dsa-check-zone-rrsig-expiration: Handle cases where a child and parent domain share...

diff --git a/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration b/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration
index e6a7b7f..3d5d584 100755 (executable)
--- a/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration
+++ b/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration
@@ -141,26 +141,26 @@ sub do_recursion {
                my $pkt;
                my $prettyrefs = (scalar @refs) ? join(", ", @refs) : "empty set(!?)";
                foreach my $ns (shuffle @refs) {
-                       print STDERR "sending query for $zone SOA to $ns\n" if $opts{d};
+                       print STDERR "sending query for $zone NS to $ns\n" if $opts{d};
                        $res->nameserver($ns);
                        $res->udp_timeout($opts{t});
                        $res->udppacketsize($opts{s});
-                       $pkt = $res->send($zone, 'SOA');
+                       $pkt = $res->send($zone, 'NS');
                        last if $pkt;
                }
-               print STDERR "No response to seed query for $zone SOA from $prettyrefs.\n" if $opts{d};
                critical("No response to seed query for $zone from $prettyrefs.") unless $pkt;
                critical($pkt->header->rcode . " from " . $pkt->answerfrom)
                        unless ($pkt->header->rcode eq 'NOERROR');
                @refs = ();
-               foreach my $rr ($pkt->authority) {
+               foreach my $rr ($pkt->authority, $pkt->answer) {
                        print STDERR $rr->string, "\n" if $opts{d};
                        push (@refs, $rr->nsdname) if $rr->type eq 'NS';
                        next unless lc($rr->name) eq lc($zone);
                        add_nslist_to_data($pkt);
+                       #print STDERR "Adding for $zone: ", $pkt->string, "\n" if $opts{d};
                        $done = 1;
                }
-               critical("No new references after querying for $zone SOA from $prettyrefs.  Packet was ".$pkt->string) unless (scalar @refs);
+               critical("No new references after querying for $zone NS from $prettyrefs.  Packet was ".$pkt->string) unless (scalar @refs);
        } while (! $done);
 }
 
@@ -305,9 +305,9 @@ sub send_query {
 sub get_nslist {
        my $pkt = shift;
        return () unless $pkt;
-       return () unless $pkt->authority;
+       return () if (!$pkt->authority && !$pkt->answer);
        my @nslist;
-       foreach my $rr ($pkt->authority) {
+       foreach my $rr ($pkt->authority, $pkt->answer) {
                next unless ($rr->type eq 'NS');
                next unless ($rr->name eq $zone);
                push(@nslist, lc($rr->nsdname));

diff --git a/dsa-nagios-checks/debian/changelog b/dsa-nagios-checks/debian/changelog
index 8dc60e7..ce99fc6 100644 (file)
--- a/dsa-nagios-checks/debian/changelog
+++ b/dsa-nagios-checks/debian/changelog
@@ -21,6 +21,8 @@ dsa-nagios-checks (108+XXXX) UNRELEASED; urgency=medium
     warnings.
   * dsa-check-zone-rrsig-expiration-many: stop waiting for the timeout after
     the last zone checker finished.
+  * dsa-check-zone-rrsig-expiration: Handle cases where a child and parent
+    domain share nameservers.
 
   [ Tollef Fog Heen ]
   * dsa-update-unowned-file-status: ignore fdescfs, used for /dev/fd on
@@ -33,7 +35,7 @@ dsa-nagios-checks (108+XXXX) UNRELEASED; urgency=medium
   * Add dsa-check-hpssacli, replaces hpacucli for new hosts.
   * dsa-check-hpssacli: accept 12.0Gbps as transfer speed for SAS
 
- -- Peter Palfrader <weasel@debian.org>  Wed, 23 Mar 2016 09:08:38 +0100
+ -- Peter Palfrader <weasel@debian.org>  Wed, 23 Mar 2016 09:26:05 +0100
 
 dsa-nagios-checks (108) unstable; urgency=medium