# - do more than one zone
# Copyright (c) 2012 Peter Palfrader <peter@palfrader.org>
# - add -s option to configure udp packet size. default changed from 4k to 1k
+# Copyright (c) 2013 Peter Palfrader <peter@palfrader.org>
+# - add -r option to override initial refs.
# usage
}
my %opts = (t=>30, s=>1024);
-getopts('hdt:c:w:s:', \%opts);
+getopts('hdt:c:w:s:r:', \%opts);
usage() unless scalar @ARGV == 1;
usage() if $opts{h};
my $zone = $ARGV[0];
l.root-servers.net
m.root-servers.net
);
+@refs = split(/\s*,\s*/, $opts{r}) if (defined $opts{r});
$start = [gettimeofday()];
do_recursion();
my $zone = shift;
my $check = shift;
+ my $extra = shift;
my $params = shift;
- open(P, '-|', ($check, '-w', $params->{'warn'}, '-c', $params->{'critical'}, $zone)) or die ("Cannot run $CHECK for $zone\n");
+ my @cmd = ($check, '-w', $params->{'warn'}, '-c', $params->{'critical'});
+ push(@cmd, '-r', $extra->{'initial_refs'}) if exists $extra->{'initial_refs'};
+ push(@cmd, $zone);
+ open(P, '-|', @cmd) or die ("Cannot run $CHECK for $zone\n");
my @p = <P>;
close P;
$p[0] = $zone.': '. $p[0] if (scalar @p > 0);
};
-my @dnsseczones;
+my %dnsseczones;
# load list of classic zones that will do DNSSEC
chdir $INDIR or die "chdir $INDIR failed? $!\n";
opendir INDIR, '.' or die ("Cannot opendir $INDIR\n");
next if $file =~ /^(dsset|keyset)-/;
my $do_dnssec = 0;
+ my $initial_refs = undef;
open(F, '<', $file) or die ("Cannot open $file: $!\n");
for (<F>) {
- if (/^; wzf:\s*dnssec\s*=\s*1\s*$/) { $do_dnssec = 1; last; }
+ if (/^; wzf:\s*dnssec\s*=\s*1\s*$/) { $do_dnssec = 1; }
+ if (/^; check-initial-refs\s*=\s*(.*?)\s*$/) { $initial_refs = $1; }
};
close F;
if ($do_dnssec) {
- push @dnsseczones, $file;
+ die "Duplicate zone $file?\n" if exists $dnsseczones{$file};
+ $dnsseczones{$file} = {};
+ $dnsseczones{$file}->{'initial_refs'} = $initial_refs if defined $initial_refs;
} else {
push @{$count->{'unsigned'}}, $file;
};
my $zone = basename($file, '.zone');
if ($zc->{'dnssec'}) {
- push @dnsseczones, $zone;
+ die "Duplicate zone $zone?\n" if exists $dnsseczones{$zone};
+ $dnsseczones{$zone} = {};
} else {
push @{$count->{'unsigned'}}, $zone;
};
my @details;
my %threads;
-for my $zone (sort {$a cmp $b} @dnsseczones) {
+for my $zone (sort {$a cmp $b} keys %dnsseczones) {
die "Duplicate zone $zone?\n" if defined $threads{$zone};
my $thr = threads->create({'context' => 'list'},
- \&check_one, $zone, $CHECK, $params);
+ \&check_one, $zone, $CHECK, $dnsseczones{$zone}, $params);
$threads{$zone} = $thr;
}
+dsa-nagios-checks (96) UNRELEASED; urgency=low
+
+ * dsa-check-zone-rrsig-expiration, dsa-check-zone-rrsig-expiration-many:
+ Allow supplying the nameservers to start recursion at (per zone).
+ This is useful for reverse zones of RFC1918 space.
+
+ -- Peter Palfrader <weasel@debian.org> Tue, 23 Apr 2013 20:12:09 +0200
+
dsa-nagios-checks (95) unstable; urgency=low
* dsa-check-running-kernel: Try to fix zcat kernel case.