3 # Copyright (c) 2010 Peter Palfrader <peter@palfrader.org>
5 # Permission is hereby granted, free of charge, to any person obtaining
6 # a copy of this software and associated documentation files (the
7 # "Software"), to deal in the Software without restriction, including
8 # without limitation the rights to use, copy, modify, merge, publish,
9 # distribute, sublicense, and/or sell copies of the Software, and to
10 # permit persons to whom the Software is furnished to do so, subject to
11 # the following conditions:
13 # The above copyright notice and this permission notice shall be
14 # included in all copies or substantial portions of the Software.
16 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18 # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19 # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20 # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21 # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
32 my $CHECK = $Bin.'/dsa-check-zone-rrsig-expiration';
43 unless (defined $unit) {
45 ($newticks, $unit) = $ticks =~ m/^(\d*)([smhdw]?)$/;
46 if (!defined $newticks) {
47 print STDERR "Warning: invalid timestring to convert '$ticks'\n";
53 if ($unit eq 's' || $unit eq '') { }
54 elsif ($unit eq 'm') { $ticks *= 60; }
55 elsif ($unit eq 'h') { $ticks *= 60*60; }
56 elsif ($unit eq 'd') { $ticks *= 60*60*24; }
57 elsif ($unit eq 'w') { $ticks *= 60*60*24*7; }
58 else { print STDERR "Warning: invalid unit '$unit'\n" }
62 my $USAGE = "Usage: $PROGRAM_NAME [--help] | [--warn=<nn>] [--critical=<nn>] [--geozonedir=<geodir>] <indir>\n";
63 my $params = { 'warn' => '14d', 'critical' => '7d' };
64 Getopt::Long::config('bundling');
66 '--help' => \$params->{'help'},
67 '--warn=s' => \$params->{'warn'},
68 '--critical=s' => \$params->{'critical'},
69 '--geozonedir=s' => \$params->{'geozonedir'},
71 if ($params->{'help'}) {
75 die ($USAGE) unless (scalar @ARGV == 1);
89 # load list of classic zones that will do DNSSEC
90 chdir $INDIR or die "chdir $INDIR failed? $!\n";
91 opendir INDIR, '.' or die ("Cannot opendir $INDIR\n");
92 for my $file (sort {$a cmp $b} (readdir INDIR)) {
93 next if ( -l "$file" );
94 next unless ( -f "$file" );
95 next if $file =~ /^(dsset|keyset)-/;
98 open(F, '<', $file) or die ("Cannot open $file: $!\n");
100 if (/^; wzf:\s*dnssec\s*=\s*1\s*$/) { $do_dnssec = 1; last; }
105 push @dnsseczones, $file;
107 push @{$count->{'unsigned'}}, $file;
112 # load list of geodns zones that will do DNSSEC
113 if (defined $params->{'geozonedir'}) {
114 chdir $params->{'geozonedir'} or die "chdir $params->{'geozonedir'} failed? $!\n";
115 opendir INDIR, '.' or die ("Cannot opendir $params->{'geozonedir'}\n");
116 for my $file (sort {$a cmp $b} (readdir INDIR)) {
117 next unless $file =~ /\.zone$/;
119 open (F, '<', $file) or die "Cannot open $file: $!\n";
120 my ($zc, undef, undef) = Load(join "", (<F>));
123 my $zone = basename($file, '.zone');
125 if ($zc->{'dnssec'}) {
126 push @dnsseczones, $zone;
128 push @{$count->{'unsigned'}}, $zone;
137 for my $zone (sort {$a cmp $b} @dnsseczones) {
139 open(P, '-|', ($CHECK, '-w', $params->{'warn'}, '-c', $params->{'critical'}, $zone)) or die ("Cannot run $CHECK for $zone\n");
142 $p[0] = $zone.': '. $p[0] if (scalar @p > 0);
145 my $res = $CHILD_ERROR >> 8;
146 if ($res == 0) { push @{$count->{'ok'}}, $zone; }
147 elsif ($res == 1) { push @{$count->{'warn'}}, $zone; }
148 elsif ($res == 2) { push @{$count->{'critical'}}, $zone; }
149 else { push @{$count->{'unknown'}}, $zone; };
153 my %state_mapping = (
159 for my $state (sort {$state_mapping{$b} <=> $state_mapping{$a}} keys %state_mapping) {
160 if (scalar @{$count->{$state}}) {
161 printf "%s: %d", uc($state), scalar @{$count->{$state}};
162 if ($state_mapping{$state} > 0) {
163 print ": ", join(', ', @{$count->{$state}});
166 $exit = $state_mapping{$state} unless defined $exit;
169 printf "unsigned: %d", scalar @{$count->{'unsigned'}};
171 print $_ for (@details);