diff -r 3ea8010e4fbc -r 112e7c316db9 bin/check_dns-delegation --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/bin/check_dns-delegation Wed Jan 07 23:57:31 2015 +0100 @@ -0,0 +1,99 @@ +#! /usr/bin/perl +# source: https://ssl.schlittermann.de/hg/ius/nagios/nagios-plugin-dns-serial +# © 2014 Heiko Schlittermann +use 5.014; +use strict; +use warnings; +use Nagios::Check::DNS::delegation qw(main); + +exit main @ARGV unless caller; + +__END__ + +=head1 NAME + + check_dns-serial - check the dns serial number from multiple sources + +=head1 SYNOPSIS + + check_dns-serial [options] DOMAINS + +=head1 DESCRIPTION + +B is designed as a Icinga/Nagios plugin to verify that +all responsible NS know about the delegation. + +Each domain has to pass the following tests: + +=over + +=item The I server needs to be authoritive. + +=item The NS records known outside (checked with some public DNS service) +need to match the NS records obtained from the reference server. + +=item The serial numbers obtained from the NS servers B the +reference server need to match. All servers need to be authoritive! + +=back + +The I are passed a a list in one of the following forms: + +=over + +=item I + +A plain domain name. + +=item BI + +A file name containing the domains, line by line. + +=item B + +This item uses the output of C to get the list of +master/slave zones. The 127.in-addr.arpa, 168.192.in-addr.arpa, and +0.in-addr.arpa, and 127.in-addr.arpa zones are suppressed. + +The B domains are added automatically (See opt B). + +=back + +=cut + + +=head1 OPTIONS + +=over + +=item B<--reference>=I
+ +The address of the reference server for our own domains (default: 127.0.0.1) + +=item B<--progress> + +Tell about the progress. (default: on if input is connected to a terminal) + +=item B<--override>=I + +This file lists NS names for domains. Instead of trusting our own server +we use the NS listed as the authoritive ones. This is primarly useful for +some of these domains that are held on the "pending" servers of joker. + +=back + +=head2 Format + + # comment + ... # comment + + +=head1 PERMISSIONS + +No special permissions are necessary, except for the domain-list URL F, since +the output of C is read. This may fail, depending on the configuration of +your bind. + +=cut + +# vim:sts=4 ts=8 sw=4 et: