#! /usr/bin/perl
# source: https://ssl.schlittermann.de/hg/ius/nagios/nagios-plugin-dns-serial
# © 2014 Heiko Schlittermann <hs@schlittermann.de>
use 5.014;
use strict;
use warnings;
use Nagios::Check::DNS::delegation qw(main);

exit main @ARGV unless caller;

__END__

=head1 NAME

 check_dns-serial - check the dns serial number from multiple sources

=head1 SYNOPSIS

 check_dns-serial [options] DOMAINS

=head1 DESCRIPTION

B<check_dns-delegation> is designed as a Icinga/Nagios plugin to verify that
all responsible NS know about the delegation.

Each domain has to pass the following tests:

=over

=item 1.

The I<reference> server needs to be authoritive.

=item 2.

The NS records known outside (checked with some public DNS service)
need to match the NS records obtained from the reference server.

=item 3.

The serial numbers obtained from the NS servers B<and> the
reference server need to match. All servers need to be authoritive!

=back

The I<DOMAINS> are passed a a list in one of the following forms:

=over

=item I<domain>

A plain domain name.

=item B<file://>I<file>

A file name containing the domains, line by line.

=item B<local:>

This item uses the output of C<named-checkconf -p> to get the list of
master/slave zones. The 127.in-addr.arpa, 168.192.in-addr.arpa, and
0.in-addr.arpa, and 127.in-addr.arpa zones are suppressed.

The B<override> domains are added automatically (See opt B<override>).

=back

=cut


=head1 OPTIONS

=over

=item B<--reference>=I<address>

The address of the reference server for our own domains (default: 127.0.0.1)

=item B<--progress>

Tell about the progress. (default: on if input is connected to a terminal)

=item B<--override>=I<override file>

This file lists NS names for domains. Instead of trusting our own server
we use the NS listed as the authoritive ones. This is primarly useful for
some of these domains that are held on the "pending" servers of joker.

=back

=head2 Format of the override file

 # comment
 <domain> <ns> ... # comment


=head1 PERMISSIONS

No special permissions are necessary, except for the domain-list URL F<local:>, since
the output of C<named-checkconf -p> is read. This may fail, depending on the configuration of 
your bind.

=cut

# vim:sts=4 ts=8 sw=4 et:
