#!/usr/bin/env bash set -o errexit set -o nounset set -o pipefail host_name="" port="" count=3 timeout_seconds=3 usage() { cat <<'USAGE' Usage: check_dns_connectivity.sh --host HOST [--port PORT] [--count COUNT] [--timeout SECONDS] [--help] Check DNS resolution, ping, optional TCP connectivity, and local route hints. USAGE } is_number() { [[ "$1" =~ ^[0-9]+$ ]] } while (($# > 0)); do case "$1" in --host) [[ $# -ge 2 ]] || { printf 'CRITICAL: --host requires a value\n'; exit 2; }; host_name="$2"; shift 2 ;; --port) [[ $# -ge 2 ]] || { printf 'CRITICAL: --port requires a value\n'; exit 2; }; port="$2"; shift 2 ;; --count) [[ $# -ge 2 ]] || { printf 'CRITICAL: --count requires a value\n'; exit 2; }; count="$2"; shift 2 ;; --timeout) [[ $# -ge 2 ]] || { printf 'CRITICAL: --timeout requires a value\n'; exit 2; }; timeout_seconds="$2"; shift 2 ;; --help|-h) usage; exit 0 ;; *) printf 'CRITICAL: unknown option: %s\n' "$1"; usage; exit 2 ;; esac done if [[ -z "$host_name" ]]; then printf 'CRITICAL: --host is required\n' usage exit 2 fi for value in "$count" "$timeout_seconds"; do if ! is_number "$value"; then printf 'CRITICAL: numeric option expected, got: %s\n' "$value" exit 2 fi done if [[ -n "$port" ]] && ! is_number "$port"; then printf 'CRITICAL: --port must be numeric\n' exit 2 fi if ! command -v getent >/dev/null 2>&1; then printf 'CRITICAL: required command not found: getent\n' exit 2 fi dns_ok=0 ping_ok=0 tcp_ok=0 tcp_checked=0 tcp_note="" ping_output="$(mktemp)" trap 'rm -f "$ping_output"' EXIT dns_output="$(getent hosts "$host_name" 2>/dev/null || true)" if [[ -n "$dns_output" ]]; then dns_ok=1 fi if command -v ping >/dev/null 2>&1; then if ping -c "$count" -W "$timeout_seconds" "$host_name" > "$ping_output" 2>&1; then ping_ok=1 fi else printf 'WARNING: ping command not available; ICMP check skipped\n' > "$ping_output" fi if [[ -n "$port" ]]; then tcp_checked=1 if command -v timeout >/dev/null 2>&1; then if timeout "$timeout_seconds" bash -c ":/dev/null 2>&1; then tcp_ok=1 fi else tcp_note="WARNING: timeout command not available; TCP /dev/tcp check used without external timeout" if bash -c ":/dev/null 2>&1; then tcp_ok=1 fi fi fi status="OK" exit_code=0 if ((dns_ok == 0)); then status="CRITICAL" exit_code=3 elif ((tcp_checked == 1 && tcp_ok == 0)); then status="CRITICAL" exit_code=3 elif command -v ping >/dev/null 2>&1 && ((ping_ok == 0)); then status="WARNING" exit_code=1 fi printf '%s: DNS=%s ping=%s' "$status" "$([[ "$dns_ok" == 1 ]] && printf OK || printf FAILED)" "$([[ "$ping_ok" == 1 ]] && printf OK || printf UNKNOWN_OR_FAILED)" if ((tcp_checked == 1)); then printf ' tcp_%s=%s' "$port" "$([[ "$tcp_ok" == 1 ]] && printf OK || printf FAILED)" fi printf '\n\n' printf 'DNS result:\n' if [[ -n "$dns_output" ]]; then printf '%s\n' "$dns_output" else printf 'CRITICAL: getent hosts returned no records for %s\n' "$host_name" fi printf '\n' printf 'Ping result:\n' if [[ -s "$ping_output" ]]; then cat "$ping_output" else printf 'WARNING: ping result unavailable or ping command missing\n' fi printf '\n' if ((tcp_checked == 1)); then printf 'TCP port result:\n' if ((tcp_ok == 1)); then printf 'OK: TCP connection to %s:%s succeeded\n' "$host_name" "$port" else printf 'CRITICAL: TCP connection to %s:%s failed or timed out\n' "$host_name" "$port" fi if [[ -n "$tcp_note" ]]; then printf '%s\n' "$tcp_note" fi printf '\n' fi printf 'Local network hints:\n' if command -v ip >/dev/null 2>&1; then ip route show default 2>/dev/null || printf 'WARNING: unable to read default route\n' elif command -v ss >/dev/null 2>&1; then ss -tuln 2>/dev/null | head -n 20 || printf 'WARNING: unable to read socket summary\n' else printf 'WARNING: ip and ss are unavailable; local network hints skipped\n' fi printf '\n' printf 'Evidence:\n' printf 'Host: %s count=%s timeout=%ss port=%s\n' "$host_name" "$count" "$timeout_seconds" "${port:-not checked}" if [[ -n "$tcp_note" ]]; then printf '%s\n' "$tcp_note" fi printf '\n' printf 'Recommended next steps:\n' printf -- '- Verify the DNS record and resolver path\n' printf -- '- Check firewall, routing, security group, or proxy policy\n' printf -- '- Compare results from another host or network segment\n' printf -- '- Check application endpoint health after network reachability is confirmed\n' printf -- '- Attach this output to incident ticket\n' exit "$exit_code"