Allow supplying the nameservers to start recursion at

dsa-check-zone-rrsig-expiration, dsa-check-zone-rrsig-expiration-many:
Allow supplying the nameservers to start recursion at (per zone).
This is useful for reverse zones of RFC1918 space.

diff --git a/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration b/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration
index 8ea5d51..a624426 100755 (executable)
--- a/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration
+++ b/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration
@@ -43,6 +43,8 @@
 # - do more than one zone
 # Copyright (c) 2012 Peter Palfrader <peter@palfrader.org>
 #  - add -s option to configure udp packet size.  default changed from 4k to 1k
+# Copyright (c) 2013 Peter Palfrader <peter@palfrader.org>
+#  - add -r option to override initial refs.
 
 
 # usage
@@ -92,7 +94,7 @@ sub convert_time {
 }
 
 my %opts = (t=>30, s=>1024);
-getopts('hdt:c:w:s:', \%opts);
+getopts('hdt:c:w:s:r:', \%opts);
 usage() unless scalar @ARGV == 1;
 usage() if $opts{h};
 my $zone = $ARGV[0];
@@ -121,6 +123,7 @@ k.root-servers.net
 l.root-servers.net
 m.root-servers.net
 );
+@refs = split(/\s*,\s*/, $opts{r}) if (defined $opts{r});
 
 $start = [gettimeofday()];
 do_recursion();

diff --git a/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration-many b/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration-many
index 1307847..c411e4e 100755 (executable)
--- a/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration-many
+++ b/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration-many
@@ -66,9 +66,13 @@ sub check_one {
 
        my $zone = shift;
        my $check = shift;
+       my $extra = shift;
        my $params = shift;
 
-       open(P, '-|', ($check, '-w', $params->{'warn'}, '-c', $params->{'critical'}, $zone)) or die ("Cannot run $CHECK for $zone\n");
+       my @cmd = ($check, '-w', $params->{'warn'}, '-c', $params->{'critical'});
+       push(@cmd, '-r', $extra->{'initial_refs'}) if exists $extra->{'initial_refs'};
+       push(@cmd, $zone);
+       open(P, '-|', @cmd) or die ("Cannot run $CHECK for $zone\n");
        my @p = <P>;
        close P;
        $p[0] = $zone.': '. $p[0] if (scalar @p > 0);
@@ -105,7 +109,7 @@ my $count =
        };
 
 
-my @dnsseczones;
+my %dnsseczones;
 # load list of classic zones that will do DNSSEC
 chdir $INDIR or die "chdir $INDIR failed? $!\n";
 opendir INDIR, '.' or die ("Cannot opendir $INDIR\n");
@@ -115,14 +119,18 @@ for my $file (sort {$a cmp $b} (readdir INDIR)) {
        next if $file =~ /^(dsset|keyset)-/;
 
        my $do_dnssec = 0;
+       my $initial_refs = undef;
        open(F, '<', $file) or die ("Cannot open $file: $!\n");
        for (<F>) {
-               if (/^; wzf:\s*dnssec\s*=\s*1\s*$/) { $do_dnssec = 1; last; }
+               if (/^; wzf:\s*dnssec\s*=\s*1\s*$/) { $do_dnssec = 1; }
+               if (/^; check-initial-refs\s*=\s*(.*?)\s*$/) { $initial_refs = $1; }
        };
        close F;
 
        if ($do_dnssec) {
-               push @dnsseczones, $file;
+               die "Duplicate zone $file?\n" if exists $dnsseczones{$file};
+               $dnsseczones{$file} = {};
+               $dnsseczones{$file}->{'initial_refs'} = $initial_refs if defined $initial_refs;
        } else {
                push @{$count->{'unsigned'}}, $file;
        };
@@ -143,7 +151,8 @@ if (defined $params->{'geozonedir'}) {
                my $zone = basename($file, '.zone');
 
                if ($zc->{'dnssec'}) {
-                       push @dnsseczones, $zone;
+                       die "Duplicate zone $zone?\n" if exists $dnsseczones{$zone};
+                       $dnsseczones{$zone} = {};
                } else {
                        push @{$count->{'unsigned'}}, $zone;
                };
@@ -154,10 +163,10 @@ if (defined $params->{'geozonedir'}) {
 my @details;
 
 my %threads;
-for my $zone (sort {$a cmp $b} @dnsseczones) {
+for my $zone (sort {$a cmp $b} keys %dnsseczones) {
        die "Duplicate zone $zone?\n"  if defined $threads{$zone};
        my $thr = threads->create({'context' => 'list'},
-                                 \&check_one, $zone, $CHECK, $params);
+                                 \&check_one, $zone, $CHECK, $dnsseczones{$zone}, $params);
        $threads{$zone} = $thr;
 }
 

diff --git a/dsa-nagios-checks/debian/changelog b/dsa-nagios-checks/debian/changelog
index 7a75f75..143420f 100644 (file)
--- a/dsa-nagios-checks/debian/changelog
+++ b/dsa-nagios-checks/debian/changelog
@@ -1,3 +1,11 @@
+dsa-nagios-checks (96) UNRELEASED; urgency=low
+
+  * dsa-check-zone-rrsig-expiration, dsa-check-zone-rrsig-expiration-many:
+    Allow supplying the nameservers to start recursion at (per zone).
+    This is useful for reverse zones of RFC1918 space.
+
+ -- Peter Palfrader <weasel@debian.org>  Tue, 23 Apr 2013 20:12:09 +0200
+
 dsa-nagios-checks (95) unstable; urgency=low
 
   * dsa-check-running-kernel: Try to fix zcat kernel case.