diff -r 3ea8010e4fbc -r 112e7c316db9 bin/check_dns-delegation
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/bin/check_dns-delegation	Wed Jan 07 23:57:31 2015 +0100
@@ -0,0 +1,99 @@
+#! /usr/bin/perl
+# source: https://ssl.schlittermann.de/hg/ius/nagios/nagios-plugin-dns-serial
+# © 2014 Heiko Schlittermann <hs@schlittermann.de>
+use 5.014;
+use strict;
+use warnings;
+use Nagios::Check::DNS::delegation qw(main);
+
+exit main @ARGV unless caller;
+
+__END__
+
+=head1 NAME
+
+ check_dns-serial - check the dns serial number from multiple sources
+
+=head1 SYNOPSIS
+
+ check_dns-serial [options] DOMAINS
+
+=head1 DESCRIPTION
+
+B<check_dns-delegation> is designed as a Icinga/Nagios plugin to verify that
+all responsible NS know about the delegation.
+
+Each domain has to pass the following tests:
+
+=over
+
+=item The I<reference> server needs to be authoritive.
+
+=item The NS records known outside (checked with some public DNS service)
+need to match the NS records obtained from the reference server.
+
+=item The serial numbers obtained from the NS servers B<and> the
+reference server need to match. All servers need to be authoritive!
+
+=back
+
+The I<DOMAINS> are passed a a list in one of the following forms:
+
+=over
+
+=item I<domain>
+
+A plain domain name.
+
+=item B<file://>I<file>
+
+A file name containing the domains, line by line.
+
+=item B<local:>
+
+This item uses the output of C<named-checkconf -p> to get the list of
+master/slave zones. The 127.in-addr.arpa, 168.192.in-addr.arpa, and
+0.in-addr.arpa, and 127.in-addr.arpa zones are suppressed.
+
+The B<override> domains are added automatically (See opt B<override>).
+
+=back
+
+=cut
+
+
+=head1 OPTIONS
+
+=over
+
+=item B<--reference>=I<address>
+
+The address of the reference server for our own domains (default: 127.0.0.1)
+
+=item B<--progress>
+
+Tell about the progress. (default: on if input is connected to a terminal)
+
+=item B<--override>=I<override file>
+
+This file lists NS names for domains. Instead of trusting our own server
+we use the NS listed as the authoritive ones. This is primarly useful for
+some of these domains that are held on the "pending" servers of joker.
+
+=back
+
+=head2 Format
+
+ # comment
+ <domain> <ns> ... # comment
+
+
+=head1 PERMISSIONS
+
+No special permissions are necessary, except for the domain-list URL F<local:>, since
+the output of C<named-checkconf -p> is read. This may fail, depending on the configuration of 
+your bind.
+
+=cut
+
+# vim:sts=4 ts=8 sw=4 et: