What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

How can I monitor TXT records on my DNS with PRTG?

Votes:

0

I have got TXT records that I need to check on my domain because SPF, DKIM, or other services require these records. I would like PRTG to confirm that the records exist and that their content is correct.

How can I monitor the TXT records with PRTG?

custom-exe custom-script-exe custom-sensor data-txt dns prtg record txt

Created on Nov 15, 2016 11:11:24 AM by Luciano Lingnau [Paessler]

Last change on Nov 16, 2016 1:02:25 PM by Martina Wittmann [Paessler Support]



7 Replies

Accepted Answer

Votes:

1

This article applies to PRTG Network Monitor 16 or later

Monitoring TXT Records on Your DNS with PRTG

Update: As of PRTG 20.2.59, you can use the native DNS v2 sensor to monitor TXT records.

If you need to monitor your Domain Name Service (DNS) server, PRTG offers you a built-in DNS Sensor. It is compatible with the following record types:

  • Host address IPv4 (A)
  • Host address IPv6 (AAAA)
  • Authoritative name server (NS)
  • Start of a zone of authority marker (SOA)
  • Domain name pointer (PTR)
  • Mail exchange (MX)
  • Canonical name for an alias (CNAME)

Currently, the DNS Sensor cannot natively query TXT DNS records. However, you can use an EXE/Script Advanced Sensor and an appropriate PowerShell script to monitor your TXT records. Just read on to see how this works.

Custom PowerShell Script for DNS Records in TXT Format

PRTG offers an API also for custom sensors. This means that you can write your own sensors and use them within PRTG. Consider, for instance, the following PowerShell script that polls and evaluates TXT DNS records:

# Monitor the content of TXT DNS records in PRTG v0.2 15/11/2016
#
# Parameters in PRTG must be: "*Text to match*"(wildcard allowed), Domain and DNS Server. Example:
# -text '*spf*' -domain 'google.com' -server '8.8.8.8'
# -text '*include*_spf.google.com*' -domain 'google.com' -server '8.8.4.4'
#
# It's recommended to use large scanning intervals for exe/xml scripts (not below 300 seconds).
# Warning: When there are multiple matches only the first record will be matched. Plan accordingly.

param(
    [string]$text = "*spf*",
    [string]$domain = "google.com",
    [string]$server = "8.8.8.8"
)

$exectime = [System.Diagnostics.Stopwatch]::StartNew()

try {
    $txtrecords = Resolve-DnsName -Name $domain -Type 'TXT' -Server $server -ErrorAction Stop
}catch{
    Write-Output "<prtg>"
    Write-Output "<error>1</error>"
    Write-Output "<text>DNS Query Failed: $($_.Exception.Message)</text>"
    Write-Output "</prtg>"
    Exit
}

foreach($entry in $txtrecords){
    if ($entry.Strings.ToLower() -like $text.ToLower() ){
            $result  = 1 #Yes
            $content = "Match: "+$entry.Strings.ToLower()
            break
    }else{
            $result = 2 #No
            $content = "No Match for: "+$text.ToLower()
    }
}

Write-Output "<prtg>"

Write-Output "<result>"
Write-Output "<channel>Record Matched</channel>"
Write-Output "<value>$($result)</value>"
Write-Output "<valuelookup>prtg.standardlookups.yesno.stateyesok</valuelookup>"
Write-Output "</result>"

Write-Output "<result>"
Write-Output "<channel>ExecTime</channel>"
Write-Output "<value>$($exectime.ElapsedMilliseconds)</value>"
Write-Output "<CustomUnit>msecs</CustomUnit>"
Write-Output "</result>"

Write-Output "<text>$($content)</text>"
Write-Output "</prtg>"

How to Use This TXT Records PowerShell Script

The above script essentially uses the provided parameters (text, domain and server) to perform a query for all TXT records on the given DNS address. The found records will then be checked against the provided text, thus allowing you to confirm the existence and content of TXT records used for SPF or domain verification.

Note: The script supports wildcards for the evaluation of text.

Note: If you have multiple TXT records, up to 25 of them will all be evaluated. But once there is a match, regarding the text parameter,only this first match will be evaluated, although multiple matches might be possible. Please take this into account and plan accordingly.

How to Setup Your TXT DNS Records Sensor

  1. If you want to use the above PowerShell script, you can either copy the script text above, paste it into a new file and create a .ps1 file from it, or you can just download it here.
  2. Copy your .ps1 file or the downloaded PS Query TXT Recordv2.ps1 file to the %Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXEXML\ folder. See the Paessler Knowledge Base if you want to know more about How and Where PRTG stores its data.
  3. In your PRTG installation, go to your device and add a new EXE/Script Advanced Sensor.
  4. In the sensor settings, enter valid Parameters, for example, -text 'v=spf1 include:_spf.google.com all' -domain 'google.com' -server '8.8.4.4'. You may use Placeholders. For the text parameter, use * for wildcard match, for example '*spf*1.2.3.4*'.

https://media.paessler.com/kb/2016/72087/screenshot/sensor_settings_650.png
Click here to enlarge.

You're done! This is how your sensor looks like: https://media.paessler.com/kb/2016/72087/screenshot/sensor_overview_650.png
Click here to enlarge.

Note: Please note that we cannot provide in-depth technical support for custom scripts. Scripts are provided without warranty and for use at own risk.

More

Created on Nov 15, 2016 11:15:33 AM by Luciano Lingnau [Paessler]

Last change on Apr 10, 2024 2:41:12 PM by Fruzsina Ébelle [Paessler Support]



Votes:

1

I'd like to add a request to get native TXT record handling built in to the DNS sensor please.

Created on Jul 31, 2017 11:48:28 AM



Votes:

0

Hello Robin,
thank you for your KB-Post.

Did you have any issues using the Custom sensor? While we also like the idea of having this feature built-in, we're currently working on other parts on PRTG, especially since there is a working workaround available for this (the script above).

Best Regards,
Luciano Lingnau [Paessler Support]

Created on Aug 1, 2017 7:19:36 AM by Luciano Lingnau [Paessler]



Votes:

0

Come on! a workaround is not the best added value to a non-native solution like PRTG. If we rely on home made scripts, then why not just monitor everything with script and show auditors that we are clean and rely on ZERO third parties for monitoring.

Created on Nov 21, 2017 11:27:47 AM



Votes:

0

Hello mickrose, you're entitled to your opinion, but:

As an auditor I would prefer this home-made script because I can actually see how it works as what it does, it will behave as coded and the code is public. And several scripts are still not a monitoring system. You could use it as one, but it still lacks an interface, user access control, notification system, dashboards, reports, a database and about all the rest.

Creating a monitoring software that is able to support every possible piece of hardware and every piece of software in every imaginable scenario is not realistically possible. We do our best to make PRTG as flexible as we can and make it work in the most common scenarios and situations, but we definitively want to allow the customization and the creation of custom sensors for people that want to go beyond the default available sensorset, for example, using this script for more granularity when working with DNS.

Best Regards,
Luciano Lingnau [Paessler Support]

Created on Nov 21, 2017 1:17:33 PM by Luciano Lingnau [Paessler]



Votes:

0

Does someone has an idea to monitor the CAA information in DNS with PRTG?

It's a pity, neither nslookup nor Resolve-DnsName support a query of CAA records. Is there a way in PRTG to monitor the CAA information if DNS to be sure, automatic certificate updates like it is common for Let's Encrypt, does not fail with an error because of changed CAA information.

Are there any plans to add check of data in CAA record to DNSv2 sensor?

Best Regards,
Ulrich

Created on Oct 14, 2020 10:13:27 AM



Votes:

0

Hello Thomas,

Thank you for your message.

Regarding the DNSv2 sensor, I'm afraid that there is no plan to monitor CAA records in the near future. As of now, the only way I would recommend is to use a custom script with the EXE/Script sensors in PRTG.

Here are the manual of the EXE sensors:

Kind regards.

Created on Oct 15, 2020 8:35:09 AM by Florian Lesage [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.