannot natively query TXT DNS records. However, you can use an EXE/Script Advanced Sensor and an appropriate PowerShell script to monitor your TXT records. Just read on to see how this works.
PRTG offers an API also for custom sensors. This means that you can write your own sensors and use them within PRTG. Consider, for instance, the following PowerShell script that polls and evaluates TXT DNS records:
# Monitor the content of TXT DNS records in PRTG v0.2 15/11/2016 # # Parameters in PRTG must be: "*Text to match*"(wildcard allowed), Domain and DNS Server. Example: # -text '*spf*' -domain 'google.com' -server '8.8.8.8' # -text '*include*_spf.google.com*' -domain 'google.com' -server '8.8.4.4' # # It's recommended to use large scanning intervals for exe/xml scripts (not below 300 seconds). # Warning: When there are multiple matches only the first record will be matched. Plan accordingly. param( [string]$text = "*spf*", [string]$domain = "google.com", [string]$server = "8.8.8.8" ) $exectime = [System.Diagnostics.Stopwatch]::StartNew() try { $txtrecords = Resolve-DnsName -Name $domain -Type 'TXT' -Server $server -ErrorAction Stop }catch{ Write-Output "<prtg>" Write-Output "<error>1</error>" Write-Output "<text>DNS Query Failed: $($_.Exception.Message)</text>" Write-Output "</prtg>" Exit } foreach($entry in $txtrecords){ if ($entry.Strings.ToLower() -like $text.ToLower() ){ $result = 1 #Yes $content = "Match: "+$entry.Strings.ToLower() break }else{ $result = 2 #No $content = "No Match for: "+$text.ToLower() } } Write-Output "<prtg>" Write-Output "<result>" Write-Output "<channel>Record Matched</channel>" Write-Output "<value>$($result)</value>" Write-Output "<valuelookup>prtg.standardlookups.yesno.stateyesok</valuelookup>" Write-Output "</result>" Write-Output "<result>" Write-Output "<channel>ExecTime</channel>" Write-Output "<value>$($exectime.ElapsedMilliseconds)</value>" Write-Output "<CustomUnit>msecs</CustomUnit>" Write-Output "</result>" Write-Output "<text>$($content)</text>" Write-Output "</prtg>"
The above script essentially uses the provided parameters (text, domain and server) to perform a query for all TXT records on the given DNS address. The found records will then be checked against the provided text, thus allowing you to confirm the existence and content of TXT records used for SPF or domain verification.
Note: The script supports wildcards for the evaluation of text.
Note: If you have multiple TXT records, up to 25 of them will all be evaluated. But once there is a match, regarding the text parameter,only this first match will be evaluated, although multiple matches might be possible. Please take this into account and plan accordingly.
You're done! This is how your sensor looks like:
Click here to enlarge.
Note: Please note that we cannot provide in-depth technical support for custom scripts. Scripts are provided without warranty and for use at own risk.
Created on Nov 15, 2016 11:15:33 AM by
Luciano Lingnau [Paessler]
Last change on May 26, 2020 11:38:58 AM by
Maike Guba [Paessler Support]
I'd like to add a request to get native TXT record handling built in to the DNS sensor please.
Hello Robin,
thank you for your KB-Post.
Did you have any issues using the Custom sensor? While we also like the idea of having this feature built-in, we're currently working on other parts on PRTG, especially since there is a working workaround available for this (the script above).
Best Regards,
Luciano Lingnau [Paessler Support]
Come on! a workaround is not the best added value to a non-native solution like PRTG. If we rely on home made scripts, then why not just monitor everything with script and show auditors that we are clean and rely on ZERO third parties for monitoring.
Hello mickrose, you're entitled to your opinion, but:
As an auditor I would prefer this home-made script because I can actually see how it works as what it does, it will behave as coded and the code is public. And several scripts are still not a monitoring system. You could use it as one, but it still lacks an interface, user access control, notification system, dashboards, reports, a database and about all the rest.
Creating a monitoring software that is able to support every possible piece of hardware and every piece of software in every imaginable scenario is not realistically possible. We do our best to make PRTG as flexible as we can and make it work in the most common scenarios and situations, but we definitively want to allow the customization and the creation of custom sensors for people that want to go beyond the default available sensorset, for example, using this script for more granularity when working with DNS.
Best Regards,
Luciano Lingnau [Paessler Support]
Does someone has an idea to monitor the CAA information in DNS with PRTG?
It's a pity, neither nslookup nor Resolve-DnsName support a query of CAA records. Is there a way in PRTG to monitor the CAA information if DNS to be sure, automatic certificate updates like it is common for Let's Encrypt, does not fail with an error because of changed CAA information.
Are there any plans to add check of data in CAA record to DNSv2 sensor?
Best Regards,
Ulrich
Hello Thomas,
Thank you for your message.
Regarding the DNSv2 sensor, I'm afraid that there is no plan to monitor CAA records in the near future. As of now, the only way I would recommend is to use a custom script with the EXE/Script sensors in PRTG.
Here are the manual of the EXE sensors:
Kind regards.
Please log in or register to enter your reply.
©2023 Paessler AG Terms & Conditions Privacy Policy Legal Notice Download & Install
Add comment