X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=dsa-nagios-checks%2Fchecks%2Fdsa-check-zone-rrsig-expiration;h=1b54970d76c79918c1c66af97217d5ba18aa059b;hb=3722e31f9385e9a1edad92073167c7122dbcfcb9;hp=32dcbe22ef1cd5cfe517da35e55a77021766926d;hpb=ce00e595d94da9ff5712afa072fbde2537029803;p=mirror%2Fdsa-nagios.git

diff --git a/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration b/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration
index 32dcbe2..1b54970 100755
--- a/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration
+++ b/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration
@@ -45,6 +45,8 @@
 #  - add -s option to configure udp packet size.  default changed from 4k to 1k
 # Copyright (c) 2013 Peter Palfrader <peter@palfrader.org>
 #  - add -r option to override initial refs.
+# Copyright (c) 2014 Peter Palfrader <peter@palfrader.org>
+#  - Do not ask for RRSIG directly, instead ask for SOA with dnssec data
 
 
 # usage
@@ -137,28 +139,28 @@ sub do_recursion {
 	do {
 		print STDERR "\nRECURSE\n" if $opts{d};
 		my $pkt;
-		my $prettyrefs = (scalar @refs) ? join(", ", @refs) : "root servers";
+		my $prettyrefs = (scalar @refs) ? join(", ", @refs) : "empty set(!?)";
 		foreach my $ns (shuffle @refs) {
-			print STDERR "sending query for $zone SOA to $ns\n" if $opts{d};
+			print STDERR "sending query for $zone NS to $ns\n" if $opts{d};
 			$res->nameserver($ns);
 			$res->udp_timeout($opts{t});
 			$res->udppacketsize($opts{s});
-			$pkt = $res->send($zone, 'SOA');
+			$pkt = $res->send($zone, 'NS');
 			last if $pkt;
 		}
-		print STDERR "No response to seed query for $zone SOA from $prettyrefs, retrying.\n" if $opts{d};
 		critical("No response to seed query for $zone from $prettyrefs.") unless $pkt;
 		critical($pkt->header->rcode . " from " . $pkt->answerfrom)
 			unless ($pkt->header->rcode eq 'NOERROR');
 		@refs = ();
-		foreach my $rr ($pkt->authority) {
+		foreach my $rr ($pkt->authority, $pkt->answer) {
 			print STDERR $rr->string, "\n" if $opts{d};
 			push (@refs, $rr->nsdname) if $rr->type eq 'NS';
 			next unless lc($rr->name) eq lc($zone);
 			add_nslist_to_data($pkt);
+			#print STDERR "Adding for $zone: ", $pkt->string, "\n" if $opts{d};
 			$done = 1;
 		}
-		critical("No new references after querying for $zone SOA from $prettyrefs.  Packet was ".$pkt->string) unless (scalar @refs);
+		critical("No new references after querying for $zone NS from $prettyrefs.  Packet was ".$pkt->string) unless (scalar @refs);
 	} while (! $done);
 }
 
@@ -277,7 +279,7 @@ sub output {
 }
 
 sub usage {
-	print STDERR "usage: $0 [-d] [-w=<warn>] [-c=<crit>] [-t=<timeout>] <zone>\n";
+	print STDERR "usage: $0 [-d] [-w=<warn>] [-c=<crit>] [-t=<timeout>] [-r=<initialns1>[,<initialns2>[,..]]] [-s=<packet-size>] <zone>\n";
 	exit 3;
 }
 
@@ -288,7 +290,6 @@ sub send_query {
 	my $res = Net::DNS::Resolver->new;
 	$res->nameserver($server) if $server;
 	$res->udp_timeout($opts{t});
-	$res->udp_timeout($opts{t});
 	$res->dnssec(1);
 	$res->retry(2);
 	$res->udppacketsize($opts{s});
@@ -304,11 +305,11 @@ sub send_query {
 sub get_nslist {
 	my $pkt = shift;
 	return () unless $pkt;
-	return () unless $pkt->authority;
+	return () if (!$pkt->authority && !$pkt->answer);
 	my @nslist;
-	foreach my $rr ($pkt->authority) {
+	foreach my $rr ($pkt->authority, $pkt->answer) {
 		next unless ($rr->type eq 'NS');
-		next unless ($rr->name eq $zone);
+		next unless lc($rr->name) eq lc($zone);
 		push(@nslist, lc($rr->nsdname));
 	}
 	return @nslist;