User Tools

Site Tools


checkzone - A python script checking secondary dns servers

You should check your secondary dns servers receive and update zones properly.

Here is a small script I wrote which simply request all the NS servers from a given domain and check their serial is equal. The script behave like a nagios compatible check, so you can easily plug into your monitoring systems.

apt-get install python3-dnspython
#!/usr/bin/env python3
import argparse
import sys
import dns.resolver
def get_serials(domain):
    resolver = dns.resolver.Resolver()
    for ns in resolver.query(domain, 'NS'):
        for ip in resolver.query(ns.to_text(), 'A'):
            r = dns.resolver.Resolver(configure=False)
            r.nameservers = [ip.to_text()]
            for resp in r.query(domain, 'SOA'):
                yield ns.to_text(), ip.to_text(), resp.serial
def check_zone(domain):
    serials = list(get_serials(domain))
    if len(set([s for _, _, s in serials])) == 1:
        print('ZONE {} OK - serial is {} for {}'.format(
            domain, serials[0][2],
            ', '.join(['{} ({})'.format(ns, ip) for ns, ip, _ in serials])))
        return 0
        print('ZONE {} CRITICAL - serial differ {}'.format(
            domain, ', '.join(['{} for {} ({})'.format(s, ns, ip)
                               for ns, ip, s in serials])))
        return 2
if __name__ == '__main__':
    parser = argparse.ArgumentParser(sys.argv[0])
    args = parser.parse_args()

Example output:

$ /usr/local/bin/check_zone fr.
ZONE fr. OK - serial is 2225177270 for (, (, (, (, (

$ /usr/local/bin/check_zone org.
ZONE org. CRITICAL - serial differ 2013547598 for (, 2013547598 for (, 2013547597 for (, 2013547598 for (, 2013547598 for (, 2013547598 for (
ZONE OK - serial is 2019061607 for (, (

As you can see, the script may flap for zones updating very frequently (top level zones), but for your zone it should just work.

soft/checkzone.txt · Last modified: 2019/07/14 23:20 by phil