From: Peter Palfrader Date: Tue, 23 Apr 2013 18:12:50 +0000 (+0200) Subject: Allow supplying the nameservers to start recursion at X-Git-Url: https://wiki.adam-barratt.org.uk/gitweb/?a=commitdiff_plain;h=0c98805e2a7a20c045fb7212e352fcab4c4e26dd;p=mirror%2Fdsa-nagios.git Allow supplying the nameservers to start recursion at dsa-check-zone-rrsig-expiration, dsa-check-zone-rrsig-expiration-many: Allow supplying the nameservers to start recursion at (per zone). This is useful for reverse zones of RFC1918 space. --- diff --git a/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration b/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration index 8ea5d51..a624426 100755 --- a/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration +++ b/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration @@ -43,6 +43,8 @@ # - do more than one zone # Copyright (c) 2012 Peter Palfrader # - add -s option to configure udp packet size. default changed from 4k to 1k +# Copyright (c) 2013 Peter Palfrader +# - add -r option to override initial refs. # usage @@ -92,7 +94,7 @@ sub convert_time { } my %opts = (t=>30, s=>1024); -getopts('hdt:c:w:s:', \%opts); +getopts('hdt:c:w:s:r:', \%opts); usage() unless scalar @ARGV == 1; usage() if $opts{h}; my $zone = $ARGV[0]; @@ -121,6 +123,7 @@ k.root-servers.net l.root-servers.net m.root-servers.net ); +@refs = split(/\s*,\s*/, $opts{r}) if (defined $opts{r}); $start = [gettimeofday()]; do_recursion(); diff --git a/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration-many b/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration-many index 1307847..c411e4e 100755 --- a/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration-many +++ b/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration-many @@ -66,9 +66,13 @@ sub check_one { my $zone = shift; my $check = shift; + my $extra = shift; my $params = shift; - open(P, '-|', ($check, '-w', $params->{'warn'}, '-c', $params->{'critical'}, $zone)) or die ("Cannot run $CHECK for $zone\n"); + my @cmd = ($check, '-w', $params->{'warn'}, '-c', $params->{'critical'}); + push(@cmd, '-r', $extra->{'initial_refs'}) if exists $extra->{'initial_refs'}; + push(@cmd, $zone); + open(P, '-|', @cmd) or die ("Cannot run $CHECK for $zone\n"); my @p =

; close P; $p[0] = $zone.': '. $p[0] if (scalar @p > 0); @@ -105,7 +109,7 @@ my $count = }; -my @dnsseczones; +my %dnsseczones; # load list of classic zones that will do DNSSEC chdir $INDIR or die "chdir $INDIR failed? $!\n"; opendir INDIR, '.' or die ("Cannot opendir $INDIR\n"); @@ -115,14 +119,18 @@ for my $file (sort {$a cmp $b} (readdir INDIR)) { next if $file =~ /^(dsset|keyset)-/; my $do_dnssec = 0; + my $initial_refs = undef; open(F, '<', $file) or die ("Cannot open $file: $!\n"); for () { - if (/^; wzf:\s*dnssec\s*=\s*1\s*$/) { $do_dnssec = 1; last; } + if (/^; wzf:\s*dnssec\s*=\s*1\s*$/) { $do_dnssec = 1; } + if (/^; check-initial-refs\s*=\s*(.*?)\s*$/) { $initial_refs = $1; } }; close F; if ($do_dnssec) { - push @dnsseczones, $file; + die "Duplicate zone $file?\n" if exists $dnsseczones{$file}; + $dnsseczones{$file} = {}; + $dnsseczones{$file}->{'initial_refs'} = $initial_refs if defined $initial_refs; } else { push @{$count->{'unsigned'}}, $file; }; @@ -143,7 +151,8 @@ if (defined $params->{'geozonedir'}) { my $zone = basename($file, '.zone'); if ($zc->{'dnssec'}) { - push @dnsseczones, $zone; + die "Duplicate zone $zone?\n" if exists $dnsseczones{$zone}; + $dnsseczones{$zone} = {}; } else { push @{$count->{'unsigned'}}, $zone; }; @@ -154,10 +163,10 @@ if (defined $params->{'geozonedir'}) { my @details; my %threads; -for my $zone (sort {$a cmp $b} @dnsseczones) { +for my $zone (sort {$a cmp $b} keys %dnsseczones) { die "Duplicate zone $zone?\n" if defined $threads{$zone}; my $thr = threads->create({'context' => 'list'}, - \&check_one, $zone, $CHECK, $params); + \&check_one, $zone, $CHECK, $dnsseczones{$zone}, $params); $threads{$zone} = $thr; } diff --git a/dsa-nagios-checks/debian/changelog b/dsa-nagios-checks/debian/changelog index 7a75f75..143420f 100644 --- a/dsa-nagios-checks/debian/changelog +++ b/dsa-nagios-checks/debian/changelog @@ -1,3 +1,11 @@ +dsa-nagios-checks (96) UNRELEASED; urgency=low + + * dsa-check-zone-rrsig-expiration, dsa-check-zone-rrsig-expiration-many: + Allow supplying the nameservers to start recursion at (per zone). + This is useful for reverse zones of RFC1918 space. + + -- Peter Palfrader Tue, 23 Apr 2013 20:12:09 +0200 + dsa-nagios-checks (95) unstable; urgency=low * dsa-check-running-kernel: Try to fix zcat kernel case.