--- a/Build.PL Tue Jul 12 16:10:03 2016 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,42 +0,0 @@
-use 5.010;
-use strict;
-use warnings;
-use Module::Build;
-
-my $builder = Module::Build->new(
- dist_name => 'nagios-plugin-dns-delegation',
- dist_version_from => 'lib/Nagios/Check/DNS/delegation.pm',
- dist_abstract => 'nagios check for dns serial numbers',
-# PL_files => {
-# 'plugins/check_dns-delegation.PL' =>
-# 'nagios/plugins/ius/check_dns-delegation'
-# },
- checks_files => {
- 'bin/check_dns-delegation' =>
- 'nagios/plugins/ius/check_dns-delegation',
- },
- bin_scripts => [glob 'bin/*'],
- license => 'perl',
- requires => {
- perl => '5.14.2',
- 'Net::DNS' => '0.66',
- },
- test_requires => {
- 'Test::Exception' => '0.32',
- },
-);
-
-if (not defined $builder->install_path('nagios')) {
- my $base = do {
- if ($builder->installdirs eq 'vendor') { '/usr/lib' }
- elsif (defined $builder->install_base) { $builder->install_base }
- else { '/usr/local/lib' }
- };
- $builder->install_path(nagios => "$base/nagios");
-}
-
-$builder->bindoc_dirs([@{ $builder->bindoc_dirs }, 'blib/nagios/plugins/ius']);
-$builder->add_build_element('checks');
-
-# finally
-$builder->create_build_script;
--- a/MANIFEST Tue Jul 12 16:10:03 2016 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,7 +0,0 @@
-.hgignore
-bin/check_dns-delegation
-Build.PL
-lib/Nagios/Check/DNS/delegation.pm
-MANIFEST This list of files
-t/10-minimal.t
-t/20-serial-aa.t
--- a/MANIFEST.SKIP Tue Jul 12 16:10:03 2016 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,75 +0,0 @@
-
-#!start included /home/heiko/perl5/lib/perl5/ExtUtils/MANIFEST.SKIP
-# Avoid version control files.
-\bRCS\b
-\bCVS\b
-\bSCCS\b
-,v$
-\B\.svn\b
-\B\.git\b
-\B\.hg\b
-\B\.gitignore\b
-\b_darcs\b
-\B\.cvsignore$
-
-# Avoid VMS specific MakeMaker generated files
-\bDescrip.MMS$
-\bDESCRIP.MMS$
-\bdescrip.mms$
-
-# Avoid Makemaker generated and utility files.
-\bMANIFEST\.bak
-\bMakefile$
-\bblib/
-\bMakeMaker-\d
-\bpm_to_blib\.ts$
-\bpm_to_blib$
-\bblibdirs\.ts$ # 6.18 through 6.25 generated this
-
-# Avoid Module::Build generated and utility files.
-\bBuild$
-\b_build/
-\bBuild.bat$
-\bBuild.COM$
-\bBUILD.COM$
-\bbuild.com$
-
-# Avoid temp and backup files.
-~$
-\.old$
-\#$
-\b\.#
-\.bak$
-\.tmp$
-\.#
-\.rej$
-
-# Avoid OS-specific files/dirs
-# Mac OSX metadata
-\B\.DS_Store
-# Mac OSX SMB mount metadata files
-\B\._
-
-# Avoid Devel::Cover and Devel::CoverX::Covered files.
-\bcover_db\b
-\bcovered\b
-
-# Avoid MYMETA files
-^MYMETA\.
-#!end included /home/heiko/perl5/lib/perl5/ExtUtils/MANIFEST.SKIP
-
-# Avoid configuration metadata file
-^MYMETA\.
-
-# Avoid Module::Build generated and utility files.
-\bBuild$
-\bBuild.bat$
-\b_build
-\bBuild.COM$
-\bBUILD.COM$
-\bbuild.com$
-^MANIFEST\.SKIP
-
-# Avoid archives of this distribution
-\bnagios-plugin-dns-serial-[\d\.\_]+
-\bscratch\b
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/README Fri Jul 07 16:00:57 2017 +0200
@@ -0,0 +1,1 @@
+moved to git.schlittermann.de/ius/nagios-plugin-dns-delegation
--- a/bin/check_dns-delegation Tue Jul 12 16:10:03 2016 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,106 +0,0 @@
-#! /usr/bin/perl
-# source: https://ssl.schlittermann.de/hg/ius/nagios/nagios-plugin-dns-serial
-# © 2014 Heiko Schlittermann <hs@schlittermann.de>
-use 5.014;
-use strict;
-use warnings;
-use Nagios::Check::DNS::delegation qw(main);
-
-exit main @ARGV unless caller;
-
-__END__
-
-=head1 NAME
-
- check_dns-serial - check the dns serial number from multiple sources
-
-=head1 SYNOPSIS
-
- check_dns-serial [options] DOMAINS
-
-=head1 DESCRIPTION
-
-B<check_dns-delegation> is designed as a Icinga/Nagios plugin to verify that
-all responsible NS know about the delegation.
-
-Each domain has to pass the following tests:
-
-=over
-
-=item 1.
-
-The I<reference> server needs to be authoritive.
-
-=item 2.
-
-The NS records known outside (checked with some public DNS service)
-need to match the NS records obtained from the reference server.
-
-=item 3.
-
-The serial numbers obtained from the NS servers B<and> the
-reference server need to match. All servers need to be authoritive!
-
-=back
-
-The I<DOMAINS> are passed a a list in one of the following forms:
-
-=over
-
-=item I<domain>
-
-A plain domain name.
-
-=item B<file://>I<file>
-
-A file name containing the domains, line by line.
-
-=item B<local:>
-
-This item uses the output of C<named-checkconf -p> to get the list of
-master/slave zones. The 127.in-addr.arpa, 168.192.in-addr.arpa, and
-0.in-addr.arpa, and 127.in-addr.arpa zones are suppressed.
-
-The B<override> domains are added automatically (See opt B<override>).
-
-=back
-
-=cut
-
-
-=head1 OPTIONS
-
-=over
-
-=item B<--reference>=I<address>
-
-The address of the reference server for our own domains (default: 127.0.0.1)
-
-=item B<--progress>
-
-Tell about the progress. (default: on if input is connected to a terminal)
-
-=item B<--override>=I<override file>
-
-This file lists NS names for domains. Instead of trusting our own server
-we use the NS listed as the authoritive ones. This is primarly useful for
-some of these domains that are held on the "pending" servers of joker.
-(default: F</etc/check_dns-delegation/override>)
-
-=back
-
-=head2 Format of the override file
-
- # comment
- <domain> <ns> ... # comment
-
-
-=head1 PERMISSIONS
-
-No special permissions are necessary, except for the domain-list URL F<local:>, since
-the output of C<named-checkconf -p> is read. This may fail, depending on the configuration of
-your bind.
-
-=cut
-
-# vim:sts=4 ts=8 sw=4 et:
--- a/debian/README.Debian Tue Jul 12 16:10:03 2016 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,7 +0,0 @@
-nagios-plugin-dns-delegation for Debian
----------------------------------------
-
-This package is somewhat tailored fo use schlittermann internet & unix
-support
-
- -- Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> Mon, 19 Jan 2015 16:13:10 +0100
--- a/debian/README.source Tue Jul 12 16:10:03 2016 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,10 +0,0 @@
-nagios-plugin-dns-delegation for Debian
----------------------------------------
-
-<this file describes information about the source package, see Debian policy
-manual section 4.14. You WILL either need to modify or delete this file>
-
-
-
- -- Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> Mon, 19 Jan 2015 16:13:10 +0100
-
--- a/debian/changelog Tue Jul 12 16:10:03 2016 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,188 +0,0 @@
-nagios-plugin-dns-delegation (0.6) stable; urgency=medium
-
- * Fix nzf parser for comment lines
-
- -- Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> Tue, 12 Jul 2016 16:09:55 +0200
-
-nagios-plugin-dns-delegation (0.5) stable; urgency=medium
-
- * real fix for the postinst
-
- -- Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> Thu, 15 Oct 2015 15:09:02 +0200
-
-nagios-plugin-dns-delegation (0.4) stable; urgency=medium
-
- * fix postinst
-
- -- Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> Thu, 15 Oct 2015 15:01:02 +0200
-
-nagios-plugin-dns-delegation (0.3) stable; urgency=medium
-
- * added /etc/check_dns-delegation directory:
-
- -- Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> Thu, 22 Jan 2015 15:20:25 +0100
-
-nagios-plugin-dns-delegation (0.2) stable; urgency=medium
-
- * override file is now /etc/check_dns-delegation:
- * added postinst script to create the override file
-
- -- Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> Thu, 22 Jan 2015 15:05:40 +0100
-
-nagios-plugin-dns-delegation (0.1) stable; urgency=medium
-
- * intial framework:
- * works for NS check: Now we can compare the officially known name
- servers (from googles public NS service) with the name servers a
- reference system knows.
- * added manpage and help:
- * reference localhost: We use the local host as a reference for the
- domains in question.
- * added local: option for named-checkconf -p:
- * check for AA flag: Make sure that we compare the authoritive answers
- with the outside worlds view.
- * fix: skip subdomains of 168.192.in-addr.arpa:
- * Smart::Comments only if $ENV{DEBUG}:
- * complete error description:
- * working on pu for now.: Further testing expected.
- * more on caching of resolver objects:
- * serial is compared with reference server too:
- * updated doc:
- * more doc:
- * Serial needs have the aa flag set!:
- * override works: Now we read a override file (current default
- /etc/bind/zones.override) in case our own information about NS is
- not correct. Useful for these a.pending-verification.joker.com
- domains.
- * include the override domains and shuffle: The list of override
- domains is considered as part of the domains that need to be
- checked.
- * Include the override domains into local:: If local: is selected as
- source of domain names, the override file will be used as an
- additional source too.
- * zones.override automatically added to domainlist: If the local:
- domainlist is used, the domains containted in the override file are
- added automatically to the list of domains
- * [merged]:
- * moved the code to a perl module: Now the working parts are in
- Nagios::Check::DNS::delegation.pm. It's not a package. Just a
- detached module.
- * doc added:
- * Better message if there is no ns server known in public, but the
- domain:
- * added check for serial aa: Now we can ask the serial() to request aa
- answers.
- * check serial with overrides, not with local server:
- * local: read from nzf:
- * changed handling of overrides: No the overrides are considered to be
- our reference source
- * nzf does not contain quotations:
- * better matching for optional quotes:
- * updated manifest:
- * all the example files for later reference:
- * intial framework:
- * works for NS check: Now we can compare the officially known name
- servers (from googles public NS service) with the name servers a
- reference system knows.
- * added manpage and help:
- * reference localhost: We use the local host as a reference for the
- domains in question.
- * added local: option for named-checkconf -p:
- * check for AA flag: Make sure that we compare the authoritive answers
- with the outside worlds view.
- * fix: skip subdomains of 168.192.in-addr.arpa:
- * Smart::Comments only if $ENV{DEBUG}:
- * complete error description:
- * working on pu for now.: Further testing expected.
- * more on caching of resolver objects:
- * serial is compared with reference server too:
- * updated doc:
- * more doc:
- * Serial needs have the aa flag set!:
- * override works: Now we read a override file (current default
- /etc/bind/zones.override) in case our own information about NS is
- not correct. Useful for these a.pending-verification.joker.com
- domains.
- * include the override domains and shuffle: The list of override
- domains is considered as part of the domains that need to be
- checked.
- * Include the override domains into local:: If local: is selected as
- source of domain names, the override file will be used as an
- additional source too.
- * zones.override automatically added to domainlist: If the local:
- domainlist is used, the domains containted in the override file are
- added automatically to the list of domains
- * [merged]:
- * moved the code to a perl module: Now the working parts are in
- Nagios::Check::DNS::delegation.pm. It's not a package. Just a
- detached module.
- * doc added:
- * Better message if there is no ns server known in public, but the
- domain:
- * added check for serial aa: Now we can ask the serial() to request aa
- answers.
- * check serial with overrides, not with local server:
- * local: read from nzf:
- * changed handling of overrides: No the overrides are considered to be
- our reference source
- * nzf does not contain quotations:
- * better matching for optional quotes:
- * updated manifest:
- * all the example files for later reference:
- * intial framework:
- * works for NS check: Now we can compare the officially known name
- servers (from googles public NS service) with the name servers a
- reference system knows.
- * added manpage and help:
- * reference localhost: We use the local host as a reference for the
- domains in question.
- * added local: option for named-checkconf -p:
- * check for AA flag: Make sure that we compare the authoritive answers
- with the outside worlds view.
- * fix: skip subdomains of 168.192.in-addr.arpa:
- * Smart::Comments only if $ENV{DEBUG}:
- * complete error description:
- * working on pu for now.: Further testing expected.
- * more on caching of resolver objects:
- * serial is compared with reference server too:
- * updated doc:
- * more doc:
- * Serial needs have the aa flag set!:
- * override works: Now we read a override file (current default
- /etc/bind/zones.override) in case our own information about NS is
- not correct. Useful for these a.pending-verification.joker.com
- domains.
- * include the override domains and shuffle: The list of override
- domains is considered as part of the domains that need to be
- checked.
- * Include the override domains into local:: If local: is selected as
- source of domain names, the override file will be used as an
- additional source too.
- * zones.override automatically added to domainlist: If the local:
- domainlist is used, the domains containted in the override file are
- added automatically to the list of domains
- * [merged]:
- * moved the code to a perl module: Now the working parts are in
- Nagios::Check::DNS::delegation.pm. It's not a package. Just a
- detached module.
- * doc added:
- * Better message if there is no ns server known in public, but the
- domain:
- * added check for serial aa: Now we can ask the serial() to request aa
- answers.
- * check serial with overrides, not with local server:
- * local: read from nzf:
- * changed handling of overrides: No the overrides are considered to be
- our reference source
- * nzf does not contain quotations:
- * better matching for optional quotes:
- * updated manifest:
- * all the example files for later reference:
-
- -- Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> Wed, 21 Jan 2015 16:52:31 +0100
-
-nagios-plugin-dns-delegation (0.0) unstable; urgency=low
-
- * Initial release
-
- -- Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de> Mon, 19 Jan 2015 16:13:10 +0100
--- a/debian/compat Tue Jul 12 16:10:03 2016 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-9
--- a/debian/control Tue Jul 12 16:10:03 2016 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,17 +0,0 @@
-Source: nagios-plugin-dns-delegation
-Section: admin
-Priority: optional
-Maintainer: Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
-Build-Depends: debhelper (>= 9), dpkg-dev
-Standards-Version: 3.9.6
-Vcs-Browser: https://ssl.schlittermann.de/hg/ius/nagios/nagios-plugin-dns-delegation/default
-Homepage: http://schlittermann.de/
-#Vcs-Git: git://anonscm.debian.org/collab-maint/nagios-plugin-dns-delegation.git
-
-Package: nagios-plugin-dns-delegation
-Architecture: all
-Depends: ${misc:Depends}, ${perl:Depends}, libnet-dns-perl
-Description: nagios plugin check_dns-delegation
- This nagios plugin checks the consistency of the DNS delegation, it compares
- the public view with a (local) reference server and compares the serial
- numbers of the known nameservers.
--- a/debian/copyright Tue Jul 12 16:10:03 2016 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-Upstream-Name: nagios-plugin-dns-delegation
-Source: https://ssl.schlittermann.de/hg/ius/nagios/nagios-plugin-dns-delegation
-
-Files: *
-Copyright: 2015 Heiko Schlittermann (HS12-RIPE) <hs@schlittermann.de>
-License: GPL-2+
- This package is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
- .
- This package is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
- .
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>
- .
- On Debian systems, the complete text of the GNU General
- Public License version 2 can be found in "/usr/share/common-licenses/GPL-2".
--- a/debian/dirs Tue Jul 12 16:10:03 2016 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-/etc/check_dns-delegation
--- a/debian/postinst Tue Jul 12 16:10:03 2016 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,49 +0,0 @@
-#!/bin/sh
-# postinst script for nagios-plugin-dns-delegation
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-# * <postinst> `configure' <most-recently-configured-version>
-# * <old-postinst> `abort-upgrade' <new version>
-# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
-# <new-version>
-# * <postinst> `abort-remove'
-# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
-# <failed-install-package> <version> `removing'
-# <conflicting-package> <version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-
-case "$1" in
- configure)
- old=/etc/bind/zones.override
- new=/etc/check_dns-delegation/override
- if test -f $new; then
- :
- elif test -f $old; then
- mv $old $new
- else
- touch $new
- chmod a+r $new
- fi
- ;;
-
- abort-upgrade|abort-remove|abort-deconfigure)
- ;;
-
- *)
- echo "postinst called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
--- a/debian/rules Tue Jul 12 16:10:03 2016 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,34 +0,0 @@
-#!/usr/bin/make -f
-# See debhelper(7) (uncomment to enable)
-# output every command that modifies files on the build system.
-DH_VERBOSE = 1
-export PERL5LIB=
-export PERL_MM_OPT=
-export PERL_MB_OPT=
-
-# see EXAMPLES in dpkg-buildflags(1) and read /usr/share/dpkg/*
-DPKG_EXPORT_BUILDFLAGS = 1
-include /usr/share/dpkg/default.mk
-
-# see FEATURE AREAS in dpkg-buildflags(1)
-#export DEB_BUILD_MAINT_OPTIONS = hardening=+all
-
-# see ENVIRONMENT in dpkg-buildflags(1)
-# package maintainers to append CFLAGS
-#export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic
-# package maintainers to append LDFLAGS
-#export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
-
-
-# main packaging script based on dh7 syntax
-%:
- dh $@
-
-# debmake generated override targets
-# This is example for Cmake (See http://bugs.debian.org/641051 )
-#override_dh_auto_configure:
-# dh_auto_configure -- \
-# -DCMAKE_LIBRARY_PATH=$(DEB_HOST_MULTIARCH)
-
-override_dh_installchangelogs:
- dh_installchangelogs CHANGES
--- a/debian/source/options Tue Jul 12 16:10:03 2016 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,2 +0,0 @@
---extend-diff-ignore = "\b\.hg/"
---tar-ignore
--- a/lib/Nagios/Check/DNS/delegation.pm Tue Jul 12 16:10:03 2016 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,248 +0,0 @@
-use 5.014;
-use strict;
-use warnings;
-use Getopt::Long qw(GetOptionsFromArray);
-use Net::DNS;
-use Pod::Usage;
-use if $ENV{DEBUG} => 'Smart::Comments';
-use List::Util qw(shuffle);
-
-sub uniq { my %h; @h{@_} = (); return keys %h; }
-my @extns = qw(8.8.8.8 8.8.4.4);
-
-package Net::DNS::Resolver {
- use Storable qw(freeze);
- sub new {
- my $class = shift;
- state %cache;
- return $cache{freeze \@_} //= $class->SUPER::new(@_);
- }
-}
-
-sub read_override { # YEAH! :) black magic
- local @ARGV = shift;
- return map { (shift @$_, $_) } grep { @$_ > 1 } map { [split] } map { s/#.*//r } <>;
-}
-
-# return a list of the zones known to the local
-# bind
-sub get_local_zones {
- my @conf;
- open(my $z, '-|') or do {
- my $bind_directory;
- open(my $x, '-|', 'named-checkconf -p');
- while (<$x>) {
- /^\s*directory\s+"(.*)";/ and $bind_directory = $1;
- print;
- }
- if (defined $bind_directory) {
- local @ARGV = grep { -f } glob "$bind_directory/*nzf";
- print <> if @ARGV;
- }
- exit 0;
- };
- while (<$z>) {
- /^#/ and next; # comment
- state $line;
- s/^\s*(.*?)\s*$/$1 /;
- chomp($line .= $_); # continuation line
- if (/\A\}/) { # config item done
- $line =~ s/\s$//;
- push @conf, $line;
- $line = '';
- }
- }
- return grep {
- # FIXME: 172.0 .. 172.31 is missing
- not /\b(?:0|127|10|168\.192|255)\.in-addr\.arpa$/ and
- not /^localhost$/;
- } map { /zone\s"?(\S+?)"?\s/ } grep { /type (?:master|slave)/ } @conf;
-}
-
-sub get_domains {
- my %arg = @_;
- my @sources = @{ $arg{sources} };
- my @domains = ();
-
- foreach my $src (@sources) {
-
- if ($src =~ m{^(?:(/.*)|file://(/.*))}) {
- open(my $f, '<', $1) or die "$0: Can't open $1 for reading: $!\n";
- push @domains, map { /^\s*(\S+)\s*/ } grep { !/^\s*#/ } <$f>;
- next;
- }
-
- if ($src =~ m{^local:}) {
- push @domains, get_local_zones;
- push @domains, @{$arg{local}} if $arg{local};
- next;
- }
-
- push @domains, $src;
- }
-
- return @domains;
-}
-
-# return a list of "official" nameservers
-sub ns {
- my $domain = shift;
- ### assert: @_ % 2 == 0
- my %resflags = (nameservers => \@extns, @_);
- my $aa = delete $resflags{aa};
- my $nameservers = join ',' => @{$resflags{nameservers}};
- my @ns;
-
- my $r = Net::DNS::Resolver->new(%resflags);
- my $q;
-
- for (my $i = 3; $i; --$i) {
- $q = $r->query($domain, 'NS') and last;
- }
- die $r->errorstring . "\@$nameservers\n" if not $q;
-
- die "no aa(NS) \@$nameservers\n" if $aa and not $q->header->aa;
- push @ns, map { $_->nsdname } grep { $_->type eq 'NS' } $q->answer;
-
- return sort @ns;
-}
-
-sub serial {
- my $domain = shift;
- my %resflags = (nameservers => \@extns, @_);
- my $aa = delete $resflags{aa};
- my $nameservers = join ',' => @{$resflags{nameservers}};
-
- my $r = Net::DNS::Resolver->new(%resflags);
- my $q;
-
- for (my $i = 3; $i; --$i) {
- $q = $r->query($domain, 'SOA') and last;
- }
- die $r->errorstring, "\@$nameservers\n" if not $q;
- die "no aa(SOA) \@$nameservers\n" if $aa and not $q->header->aa;
-
- return (map { $_->serial } grep { $_->type eq 'SOA' } $q->answer)[0];
-}
-
-# - the nameservers known from the ns records
-# - from the primary master if this is not one of the
-# NS for the zone
-# - from a list of additional (hidden) servers
-#
-# OK - if the serial numbers are in sync
-# WARNING - if there is some difference
-# CRITICAL - if the serial cannot be found at one of the sources
-
-sub ns_ok {
- my ($domain, $references, $is_override) = @_;
-
- my (@errs, @ns);
- # obtain an authoritive list of nameservers from the reference server
- my @our = eval { sort +ns($domain, nameservers => $references, aa => 1) };
- if (chomp $@) {
- push @errs, $@;
- push @our, $@;
- }
-
- # obtain a list of nameservers from some public nameserver
- my @public = eval { sort +ns($domain) };
- if (chomp $@) {
- push @errs, $@;
- push @public, $@;
- }
-
- if (@errs or "@our" ne "@public") {
- local $" = ', ';
- die sprintf "NS differ (%s: @our) vs (public: @public)\n",
- $is_override ? 'override' : 'our';
-
- }
-
- @ns = uniq sort @our, @public;
- ### @ns
- return @ns;
-}
-
-sub serial_ok {
- my ($domain, $ns) = @_;
- my @serials = map { my $s = serial $domain, nameservers => [$_], aa => 1; "$s\@$_" } @$ns;
- ### @serials
-
- if (uniq(map { /(\d+)/ } @serials) != 1) {
- die "serials do not match: @serials\n";
- }
-
- $serials[0] =~ /(\d+)/;
- return $1;
-}
-
-sub main {
- my @argv = @_;
- my $opt_reference = '127.0.0.1';
- my $opt_progress = -t;
- my ($opt_override)= grep { -f } '/etc/check_dns-delegation/override';
-
-
- GetOptionsFromArray(
- \@argv,
- 'reference=s' => \$opt_reference,
- 'progress!' => \$opt_progress,
- 'override=s' => \$opt_override,
- 'h|help' => sub { pod2usage(-verbose => 1, -exit => 0) },
- 'm|man' => sub {
- pod2usage(
- -verbose => 2,
- -exit => 0,
- -noperldoc => system('perldoc -V 2>/dev/null 1>&2')
- );
- }
- )
- and @argv
- or pod2usage;
- my %override = read_override($opt_override) if defined $opt_override;
- my @domains = get_domains(sources => \@argv, local => [keys %override]);
-
- my (@OK, %CRITICAL);
- foreach my $domain (shuffle @domains) {
- state $all = @domains;
- state $i++;
- print STDERR "$domain ($i/$all) " if $opt_progress;
-
- my @ns = eval { ns_ok($domain, $override{$domain} ? $override{$domain} : [$opt_reference],
- $override{$domain}) };
- if ($@) {
- $CRITICAL{$domain} = $@;
- say STDERR 'fail(ns)' if $opt_progress;
- next;
- }
- print STDERR 'ok(ns) ' if $opt_progress;
-
- my @serial = eval { serial_ok($domain, [@ns, $override{$domain} ? () : $opt_reference]) };
- if ($@) {
- $CRITICAL{$domain} = $@;
- say STDERR 'fail(serial)' if $opt_progress;
- next;
- }
- say STDERR 'ok(serial)' if $opt_progress;
- push @OK, $domain;
-
- }
-
- # use DDP;
- # p @OK;
- # p %CRITICAL;
-
- if (my $n = keys %CRITICAL) {
- print "CRITICAL: $n of " . @domains . " domains\n",
- map { "$_: $CRITICAL{$_}" } sort keys %CRITICAL;
- return 2;
- }
-
- say 'OK: ' . @OK . ' domains checked';
- return 0;
-
-}
-
-1;
-# vim:sts=4 ts=8 sw=4 et:
--- a/t/10-minimal.t Tue Jul 12 16:10:03 2016 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,99 +0,0 @@
-#! perl
-use 5.014;
-use strict;
-use warnings;
-use Test::More;
-use File::Temp;
-use Test::Exception;
-use Storable qw(freeze);
-
-my $tmp = File::Temp->new;
-$tmp->print(<<__);
-# kommentar
- a # more comment
- b
- c ns1 ns2 # comment
- d
-__
-$tmp->flush;
-
-
-sub dig_serial { (split " ", `dig +short SOA @_`)[2] }
-sub dig_ns { sort map { /(\S+?)\.?$/ } `dig +short NS @_` }
-
-# we require it, it's not a normal module
-use blib;
-use_ok('Nagios::Check::DNS::delegation')
- or BAIL_OUT q{can't require the module};
-
-
-subtest 'tools' => sub {
- is_deeply [sort +uniq(qw(a b a c))], [qw(a b c)] => 'uniq helper';
-
- # get_domains should read a list of names, either from a file
- # or from the arguments, or from a combination of both
- is_deeply [get_domains(sources => [qw/a b c/])], [qw(a b c)] => 'domains from list';
- is_deeply [get_domains(sources => ["$tmp"])], [qw(a b c d)] => 'domains from file';
- is_deeply [get_domains(sources => ['a', "$tmp", 'z'])], [qw(a a b c d z)] => 'domains from args and file';
-
- is_deeply {read_override("$tmp")}, { c => ['ns1', 'ns2'] }, 'override file';
-
- my %google = ( nameservers => [qw/8.8.8.8 8.8.4.4/]);
- my %level3 = ( nameservers => [qw/209.244.0.3 209.244.0.4/]);
-
- my $r1a = Net::DNS::Resolver->new(%google);
- my $r1b = Net::DNS::Resolver->new(%google);
-
- my $r2a = Net::DNS::Resolver->new(%level3);
- my $r2b = Net::DNS::Resolver->new(%level3);
-
- is $r1a, $r1b => 'same google';
- is $r2a, $r2b => 'same level3';
- isnt $r1a, $r2a => 'not same google/level3';
-
- my (@a, @b);
- @a = qw[8.8.8.1];
- my $r3a = Net::DNS::Resolver->new(nameservers => \@a);
- @a = qw[8.8.4.2];
- my $r3b = Net::DNS::Resolver->new(nameservers => \@a);
- isnt $r3a, $r3b => 'same ref, but not same object';
-
- @b = @a;
- is freeze(\@a), freeze(\@b) => 'frozen lists';
- my $r3c = Net::DNS::Resolver->new(nameservers => \@b);
- is $r3b, $r3c => 'same servers, but not same ref';
-
-};
-
-
-
-for (qw(heise.de schlittermann.de google.com debian.org example.org)) {
-
- subtest $_ => sub {
-
- throws_ok { ns($_, nameservers => [qw/8.8.8.8/], aa => 1) }
- qr/no aa/ => 'not authoritive @8.8.8.8';
- is_deeply [ns($_)], [dig_ns($_)] => "ns \@default";
- is_deeply [ns($_, nameservers => [qw/8.8.4.4/])],
- [dig_ns('@8.8.4.4', $_)] => "ns \@8.8.4.4";
- is serial($_, nameservers => [qw/8.8.8.8/]),
- dig_serial('@8.8.8.8', $_) => 'serial';
- };
-
-}
-
-# ns for some domain we're not the master for, should be refused
-throws_ok { ns('example.org', nameservers => [qw/f.nic.de a.nic.de/]) }
-qr/^REFUSED/ => 'throws on refused query';
-throws_ok { ns('safasdfasdfrandomadsfefvddeas') }
-qr/^NXDOMAIN/ => 'throws on nx domain';
-
-ok ns_ok('schlittermann.de', ['212.80.235.130']) => 'ns_ok for schlittermann.de';
-throws_ok { ns_ok('heise.de', ['212.80.235.130']) } qr/no aa|differ|REFUSED/ => 'ns_ok for heise.de';
-throws_ok { ns_ok('heise.de', ['8.8.8.8']) } qr/no aa|differ|REFUSED/ => 'ns_ok for heise.de';
-
-# serial
-
-done_testing();
-
-# vim:sts=4 sw=4 ts=8:
--- a/t/20-serial-aa.t Tue Jul 12 16:10:03 2016 +0200
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,15 +0,0 @@
-#! perl
-use strict;
-use warnings;
-use Test::More;
-use Test::Exception;
-use Nagios::Check::DNS::delegation;
-
-throws_ok { serial('schlittermann.de',
- nameservers => [qw/8.8.8.8 8.8.4.4/], aa => 1) }
- qr/no aa/ => 'throws exception on no aa';
-
-ok serial('schlittermann.de', nameservers => [qw/212.80.235.130/])
- => 'aa for serial';
-
-done_testing;