philpep's wiki

User Tools

Site Tools

Trace:
soft:checkzone

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

soft:checkzone [2019/07/14 23:20] (current)
phil created
Line 1: Line 1:
 +====== checkzone - A python script checking secondary dns servers ======
  
 +You should check your secondary dns servers receive and update zones properly.
 +
 +Here is a small script I wrote which simply request all the NS servers from a given domain and check their serial is equal. The script behave like a nagios compatible check, so you can easily plug into your monitoring systems.
 +
 +<code>
 +apt-get install python3-dnspython
 +</code>
 +
 +<file /usr/local/bin/checkzone>
 +#!/usr/bin/env python3
 +
 +import argparse
 +import sys
 +import dns.resolver
 +
 +
 +def get_serials(domain):
 +    resolver = dns.resolver.Resolver()
 +    for ns in resolver.query(domain, 'NS'):
 +        for ip in resolver.query(ns.to_text(), 'A'):
 +            r = dns.resolver.Resolver(configure=False)
 +            r.nameservers = [ip.to_text()]
 +            for resp in r.query(domain, 'SOA'):
 +                yield ns.to_text(), ip.to_text(), resp.serial
 +
 +
 +def check_zone(domain):
 +    serials = list(get_serials(domain))
 +    if len(set([s for _, _, s in serials])) == 1:
 +        print('ZONE {} OK - serial is {} for {}'.format(
 +            domain, serials[0][2],
 +            ', '.join(['{} ({})'.format(ns, ip) for ns, ip, _ in serials])))
 +        return 0
 +    else:
 +        print('ZONE {} CRITICAL - serial differ {}'.format(
 +            domain, ', '.join(['{} for {} ({})'.format(s, ns, ip)
 +                               for ns, ip, s in serials])))
 +        return 2
 +
 +
 +if __name__ == '__main__':
 +    parser = argparse.ArgumentParser(sys.argv[0])
 +    parser.add_argument('domain')
 +    args = parser.parse_args()
 +    sys.exit(check_zone(args.domain))
 +</file>
 +
 +Example output:
 +
 +<code>
 +$ /usr/local/bin/check_zone fr.
 +ZONE fr. OK - serial is 2225177270 for d.nic.fr. (194.0.9.1), e.ext.nic.fr. (193.176.144.22), f.ext.nic.fr. (194.146.106.46), g.ext.nic.fr. (194.0.36.1), d.ext.nic.fr. (192.5.4.2)
 +
 +$ /usr/local/bin/check_zone org.
 +ZONE org. CRITICAL - serial differ 2013547598 for d0.org.afilias-nst.org. (199.19.57.1), 2013547598 for a0.org.afilias-nst.info. (199.19.56.1), 2013547597 for a2.org.afilias-nst.info. (199.249.112.1), 2013547598 for b0.org.afilias-nst.org. (199.19.54.1), 2013547598 for b2.org.afilias-nst.org. (199.249.120.1), 2013547598 for c0.org.afilias-nst.info. (199.19.53.1)
 +$
 + /usr/local/bin/check_zone philpep.org.
 +ZONE philpep.org. OK - serial is 2019061607 for cauchy.philpep.org. (5.39.85.37), schwarz.philpep.org. (54.37.73.55)
 +</code>
 +
 +As you can see, the script may flap for zones updating very frequently (top level zones), but for your zone it should just work.
soft/checkzone.txt ยท Last modified: 2019/07/14 23:20 by phil

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki