hello board this question may be a little clean and green however,
I've been trying to set up Nagios NSCA for passive checks on a local ubuntu box as a prototype.
for those in the know, my nsca listening on 5667 and send_nsca is on the same ubuntu computer (localhost 127.0.0.1) . I've been reading and testing object definitions and service templates however I have been getting config errors when i try to access nagios web after modifications.
I hope to get clearer instructions on how I can create the service (directories/configurations) to process passive checks in Nagio3 for ubuntu.
There are a few things to consider, firstly that localhost is defined as a host and secondly that the check actually exists as it would for any other check but with a command that doesn't actually do anything, for example.. I've created a passiveservices.cfg file with services defined as follows:
define service{
use generic-service,service-pnp
host_name Server1,Server2
service_description Uptime
active_checks_enabled 1
passive_checks_enabled 1
check_command check_null
check_freshness 1
check_period none
}
define service{
use generic-service,service-pnp
host_name Server1,Server2
service_description Drive space
active_checks_enabled 1
passive_checks_enabled 1
check_command check_null
check_freshness 1
check_period none
Note that the check command is check_null, it's not actually doing anything.. and passive_checks_enabled is 1.
There are two lines within Nagios.cfg which you need to enable:
accept_passive_host_checks
accept_passive_service_checks
It's also a good idea to enable the following two lines aswell
check_service_freshness
check_host_freshness
If a server doesn't poll in after a set amount of time, it'll trigger a script (I trigger an email within my config)
Lastly, enable the following two lines:
log_external_commands
log_passive_checks
They'll help with debugging if this doesn't work. It writes out to /var/log/syslog on Ubuntu (well, it does on mine)..
Related
Services are up and running on the remote nodes. CLI execution returns OK, but in UI it returning CRITICAL with Status Information:'Return code of 7 is out of bounds'
nagios-xxxxxxxx:~# /usr/lib/nagios/plugins/check_tcp -H hostname -p <port> -w 5 -c 10 -t 60
TCP OK - 0.002 second response time on hostname port XXXXXXX|time=0.001642s;5.000000;10.000000;0.000000;60.000000
Can someone help me in fixing it?
Nagios log:
[XXXXXXX] Warning: Return code of 7 for check of service 'XXXXXXX' on host was out of bounds.
[XXXXXXX] Warning: Return code of 7 for check of service 'XXXXXXX' on host was out of bounds.
[XXXXXXX] Warning: Return code of 7 for check of service 'XXXXXXX' on host was out of bounds.
[XXXXXXX] Warning: Return code of 7 for check of service 'XXXXXXX' on host was out of bounds.
[XXXXXXX] Warning: Return code of 7 for check of service 'XXXXXXX' on host was out of bounds.
I fixed these issues.Actually issues are with duplicated service configs on nagios server: location:: /etc/nagios4/objects/services/
Cleard the duplcate service configs from the location and reloaded nagios service.
Issues cleared.
I reproduced this problem on my systems. I have 620 hosts, 7000 services.
When the number of services exceed 6189, all plugins become unusable with "Return code of 7 out of bounds", even if there are just /bin/true command.
The main solution is to set in nagios.cfg:
enable_environment_macros=0
I did not want to do this for a long time, because I have one of plugins which uses nagios ENV variables during building HTML e-mail for notifications.
But I found this solution for its running, you need to set manually necessary ENV for particular plugin in this way:
define command{
command_name notify-html-service
command_line NAGIOS_NOTIFICATIONTYPE='$NOTIFICATIONTYPE$' NAGIOS_SERVICEATTEMPT='$SERVICEATTEMPT$' NAGIOS_SERVICESTATE='$SERVICESTATE$' NAGIOS_CONTACTGROUPNAME='$CONTACTGROUPNAME$' NAGIOS_HOSTNAME='$HOSTNAME$' NAGIOS_SERVICEDESC='$SERVICEDESC$' NAGIOS_LONGSERVICEOUTPUT='$LONGSERVICEOUTPUT$' NAGIOS_HOSTADDRESS='$HOSTADDRESS$' NAGIOS_HOSTGROUPNAMES='$HOSTGROUPNAMES$' NAGIOS_HOSTALIAS='$HOSTALIAS$' NAGIOS_SERVICEOUTPUT='$SERVICEOUTPUT$' NAGIOS_LONGDATETIME='$LONGDATETIME$' NAGIOS_SERVICEDURATION='$SERVICEDURATION$' NAGIOS_NOTIFICATIONRECIPIENTS='$NOTIFICATIONRECIPIENTS$' NAGIOS_SERVICEGROUPALIAS='$SERVICEGROUPALIAS$' NAGIOS_HOSTALIAS='$HOSTALIAS$' NAGIOS_NOTIFICATIONAUTHOR='$NOTIFICATIONAUTHOR$' NAGIOS_NOTIFICATIONCOMMENT='$NOTIFICATIONCOMMENT$' NAGIOS_CONTACTEMAIL='$CONTACTEMAIL$' NAGIOS_SERVICEATTEMPT='$SERVICEATTEMPT$' /usr/bin/perl '$USER7$/send.notify' http://192.168.1.1/nagios 2>/tmp/send.log
}
define command{
command_name notify-html-host
command_line NAGIOS_NOTIFICATIONTYPE='$NOTIFICATIONTYPE$' NAGIOS_HOSTSTATE='$HOSTSTATE$' NAGIOS_CONTACTGROUPNAME='$CONTACTGROUPNAME$' NAGIOS_HOSTNAME='$HOSTNAME$' NAGIOS_HOSTADDRESS='$HOSTADDRESS$' NAGIOS_HOSTGROUPNAMES='$HOSTGROUPNAMES$' NAGIOS_HOSTALIAS='$HOSTALIAS$' NAGIOS_LONGDATETIME='$LONGDATETIME$' NAGIOS_NOTIFICATIONRECIPIENTS='$NOTIFICATIONRECIPIENTS$' NAGIOS_SERVICEGROUPALIAS='$SERVICEGROUPALIAS$' NAGIOS_LONGHOSTOUTPUT='$LONGHOSTOUTPUT$' NAGIOS_HOSTALIAS='$HOSTALIAS$' NAGIOS_HOSTOUTPUT='$HOSTOUTPUT$' NAGIOS_HOSTDURATION='$HOSTDURATION$' NAGIOS_NOTIFICATIONAUTHOR='$NOTIFICATIONAUTHOR$' NAGIOS_NOTIFICATIONCOMMENT='$NOTIFICATIONCOMMENT$' NAGIOS_CONTACTEMAIL='$CONTACTEMAIL$' NAGIOS_SERVICEATTEMPT='' /usr/bin/perl '$USER7$/send.notify' http://192.168.1.1/nagios 2>/tmp/send.log
}
This helped to me. At the beginning it was one command for both notifications, with different host/service ENV vars presetting by nagios:
define command{
command_name notify-html
command_line /usr/bin/perl $USER2$/send.notify http://192.168.1.1/nagios 2>/tmp/send.log
}
By the way, nagios documentation not recommends to set enable_environment_macros=1:
Enabling this is a very bad idea for anything but very small setups,
as it means plugins, notification scripts and eventhandlers may run
out of environment space. It will also cause a significant increase
in CPU- and memory usage and drastically reduce the number of checks
you can run.
PS/
My answer was edited, due to need to split notify-html command to notify-html-host and notify-html-service. I started to receive wrong host notifications due to errors with macros deffinitions (service macros are absent in host notification events), and I had to trace debug log of nagios and saw a lots of 'WARNING: An error occurred processing macro' messages.
Good Luck.
I had this exact same issue but it seems it was due to the number of services tied to a single Servicegroup. Once the Servicegroup had more than nine services reporting they would return:
[XXXXXXX] Warning: Return code of 7 for check of service 'XXXXXXX' on host was out of bounds.
I reorganized my services into a few separate Servicegroups and all the checks functioned normally again without any further adjustment.
On an Debian Wheezy updated server, I'm using the backports of the following packages :
Nagios : nagios3 (3.4.1-5~bpo7+1)
Munin : munin (2.0.25-1~bpo70+1)
And nsca (2.9.1-2) to trasmit data from Munin to Nagios in order to process alerts.
Nagios is working fine with the following configured Munin services :
# generic service template definition
define service{
name generic-munin-service ; The 'name' of this service template
use generic-service
check_command return-unknown!"No Data from passive check"
active_checks_enabled 0 ; Active service checks are disabled
passive_checks_enabled 1
parallelize_check 1
notifications_enabled 1
event_handler_enabled 1
is_volatile 1
notification_interval 120
notification_period 24x7
notification_options w,u,c,r
check_freshness 1
freshness_threshold 360
flap_detection_options n
max_check_attempts 2
register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL SERVICE, JUST A TEMPLATE!
;first_notification_delay 6 ; Delay first notification for false positives (will execute 2 checks : munin sends 1 check every 5 minutes)
}
define service {
hostgroup_name munin
service_description Disk latency per device :: Average latency for /dev/sda
use generic-munin-service
notification_interval 0 ; set > 0 if you want to be renotified
}
define service {
service_description Disk latency per device :: Average latency for /dev/sdb
use generic-munin-service
notification_interval 0 ; set > 0 if you want to be renotified
}
define service {
hostgroup_name munin
service_description Disk usage in percent
use generic-munin-service
notification_interval 0 ; set > 0 if you want to be renotified
}
define service {
hostgroup_name munin
service_description Inode usage in percent
use generic-munin-service
notification_interval 0 ; set > 0 if you want to be renotified
}
define service {
hostgroup_name munin
service_description File table usage
use generic-munin-service
notification_interval 0 ; set > 0 if you want to be renotified
}
But when I add further services which are available on all monitored hosts too, they will be labelled as UNKNOWN in Nagios:
define service {
hostgroup_name munin
service_description Memory usage
use generic-munin-service
notification_interval 0 ; set > 0 if you want to be renotified
}
define service {
hostgroup_name munin
service_description CPU usage
use generic-munin-service
notification_interval 0 ; set > 0 if you want to be renotified
}
I've already found out that depending on the munin plugin graph title format, Nagios may not understand the incoming data, that's why I've updated the packages on the server to the backports version of Wheezy, since Munin 2.0.7 should clean all titles.
I also tried to debug with a higher debug level, and the log shows :
[1434122043] SERVICE ALERT: HostIJZI4;Memory usage;UNKNOWN;HARD;2;INCONNU
But I may need your help for going further.
I suggest you to update your packages, Nagios Core is currently in 4.1.1 and you are using an older version.
They fixed a lot of things, maybe your issue is now patched : https://www.nagios.org/projects/nagios-core/history/4x/
At some point after a mariadb port update, she refused to listen on 3306 upon startup.
I made sure there were no skip-networking directives, and even tried adding one with "=OFF", which did nothing... but the odd thing was it had been working, and "I haven't changed anything".
Yet when I run:
/opt/local/lib/mariadb/bin/mysqladmin variables -u root -p | grep skip_networking
I see skip-networking as being ON.
My config has this:
[mysqld]
port = 3306
bind-address = 127.0.0.1
and no skip-networking setting at all.
Even passing the port and bind-address via command line will not make it listen.
After a grep of /opt/local/etc, it turns out there is a default config, and inside that there's a skip-networking directive:
cat /opt/local/etc/mariadb/macports-default.cnf
This was only picked up because after reading /etc/my.cnf, apparently the /opt/local/etc/mariadb/my.cnf file is also read. (I'd used /etc/my.cnf, never having edited the other, but something changed-- maybe I'd edited the default and it was overwritten with the update, though I don't remember doing so.)
Commenting out the include in /opt/local/etc/mariadb/my.cnf of the macports-default.cnf once again has her listening.
Pretty clear solution in retrospect I guess, but I was a bit stumped, as I swear "I changed nothing!"... Regardless-- For posterity, and key word searches!
I can't comment yet, but wanted to add:
If you have other versions of MySQL or mariaDB installed via MacPorts, be sure to check out their config files too because MariaDB reads them.
Locations:
/opt/local/etc/mysql${mysqlVersion}/my.cnf
/opt/local/etc/mariadb-${mariadbVersion}/my.cnf
I have mariadb-10.1-server installed. There are two configs:
/opt/local/etc/mariadb/my.cnf
/opt/local/etc/mariadb-${mariadbVersion}/my.cnf
Additionally, some info about default config files from MirandaDB documentation (this is not Macports specific):
/etc/my.cnf
/etc/mysql/my.cnf
my.cnf in the DEFAULT_SYSCONFDIR specified during the compilation
my.cnf in the path, specified in the environment variable MYSQL_HOME (if any) the file specified in --defaults-extra-file (if any)
user-home-dir/.my.cnf
Alternatively to commenting out the defaults file, the value can be overriden in the my.cnf:
[mysqld]
...
skip_networking=0
FreeBSD: network interface address: dhcp or static
Followup question now:
I've decided to go with looking at leases files: /var/db/dhclient.leases.. What does it tell me exactly? Existence of /var/db/dhclient.leases.em0 signifies em0 has address by DHCP? This file does not seem to go away with reboot.
You should read the manual page for dhclient. This will answer most of your questions. And if that fails, you can browse the source in /usr/src/sbin/dhclient.
Another possibility might be to to use devd(8). This is a daemon that can execulte a script or program if a certain event occurs. It can e.g. note when a network interface goes "up" or "down". From the default /etc/devd.conf (see also devd.conf(5)):
# Try to start dhclient on Ethernet-like interfaces when the link comes
# up. Only devices that are configured to support DHCP will actually
# run it. No link down rule exists because dhclient automatically exits
# when the link goes down.
#
notify 0 {
match "system" "IFNET";
match "type" "LINK_UP";
media-type "ethernet";
action "/etc/rc.d/dhclient quietstart $subsystem";
};
A client is supposed to remember a DHCP lease across reboots and is supposed to remember past leases on a particular network when requesting an address. Therefore, the file should not go away across boots.
We are trying to implement a software based on Moxa UC-7112-LX embedded computer (uClinux OS). We use Cinteron MC52i GSM modem (regular GPRS service) and standart pppd to connect to the Internet.
Everything seems to be fine, right after the connection. Ping utility is working, Socket functions in my program work normally too. However after some time ppp connection brokes in a very peculiar way. These are the symptoms of that situation:
When I call ping utility with some host name as parameter the system is able to resolve it's IP and starts sending ICMP packets but gets no response. I am trying different web resources names, so that the system cannot have their addresses cached or something. Whatever I choose, the system correctly resolves IP but can't get any ping responce.
connect() and write() functions in my application give no error return but when it comes to read() the function returns with errno set to ECONNRESET (Connection reset by peer). The program uses standard socket functions (TCP protocol)
the ppp link is shown as running (ifconfig ppp0)
So, the situation that I have is: the link is good enough to maintain DNS resolving service (UDP is working?) but NOT good enough to run TCP connection and receive ping echoes...
The situation does not appear all the time. Sometimes the system can work normally for days without any problem. Whenever the problem appears, simple reset solves everything.
I know that the system we use is quite exotic, and the situation described here may be connected with some buggy tcp stack or pppd implementation. Considering that the system is preconfigured by the manufacturer I don't have any options to rebuild/change the OS firmware.
Still I hope that someone have seen the similar situation on any linux-like system. Is there any way to test why DNS name resolving is working while the other network stuff does not? Is it possible to remove such connection state with some pppd settings?
Edit:
First of all, I'd like to address the possibility of local caching of the IP addresses. I don't have dig utility and I have no idea how to check which host gives the result to getaddrinfo(). Still I'm sure that the addresses are not cached cause I'm trying to ping totally random URLs. Also given the slow GPRS response time it is not necessary to have the time measuring utility to see that ping takes 1-2 seconds or more to resolve IP before starting sending out packets. Furthermore ncsd, BIND or any dns servers do not run locally on the machine. I understand that you may not see that as proof, but that's what I have given the utility set available on my system.
I'd like to give some additional information concerning the internet connection operation.
Normal connection state
The rc script at system load runs another script as background process:
sh /etc/connect &
The connect script is as follows:
#!/bin/sh
echo First connect attempt > /etc/ppp/conn.info
while true
do
date >> /etc/ppp/conn.info
pppd call mts
echo Reconnecting... >> /etc/ppp/conn.info
done
The reason that I've made a loop here is simple: the connection persists for several hours and after that it always breaks. Unfortunately my implementation of pppd does not support the logfile option (so I can't see why is it broken). persist does not seem to work either so I've come to the connect script above. The pppd options are:
/dev/ttyM0 115200 crtscts
connect 'chat -f /etc/ppp/peers/mts.chat'
noauth
user mts
password mts
noipdefault
usepeerdns
defaultroute
ifconfig ppp0 gives:
ppp0 Link encap:Point-Point Protocol
inet addr:172.22.22.109 P-t-P:192.168.254.254 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:34 errors:0 dropped:0 overruns:0 frame:0
TX packets:36 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:3130 (3.0 KiB) TX bytes:2250 (2.1 KiB)
And thats where it starts getting strange. Whenever I connect I'm getting different inet addr but P-t-p is always the same: 192.168.254.254. This is the same address that appears in default gateway entry, as given by netstat -rn:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.254.254 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.15.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.0.0 192.168.15.1 255.255.0.0 UG 0 0 0 eth0
0.0.0.0 192.168.254.254 0.0.0.0 UG 0 0 0 ppp0
route -Cevn is unavailable on my system, route gives the same info as above.
But I'm never able to ping the 192.168.254.254, not even when everything is working as intended: tcp connection, ping, DNS etc. Here is the result of traceroute:
traceroute to kernel.org (149.20.4.69), 30 hops max, 40 byte packets
1 172.16.4.210 (172.16.4.210) 528.765 ms 545.269 ms 616.67 ms
2 172.16.4.226 (172.16.4.226) 563.034 ms 526.176 ms 537.07 ms
3 10.250.85.161 (10.250.85.161) 572.805 ms 564.073 ms 556.766 ms
4 172.31.250.9 (172.31.250.9) 556.513 ms 563.383 ms 580.724 ms
5 172.31.250.10 (172.31.250.10) 518.15 ms 526.403 ms 537.574 ms
6 pub2.kernel.org (149.20.4.69) 538.058 ms 514.222 ms 538.575 ms
7 pub2.kernel.org (149.20.4.69) 537.531 ms 538.52 ms 537.556 ms
8 pub2.kernel.org (149.20.4.69) 568.695 ms 523.099 ms 570.983 ms
9 pub2.kernel.org (149.20.4.69) 526.511 ms 534.583 ms 537.994 ms
##### traceroute loops here - why?? #######
So, I can assume that 172.16.4.210 is peer's address. Such address is pingable in any case (see below). I have no idea why the structure of traceroute output is like this (packets come from internal network of ISP right to the destination, 'loop' at the destination address - it just should not be like this).
Also I would like to note that I can ping DNS server but traceroute does not go all the way up to it.
You may notice that there are eth0 and eth1 devices. They are irrelevant to the case. eth1 is not connected and eth0 is connected to lan without internet access.
Bad connection state
So, some time passes and the situation under question appears. I can't ping anything but DNS server (and peer, the address for which I get from traceroute result for the DNS) and cant communicate with remote host via tcp. DNS resolving is working
The network utilites give the same output as in normal state. I have the same unpingable peer (192.168.254.254 from ifconfig result), the routing table is the same:
# ifconfig ppp0
ppp0 Link encap:Point-Point Protocol
inet addr:172.22.22.109 P-t-P:192.168.254.254 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:297 errors:0 dropped:0 overruns:0 frame:0
TX packets:424 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:33706 (32.9 KiB) TX bytes:27451 (26.8 KiB)
# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.254.254 * 255.255.255.255 UH 0 0 0 ppp0
192.168.4.0 * 255.255.255.0 U 0 0 0 eth1
192.168.15.0 * 255.255.255.0 U 0 0 0 eth0
192.168.0.0 192.168.15.1 255.255.0.0 UG 0 0 0 eth0
default 192.168.254.254 0.0.0.0 UG 0 0 0 ppp0
Note that the original ppp connection (one which I used to provide the output from normal state) persisted. My /etc/connect script did not loop (there was no new record in a makeshift log the script makes).
Here goes the ping to DNS server:
# cat /etc/resolv.conf
#search moxa.com
nameserver 213.87.0.1
nameserver 213.87.1.1
# ping 213.87.0.1
PING 213.87.0.1 (213.87.0.1): 56 data bytes
64 bytes from 213.87.0.1: icmp_seq=0 ttl=59 time=559.8 ms
64 bytes from 213.87.0.1: icmp_seq=1 ttl=59 time=509.9 ms
64 bytes from 213.87.0.1: icmp_seq=2 ttl=59 time=559.8 ms
And traceroute:
# traceroute 213.87.0.1
traceroute to 213.87.0.1 (213.87.0.1), 30 hops max, 40 byte packets
1 172.16.4.210 (172.16.4.210) 542.449 ms 572.858 ms 595.681 ms
2 172.16.4.214 (172.16.4.214) 590.392 ms 565.887 ms 676.919 ms
3 * * *
4 217.8.237.62 (217.8.237.62) 603.1 ms 569.078 ms 553.723 ms
5 * * *
6 * * *
## and so on ###
*** lines may look like trouble but im getting the same traceroute for that DNS in normal situation
ping to 172.16.4.210 works fine as well.
Now to TCP. I've started a simple echo server on my PC and tried to connect via telnet to it (the actual ip address is not shown):
# telnet XXX.XXX.XXX.XXX 9060
Trying XXX.XXX.XXX.XXX(25635)...
Connected to XXX.XXX.XXX.XXX.
Escape character is '^]'.
aaabbbccc
Connection closed by foreign host.
So thats what happened here. Successfull connect() just like in my custom application is followed by Connection closed... when telnet called read(). The actual server did not receive any incoming connection. Why did 'connect()' return normally (it could not get the handshake response from the host!) is beyond my scope of knowledge.
Sure enough same telnet test works fine in normal state.
Note:
I did not publish this on serverfault cause of the embedded nature of my system. serverfault as far as I understand deals with more conventional systems (like x86s running 'normal' linux). I just hope that stackoverflow has more embedded experts who know such systems as my Moxa.
Q: How can I have DNS name resolving running while other protocols seem to be down?
A: Your local DNS resolver (bind is another possibility besides ncsd) might be caching the first response. dig will tell you where you are getting the response from:
[mpenning#Bucksnort ~]$ dig cisco.com
; <<>> DiG 9.6-ESV-R4 <<>> +all cisco.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22106
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;cisco.com. IN A
;; ANSWER SECTION:
cisco.com. 86367 IN A 198.133.219.25
;; AUTHORITY SECTION:
cisco.com. 86367 IN NS ns2.cisco.com.
cisco.com. 86367 IN NS ns1.cisco.com.
;; Query time: 1 msec <----------------------- 1msec is usually cached
;; SERVER: 127.0.0.1#53(127.0.0.1) <--------------- Answered by localhost
;; WHEN: Wed Dec 7 04:41:21 2011
;; MSG SIZE rcvd: 79
[mpenning#Bucksnort ~]$
If you are getting a very quick (low milliseconds) answer from 127.0.0.1, then it's very likely that you're getting a locally cached answer from a prior query of the same DNS name (and it's quite common for people to use caching DNS resolvers on a ppp connection to reduce connection time, as well as achieving a small load reduction on the ppp link).
If you suspect a cached answer, do a dig on some other DNS name to see whether it can resolve too.
If random DNS names continue resolution and you still cannot make a TCP connection to a certain host, this is worthy of noting when you edit the question after this investigation.
If random DNS names don't resolve, then this is indicative of something like the loss of your default route, or the ppp connection going down.
Other diagnostic information
If you find yourself in either of the last situations I described, you need to do some IP and ppp-level debugs before this can be isolated further. As someone mentioned, tcpdump is quite valuable at this point, but it sounds like you don't have it available.
I assume you are not making a TCP connection to the same IP address of your DNS server. There are many possibilities at this point... If you can still resolve random DNS names, but TCP connections are failing, it is possible that the problem you are seeing is on the other side of the ppp connection, that the kernel routing cache (which holds a little TCP state information like MSS) is getting messed up, you have too much packet loss for tcp, or any number of things.
Let's assume your topology is like this:
10.1.1.2/30 10.1.1.1/30
[ppp0] [pppX]
uCLinux----------------------AccessServer---->[To the reset of the network]
When you initiate your ppp connection, take note of your IP address and the address of your default gateway:
ip link show ppp0 # display the link status of your ppp0 intf (is it up?)
ip addr show ppp0 # display the IP address of your ppp0 interface
ip route show # display your routing table
route -Cevn # display the kernel's routing cache
Similar results can be found if you don't have the iproute2 package as part of your distro (iproute2 provides the ip utility):
ifconfig ppp0 # display link status and addresses on ppp0
netstat -rn # display routing table
route -Cevn # display kernel routing table
For those with the iproute2 utilities (which is almost everybody these days), ifconfig has been deprecated and replaced by the ip commands; however, if you have an older 2.2 or 2.4-based system you may still need to use ifconfig.
Troubleshooting steps:
When you start having the problem, first check whether you can ping the address of pppX on your access server.
If you can not ping the ip address of pppX on the other side, then it is highly unlikely your DNS is getting resolved by anything other than a cached response on your uCLinux machine.
If you can ping pppX, then try to ping the ip address of your TCP peer and the IP address of the DNS (if it is not on localhost). Unless there is a firewall involved, you must be able to ping it successfully for any of this to work.
If you can ping the ip address of pppX but you cannot ping your TCP peer's ip address, check your routing table to see whether your default route is still pointing out ppp0
If your default route points through ppp0, check whether you can still ping the ip address of the default route.
If you can ping your default route and you can ping the remote host that you're trying to connect to, check the kernel's routing cache for the IP address of the remote TCP host.... look for anything odd or suspicious
If you can ping the remote TCP host (and you need to do about 200 pings to be sure... tcp is sensitive to significant packet loss & GPRS is notoriously lossy), try making a successful telnet <remote_host> <remote_port>. If both are successful, then it's time to start looking inside your software for clues.
If you still can't untangle what is happening, please include the output of the aforementioned commands when you come back... as well as how you're starting the ppp connection.
Pings should never be part of an end-user application(see note), and no program should rely on ping to function. At best ping might tell us that a part of the TCP/IP stack was running on the remote. See my argument here.
What the OP describes as a problem doesn't seem to be a problem. All network connections fail, the resolver may or may not use the network, and ping isn't really helpful. I would guess that the OP can check that the modem is connected or not, and if it isn't connect again.
edit: Pseudo code
do until success
try
connect "foobar.com"
try
write data
read response
catch
not success
endtry
catch error
'modem down - reconnect
not success
end try
loop
Note: the exception would be if you are writing a network monitoring application for a networking person.