From: Peter Palfrader <peter@palfrader.org>
Date: Wed, 23 Mar 2016 08:26:13 +0000 (+0100)
Subject: dsa-check-zone-rrsig-expiration: Handle cases where a child and parent domain share... 
X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fdsa-nagios.git;a=commitdiff_plain;h=b24070726f009d22a270de5b56cd484ab6154887

dsa-check-zone-rrsig-expiration: Handle cases where a child and parent domain share nameservers
---

diff --git a/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration b/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration
index e6a7b7f..3d5d584 100755
--- a/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration
+++ b/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration
@@ -141,26 +141,26 @@ sub do_recursion {
 		my $pkt;
 		my $prettyrefs = (scalar @refs) ? join(", ", @refs) : "empty set(!?)";
 		foreach my $ns (shuffle @refs) {
-			print STDERR "sending query for $zone SOA to $ns\n" if $opts{d};
+			print STDERR "sending query for $zone NS to $ns\n" if $opts{d};
 			$res->nameserver($ns);
 			$res->udp_timeout($opts{t});
 			$res->udppacketsize($opts{s});
-			$pkt = $res->send($zone, 'SOA');
+			$pkt = $res->send($zone, 'NS');
 			last if $pkt;
 		}
-		print STDERR "No response to seed query for $zone SOA from $prettyrefs.\n" if $opts{d};
 		critical("No response to seed query for $zone from $prettyrefs.") unless $pkt;
 		critical($pkt->header->rcode . " from " . $pkt->answerfrom)
 			unless ($pkt->header->rcode eq 'NOERROR');
 		@refs = ();
-		foreach my $rr ($pkt->authority) {
+		foreach my $rr ($pkt->authority, $pkt->answer) {
 			print STDERR $rr->string, "\n" if $opts{d};
 			push (@refs, $rr->nsdname) if $rr->type eq 'NS';
 			next unless lc($rr->name) eq lc($zone);
 			add_nslist_to_data($pkt);
+			#print STDERR "Adding for $zone: ", $pkt->string, "\n" if $opts{d};
 			$done = 1;
 		}
-		critical("No new references after querying for $zone SOA from $prettyrefs.  Packet was ".$pkt->string) unless (scalar @refs);
+		critical("No new references after querying for $zone NS from $prettyrefs.  Packet was ".$pkt->string) unless (scalar @refs);
 	} while (! $done);
 }
 
@@ -305,9 +305,9 @@ sub send_query {
 sub get_nslist {
 	my $pkt = shift;
 	return () unless $pkt;
-	return () unless $pkt->authority;
+	return () if (!$pkt->authority && !$pkt->answer);
 	my @nslist;
-	foreach my $rr ($pkt->authority) {
+	foreach my $rr ($pkt->authority, $pkt->answer) {
 		next unless ($rr->type eq 'NS');
 		next unless ($rr->name eq $zone);
 		push(@nslist, lc($rr->nsdname));
diff --git a/dsa-nagios-checks/debian/changelog b/dsa-nagios-checks/debian/changelog
index 8dc60e7..ce99fc6 100644
--- a/dsa-nagios-checks/debian/changelog
+++ b/dsa-nagios-checks/debian/changelog
@@ -21,6 +21,8 @@ dsa-nagios-checks (108+XXXX) UNRELEASED; urgency=medium
     warnings.
   * dsa-check-zone-rrsig-expiration-many: stop waiting for the timeout after
     the last zone checker finished.
+  * dsa-check-zone-rrsig-expiration: Handle cases where a child and parent
+    domain share nameservers.
 
   [ Tollef Fog Heen ]
   * dsa-update-unowned-file-status: ignore fdescfs, used for /dev/fd on
@@ -33,7 +35,7 @@ dsa-nagios-checks (108+XXXX) UNRELEASED; urgency=medium
   * Add dsa-check-hpssacli, replaces hpacucli for new hosts.
   * dsa-check-hpssacli: accept 12.0Gbps as transfer speed for SAS
 
- -- Peter Palfrader <weasel@debian.org>  Wed, 23 Mar 2016 09:08:38 +0100
+ -- Peter Palfrader <weasel@debian.org>  Wed, 23 Mar 2016 09:26:05 +0100
 
 dsa-nagios-checks (108) unstable; urgency=medium