1 #! /usr/bin/perl

     2 # source: https://ssl.schlittermann.de/hg/ius/nagios/nagios-plugin-dns-serial

     3 # © 2014 Heiko Schlittermann <hs@schlittermann.de>

     4 use 5.014;

     5 use strict;

     6 use warnings;

     7 use Nagios::Check::DNS::delegation qw(main);

     8 

     9 exit main @ARGV unless caller;

    10 

    11 __END__

    12 

    13 =head1 NAME

    14 

    15  check_dns-serial - check the dns serial number from multiple sources

    16 

    17 =head1 SYNOPSIS

    18 

    19  check_dns-serial [options] DOMAINS

    20 

    21 =head1 DESCRIPTION

    22 

    23 B<check_dns-delegation> is designed as a Icinga/Nagios plugin to verify that

    24 all responsible NS know about the delegation.

    25 

    26 Each domain has to pass the following tests:

    27 

    28 =over

    29 

    30 =item The I<reference> server needs to be authoritive.

    31 

    32 =item The NS records known outside (checked with some public DNS service)

    33 need to match the NS records obtained from the reference server.

    34 

    35 =item The serial numbers obtained from the NS servers B<and> the

    36 reference server need to match. All servers need to be authoritive!

    37 

    38 =back

    39 

    40 The I<DOMAINS> are passed a a list in one of the following forms:

    41 

    42 =over

    43 

    44 =item I<domain>

    45 

    46 A plain domain name.

    47 

    48 =item B<file://>I<file>

    49 

    50 A file name containing the domains, line by line.

    51 

    52 =item B<local:>

    53 

    54 This item uses the output of C<named-checkconf -p> to get the list of

    55 master/slave zones. The 127.in-addr.arpa, 168.192.in-addr.arpa, and

    56 0.in-addr.arpa, and 127.in-addr.arpa zones are suppressed.

    57 

    58 The B<override> domains are added automatically (See opt B<override>).

    59 

    60 =back

    61 

    62 =cut

    63 

    64 

    65 =head1 OPTIONS

    66 

    67 =over

    68 

    69 =item B<--reference>=I<address>

    70 

    71 The address of the reference server for our own domains (default: 127.0.0.1)

    72 

    73 =item B<--progress>

    74 

    75 Tell about the progress. (default: on if input is connected to a terminal)

    76 

    77 =item B<--override>=I<override file>

    78 

    79 This file lists NS names for domains. Instead of trusting our own server

    80 we use the NS listed as the authoritive ones. This is primarly useful for

    81 some of these domains that are held on the "pending" servers of joker.

    82 

    83 =back

    84 

    85 =head2 Format

    86 

    87  # comment

    88  <domain> <ns> ... # comment

    89 

    90 

    91 =head1 PERMISSIONS

    92 

    93 No special permissions are necessary, except for the domain-list URL F<local:>, since

    94 the output of C<named-checkconf -p> is read. This may fail, depending on the configuration of 

    95 your bind.

    96 

    97 =cut

    98 

    99 # vim:sts=4 ts=8 sw=4 et: