projects
/
mirror
/
dsa-nagios.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Do not insist on being started as root, but use sudo to call megarc
[mirror/dsa-nagios.git]
/
dsa-nagios-checks
/
checks
/
dsa-check-dnssec-delegation
diff --git
a/dsa-nagios-checks/checks/dsa-check-dnssec-delegation
b/dsa-nagios-checks/checks/dsa-check-dnssec-delegation
index
513b098
..
5e25363
100755
(executable)
--- a/
dsa-nagios-checks/checks/dsa-check-dnssec-delegation
+++ b/
dsa-nagios-checks/checks/dsa-check-dnssec-delegation
@@
-31,12
+31,14
@@
$SIG{'__DIE__'} = sub { print @_; exit 4; };
my $RES = Net::DNS::Resolver->new;
my $DLV = 'dlv.isc.org';
my $RES = Net::DNS::Resolver->new;
my $DLV = 'dlv.isc.org';
+my $params;
sub get_tag_generic {
my $zone = shift;
my $type = shift;
my @result;
sub get_tag_generic {
my $zone = shift;
my $type = shift;
my @result;
+ print "Querying $type $zone\n" if $params->{'verbose'};
my $pkt = $RES->send($zone, $type);
return () unless $pkt;
return () unless $pkt->answer;
my $pkt = $RES->send($zone, $type);
return () unless $pkt;
return () unless $pkt->answer;
@@
-78,19
+80,18
@@
sub has_dnskey_parent {
$potential_parent = '.';
}
$potential_parent = '.';
}
+ print "Querying DNSKEY $potential_parent\n" if $params->{'verbose'};
my $pkt = $RES->send($potential_parent, 'DNSKEY');
return undef unless $pkt;
return undef unless $pkt->header;
my $pkt = $RES->send($potential_parent, 'DNSKEY');
return undef unless $pkt;
return undef unless $pkt->header;
- # try to find the zone start
unless ($pkt->answer) {
unless ($pkt->answer) {
- #print "Looking for zone apex\n";
return undef unless $pkt->authority;
for my $rr ($pkt->authority) {
next unless ($rr->type eq 'SOA');
$potential_parent = $rr->name;
return undef unless $pkt->authority;
for my $rr ($pkt->authority) {
next unless ($rr->type eq 'SOA');
$potential_parent = $rr->name;
-
#print "Found it at $potential_parent\n"
;
+
print "Querying DNSKEY $potential_parent\n" if $params->{'verbose'}
;
$pkt = $RES->send($potential_parent, 'DNSKEY');
return undef unless $pkt;
last;
$pkt = $RES->send($potential_parent, 'DNSKEY');
return undef unless $pkt;
last;
@@
-112,7
+113,7
@@
sub get_parent_dnssec_status {
last unless defined $status;
push @result, ($status ? "yes" : "no") . ("($parent)");
$zone = $parent;
last unless defined $status;
push @result, ($status ? "yes" : "no") . ("($parent)");
$zone = $parent;
- last if $zone eq "";
+ last if $zone eq ""
|| $zone eq '.'
;
};
return join(', ', @result);
};
return join(', ', @result);
@@
-148,12
+149,12
@@
sub what_to_check {
return @keys;
}
return @keys;
}
-my $params;
Getopt::Long::config('bundling');
GetOptions (
'--help' => \$params->{'help'},
'--dir=s' => \$params->{'dir'},
'--dlv=s' => \$params->{'dlv'},
Getopt::Long::config('bundling');
GetOptions (
'--help' => \$params->{'help'},
'--dir=s' => \$params->{'dir'},
'--dlv=s' => \$params->{'dlv'},
+ '--verbose' => \$params->{'verbose'},
) or usage(\*STDERR, 1);
usage(\*STDOUT, 0) if ($params->{'help'});
) or usage(\*STDERR, 1);
usage(\*STDOUT, 0) if ($params->{'help'});
@@
-185,15
+186,16
@@
if (scalar @ARGV) {
$DLV = $params->{'dlv'} if $params->{'dlv'};
$DLV = $params->{'dlv'} if $params->{'dlv'};
-my %data;
-for my $zone (@zones) {
- $data{$zone} = { 'dnskey' => join(', ', get_dnskeytags($zone)),
- 'ds' => join(', ', get_dstags($zone)),
- 'dlv' => join(', ', get_dlvtags($zone)),
- 'parent_dnssec' => get_parent_dnssec_status($zone) };
-}
if ($mode eq 'overview') {
if ($mode eq 'overview') {
+ my %data;
+ for my $zone (@zones) {
+ $data{$zone} = { 'dnskey' => join(', ', get_dnskeytags($zone)),
+ 'ds' => join(', ', get_dstags($zone)),
+ 'dlv' => join(', ', get_dlvtags($zone)),
+ 'parent_dnssec' => get_parent_dnssec_status($zone) };
+ }
+
my $format = "%60s %-10s %-10s %-10s %-10s\n";
printf $format, "zone", "DNSKEY", "DS\@parent", "DLV", "dnssec\@parent";
printf $format, "-"x 60, "-"x 10, "-"x 10, "-"x 10, "-"x 10;
my $format = "%60s %-10s %-10s %-10s %-10s\n";
printf $format, "zone", "DNSKEY", "DS\@parent", "DLV", "dnssec\@parent";
printf $format, "-"x 60, "-"x 10, "-"x 10, "-"x 10, "-"x 10;
@@
-214,15
+216,15
@@
if ($mode eq 'overview') {
my @warn;
my @ok;
my @warn;
my @ok;
- for my $zone (sort {$a cmp $b}
keys %data
) {
+ for my $zone (sort {$a cmp $b}
@zones
) {
my @thiskeys = $key eq 'per-zone' ? what_to_check($zone, $params->{'dir'}) : ($key);
my @thiskeys = $key eq 'per-zone' ? what_to_check($zone, $params->{'dir'}) : ($key);
+ my $dnskey = join(', ', get_dnskeytags($zone)) || '-';
for my $thiskey (@thiskeys) {
for my $thiskey (@thiskeys) {
- my $dnskey = $data{$zone}->{'dnskey'} || '-';
- my $target = $data{$zone}->{$thiskey} || '-';
+ my $target = join(', ', $thiskey eq 'ds' ? get_dstags($zone) : get_dlvtags($zone)) || '-';
if ($dnskey ne $target) {
if ($dnskey ne $target) {
- push @warn, "$zone (
$dnskey != $target
)";
+ push @warn, "$zone (
[$dnskey] != [$target]
)";
} else {
push @ok, "$zone ($dnskey)";
};
} else {
push @ok, "$zone ($dnskey)";
};