1 #! /usr/bin/perl

     2 # source: https://ssl.schlittermann.de/hg/ius/nagios/nagios-plugin-dns-serial

     3 # © 2014 Heiko Schlittermann <hs@schlittermann.de>

     4 use 5.014;

     5 use strict;

     6 use warnings;

     7 use Nagios::Check::DNS::delegation qw(main);

     8 

     9 exit main @ARGV unless caller;

    10 

    11 __END__

    12 

    13 =head1 NAME

    14 

    15  check_dns-serial - check the dns serial number from multiple sources

    16 

    17 =head1 SYNOPSIS

    18 

    19  check_dns-serial [options] DOMAINS

    20 

    21 =head1 DESCRIPTION

    22 

    23 B<check_dns-delegation> is designed as a Icinga/Nagios plugin to verify that

    24 all responsible NS know about the delegation.

    25 

    26 Each domain has to pass the following tests:

    27 

    28 =over

    29 

    30 =item 1.

    31 

    32 The I<reference> server needs to be authoritive.

    33 

    34 =item 2.

    35 

    36 The NS records known outside (checked with some public DNS service)

    37 need to match the NS records obtained from the reference server.

    38 

    39 =item 3.

    40 

    41 The serial numbers obtained from the NS servers B<and> the

    42 reference server need to match. All servers need to be authoritive!

    43 

    44 =back

    45 

    46 The I<DOMAINS> are passed a a list in one of the following forms:

    47 

    48 =over

    49 

    50 =item I<domain>

    51 

    52 A plain domain name.

    53 

    54 =item B<file://>I<file>

    55 

    56 A file name containing the domains, line by line.

    57 

    58 =item B<local:>

    59 

    60 This item uses the output of C<named-checkconf -p> to get the list of

    61 master/slave zones. The 127.in-addr.arpa, 168.192.in-addr.arpa, and

    62 0.in-addr.arpa, and 127.in-addr.arpa zones are suppressed.

    63 

    64 The B<override> domains are added automatically (See opt B<override>).

    65 

    66 =back

    67 

    68 =cut

    69 

    70 

    71 =head1 OPTIONS

    72 

    73 =over

    74 

    75 =item B<--reference>=I<address>

    76 

    77 The address of the reference server for our own domains (default: 127.0.0.1)

    78 

    79 =item B<--progress>

    80 

    81 Tell about the progress. (default: on if input is connected to a terminal)

    82 

    83 =item B<--override>=I<override file>

    84 

    85 This file lists NS names for domains. Instead of trusting our own server

    86 we use the NS listed as the authoritive ones. This is primarly useful for

    87 some of these domains that are held on the "pending" servers of joker.

    88 (default: F</etc/check_dns-delegation/override>)

    89 

    90 =back

    91 

    92 =head2 Format of the override file

    93 

    94  # comment

    95  <domain> <ns> ... # comment

    96 

    97 

    98 =head1 PERMISSIONS

    99 

   100 No special permissions are necessary, except for the domain-list URL F<local:>, since

   101 the output of C<named-checkconf -p> is read. This may fail, depending on the configuration of 

   102 your bind.

   103 

   104 =cut

   105 

   106 # vim:sts=4 ts=8 sw=4 et: