Mercurial Mercurial > hg > ius > nagios > nagios-plugin-dns-delegation / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
override works
authorheiko
Tue, 06 Jan 2015 22:40:18 +0100
changeset 15 bb7b3ae76cc8
parent 14 8da9e81acf82
child 16 6d401297850b
override works Now we read a override file (current default /etc/bind/zones.override) in case our own information about NS is not correct. Useful for these a.pending-verification.joker.com domains.
plugins/check_dns-delegation file | annotate | diff | comparison | revisions
t/10-minimal.t file | annotate | diff | comparison | revisions 
--- a/plugins/check_dns-delegation	Tue Jan 06 21:42:41 2015 +0100
+++ b/plugins/check_dns-delegation	Tue Jan 06 22:40:18 2015 +0100
@@ -71,6 +71,11 @@
     }
 }
 
+sub read_override {    # YEAH! :) black magic
+    local @ARGV = shift;
+    return map { (shift $_, $_) } grep { @$_ > 1 } map { [split] } map { s/#.*//r } <>;
+}
+
 # return a list of the zones known to the local
 # bind
 sub get_local_zones {
@@ -122,9 +127,12 @@
     ### assert: @_ % 2 == 0
     my %resflags = (nameservers => \@extns, @_);
     my $aa = delete $resflags{aa};
+    my $override = delete $resflags{override};
     my $nameservers = join ',' => @{$resflags{nameservers}};
     my @ns;
 
+    return sort @{$override->{$domain}} if exists $override->{$domain};
+
     my $r = Net::DNS::Resolver->new(%resflags);
     my $q;
 
@@ -165,10 +173,10 @@
 # CRITICAL - if the serial cannot be found at one of the sources
 
 sub ns_ok {
-    my ($domain, $reference) = @_;
+    my ($domain, $reference, $override) = @_;
 
     my (@errs, @ns);
-    my @our = eval { sort +ns($domain, nameservers => [$reference], aa => 1) };
+    my @our = eval { sort +ns($domain, nameservers => [$reference], aa => 1, override => $override) };
     push @errs, $@ if $@;
 
     my @their = eval { sort +ns($domain) };
@@ -181,7 +189,8 @@
     
     if ("@our" ne "@their") {
         local $" = ', ';
-        die "NS differ (our @our) vs (their @their)\n";
+        die sprintf "NS differ (%s @our) vs (public @their)\n",
+            $override->{$domain} ? 'override' : 'our';
     }
 
     @ns = uniq sort @our, @their;
@@ -206,11 +215,14 @@
     my @argv          = @_;
     my $opt_reference = '127.0.0.1';
     my $opt_progress  = -t;
+    my ($opt_override)= grep { -f } '/etc/bind/zones.override';
+                        
 
     GetOptionsFromArray(
         \@argv,
         'reference=s' => \$opt_reference,
         'progress!'   => \$opt_progress,
+        'override=s'  => \$opt_override,
         'h|help'      => sub { pod2usage(-verbose => 1, -exit => 0) },
         'm|man'       => sub {
             pod2usage(
@@ -223,12 +235,13 @@
       and @argv
       or pod2usage;
     my @domains = get_domains(@argv);
+    my %override = read_override($opt_override) if defined $opt_override;
 
     my (@OK, %CRITICAL);
     foreach my $domain (@domains) {
         print STDERR "$domain " if $opt_progress;
 
-        my @ns = eval { ns_ok($domain, $opt_reference) };
+        my @ns = eval { ns_ok($domain, $opt_reference, \%override) };
 	if ($@) { 
             $CRITICAL{$domain} = $@;
             say STDERR 'fail(ns)' if $opt_progress;
@@ -278,12 +291,20 @@
 
 Tell about the progress. (default: on if input is connected to a terminal)
 
-=item B<--additional>
+=item B<--override>=I<override file>
 
-Domains from this list are
+This file lists NS names for domains. Instead of trusting our own server
+we use the NS listed as the authoritive ones. This is primarly useful for
+some of these domains that are held on the "pending" servers of joker.
 
 =back
 
+=head2 Format
+
+ # comment
+ <domain> <ns> ... # comment
+
+
 =head1 PERMISSIONS
 
 No special permissions are necessary, except for the domain-list URL F<local:>, since
--- a/t/10-minimal.t	Tue Jan 06 21:42:41 2015 +0100
+++ b/t/10-minimal.t	Tue Jan 06 22:40:18 2015 +0100
@@ -12,10 +12,12 @@
 # kommentar
     a # more comment
     b
-    c
+    c ns1 ns2 # comment
+    d
 __
 $tmp->flush;
 
+
 sub dig_serial { (split " ", `dig +short SOA @_`)[2] }
 
 sub dig_ns {
@@ -30,6 +32,15 @@
 subtest 'tools' => sub {
     is_deeply [sort +uniq(qw(a b a c))], [qw(a b c)] => 'uniq helper';
 
+    # get_domains should read a list of names, either from a file
+    # or from the arguments, or from a combination of both
+    is_deeply [get_domains(qw(a b c))], [qw(a b c)] => 'domains from list';
+    is_deeply [get_domains("$tmp")],    [qw(a b c d)] => 'domains from file';
+    is_deeply [get_domains('a', "$tmp", 'z')],
+      [qw(a a b c d z)] => 'domains from args and file';
+
+    is_deeply {read_override("$tmp")}, { c => ['ns1', 'ns2'] }, 'override file';
+
     my %google = ( nameservers => [qw/8.8.8.8 8.8.4.4/]);
     my %level3 = ( nameservers => [qw/209.244.0.3 209.244.0.4/]);
 
@@ -58,12 +69,12 @@
 };
 
 
-# get_domains should read a list of names, either from a file
-# or from the arguments, or from a combination of both
-is_deeply [get_domains(qw(a b c))], [qw(a b c)] => 'domains from list';
-is_deeply [get_domains("$tmp")],    [qw(a b c)] => 'domains from file';
-is_deeply [get_domains('a', "$tmp", 'z')],
-  [qw(a a b c z)] => 'domains from args and file';
+my %override = (
+    'example.com' => [qw(ns1.foobar.de ns2.foobar.com)],
+);
+
+is_deeply [ns('example.com', nameservers => [qw/127.0.0.1/], override => \%override)],
+    $override{'example.com'} => 'override';
 
 for (qw(heise.de schlittermann.de google.com debian.org example.org)) {
ius/nagios/nagios-plugin-dns-delegation