diff -r 8da9e81acf82 -r bb7b3ae76cc8 plugins/check_dns-delegation --- a/plugins/check_dns-delegation Tue Jan 06 21:42:41 2015 +0100 +++ b/plugins/check_dns-delegation Tue Jan 06 22:40:18 2015 +0100 @@ -71,6 +71,11 @@ } } +sub read_override { # YEAH! :) black magic + local @ARGV = shift; + return map { (shift $_, $_) } grep { @$_ > 1 } map { [split] } map { s/#.*//r } <>; +} + # return a list of the zones known to the local # bind sub get_local_zones { @@ -122,9 +127,12 @@ ### assert: @_ % 2 == 0 my %resflags = (nameservers => \@extns, @_); my $aa = delete $resflags{aa}; + my $override = delete $resflags{override}; my $nameservers = join ',' => @{$resflags{nameservers}}; my @ns; + return sort @{$override->{$domain}} if exists $override->{$domain}; + my $r = Net::DNS::Resolver->new(%resflags); my $q; @@ -165,10 +173,10 @@ # CRITICAL - if the serial cannot be found at one of the sources sub ns_ok { - my ($domain, $reference) = @_; + my ($domain, $reference, $override) = @_; my (@errs, @ns); - my @our = eval { sort +ns($domain, nameservers => [$reference], aa => 1) }; + my @our = eval { sort +ns($domain, nameservers => [$reference], aa => 1, override => $override) }; push @errs, $@ if $@; my @their = eval { sort +ns($domain) }; @@ -181,7 +189,8 @@ if ("@our" ne "@their") { local $" = ', '; - die "NS differ (our @our) vs (their @their)\n"; + die sprintf "NS differ (%s @our) vs (public @their)\n", + $override->{$domain} ? 'override' : 'our'; } @ns = uniq sort @our, @their; @@ -206,11 +215,14 @@ my @argv = @_; my $opt_reference = '127.0.0.1'; my $opt_progress = -t; + my ($opt_override)= grep { -f } '/etc/bind/zones.override'; + GetOptionsFromArray( \@argv, 'reference=s' => \$opt_reference, 'progress!' => \$opt_progress, + 'override=s' => \$opt_override, 'h|help' => sub { pod2usage(-verbose => 1, -exit => 0) }, 'm|man' => sub { pod2usage( @@ -223,12 +235,13 @@ and @argv or pod2usage; my @domains = get_domains(@argv); + my %override = read_override($opt_override) if defined $opt_override; my (@OK, %CRITICAL); foreach my $domain (@domains) { print STDERR "$domain " if $opt_progress; - my @ns = eval { ns_ok($domain, $opt_reference) }; + my @ns = eval { ns_ok($domain, $opt_reference, \%override) }; if ($@) { $CRITICAL{$domain} = $@; say STDERR 'fail(ns)' if $opt_progress; @@ -278,12 +291,20 @@ Tell about the progress. (default: on if input is connected to a terminal) -=item B<--additional> +=item B<--override>=I -Domains from this list are +This file lists NS names for domains. Instead of trusting our own server +we use the NS listed as the authoritive ones. This is primarly useful for +some of these domains that are held on the "pending" servers of joker. =back +=head2 Format + + # comment + ... # comment + + =head1 PERMISSIONS No special permissions are necessary, except for the domain-list URL F, since