3 # Copyright (c) 2010 Peter Palfrader <peter@palfrader.org>
5 # Permission is hereby granted, free of charge, to any person obtaining
6 # a copy of this software and associated documentation files (the
7 # "Software"), to deal in the Software without restriction, including
8 # without limitation the rights to use, copy, modify, merge, publish,
9 # distribute, sublicense, and/or sell copies of the Software, and to
10 # permit persons to whom the Software is furnished to do so, subject to
11 # the following conditions:
13 # The above copyright notice and this permission notice shall be
14 # included in all copies or substantial portions of the Software.
16 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18 # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19 # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20 # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21 # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
27 use Net::DNS::Resolver;
30 $SIG{'__DIE__'} = sub { print @_; exit 4; };
32 my $RES = Net::DNS::Resolver->new;
33 my $DLV = 'dlv.isc.org';
40 my $pkt = $RES->send($zone, $type);
41 return () unless $pkt;
42 return () unless $pkt->answer;
43 for my $rr ($pkt->answer) {
44 next unless ($rr->type eq $type);
45 next unless ($rr->name eq $zone);
47 # only handle KSKs, i.e. keys with the SEP flag set
48 next if ($type eq 'DNSKEY' && !($rr->is_sep));
50 push @result, $rr->keytag;
53 @result = sort {$a <=> $b} grep {!$unique{$_}++} @result;
59 return get_tag_generic($zone, 'DNSKEY');
63 return get_tag_generic($zone, 'DS');
68 return get_tag_generic($zone, 'DLV');
75 print $fd "Usage: $PROGRAM_NAME overview|check-dlv|check-ds zone [zone...]\n";
76 print $fd " $PROGRAM_NAME --dir <dir> overview|check-dlv|check-ds\n";
77 print $fd " $PROGRAM_NAME --help\n";
82 Getopt::Long::config('bundling');
84 '--help' => \$params->{'help'},
85 '--dir=s' => \$params->{'dir'},
86 '--dlv=s' => \$params->{'dlv'},
87 ) or usage(\*STDERR, 1);
88 usage(\*STDOUT, 0) if ($params->{'help'});
90 my $mode = shift @ARGV;
94 warn "--dir option ignored" if defined $params->{'dir'};
97 my $dir = $params->{'dir'};
98 usage(\*STDOUT, 0) unless (defined $dir);
100 chdir $dir or die "chdir $dir failed? $!\n";
101 opendir DIR, '.' or die ("Cannot opendir $dir\n");
102 for my $file (readdir DIR) {
103 next if ( -l "$file" );
104 next unless ( -f "$file" );
105 next if $file =~ /^(dsset|keyset)-/;
112 usage(\*STDOUT, 0) unless (defined $mode && $mode =~ /^(overview|check-dlv|check-ds)$/);
113 $DLV = $params->{'dlv'} if $params->{'dlv'};
116 for my $zone (@zones) {
117 $data{$zone} = { 'dnskey' => join(', ', get_dnskeytags($zone)),
118 'ds' => join(', ', get_dstags($zone)),
119 'dlv' => join(', ', get_dlvtags($zone)) };
122 if ($mode eq 'overview') {
123 my $format = "%30s %-16s %-16s %-16s\n";
124 printf $format, "zone", "DNSKEY", "DS in parent", "DLV";
125 printf $format, "-"x 30, "-"x 16, "-"x 16, "-"x 16;
126 for my $zone (sort {$a cmp $b} keys %data) {
127 printf $format, $zone,
128 $data{$zone}->{'dnskey'},
129 $data{$zone}->{'ds'},
130 $data{$zone}->{'dlv'};
133 } elsif ($mode eq 'check-dlv' || $mode eq 'check-ds') {
135 $key = 'dlv' if $mode eq 'check-dlv';
136 $key = 'ds' if $mode eq 'check-ds';
137 die ("key undefined") unless $key;
141 for my $zone (sort {$a cmp $b} keys %data) {
142 my $dnskey = $data{$zone}->{'dnskey'} || '-';
143 my $target = $data{$zone}->{$key} || '-';
145 if ($dnskey ne $target) {
146 push @warn, "$zone ($dnskey != $target)";
148 push @ok, "$zone ($dnskey)";
151 print "WARNING: ", join(", ", @warn), "\n" if (scalar @warn);
152 print "OK: ", join(", ", @ok), "\n" if (scalar @ok);
153 exit (1) if (scalar @warn);
156 die ("Invalid mode '$mode'\n");