User Tools

Site Tools


soft:checkzone

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

soft:checkzone [2019/07/14 23:20] (current)
phil created
Line 1: Line 1:
 +====== checkzone - A python script checking secondary dns servers ======
  
 +You should check your secondary dns servers receive and update zones properly.
 +
 +Here is a small script I wrote which simply request all the NS servers from a given domain and check their serial is equal. The script behave like a nagios compatible check, so you can easily plug into your monitoring systems.
 +
 +<​code>​
 +apt-get install python3-dnspython
 +</​code>​
 +
 +<file /​usr/​local/​bin/​checkzone>​
 +#​!/​usr/​bin/​env python3
 +
 +import argparse
 +import sys
 +import dns.resolver
 +
 +
 +def get_serials(domain):​
 +    resolver = dns.resolver.Resolver()
 +    for ns in resolver.query(domain,​ '​NS'​):​
 +        for ip in resolver.query(ns.to_text(),​ '​A'​):​
 +            r = dns.resolver.Resolver(configure=False)
 +            r.nameservers = [ip.to_text()]
 +            for resp in r.query(domain,​ '​SOA'​):​
 +                yield ns.to_text(),​ ip.to_text(),​ resp.serial
 +
 +
 +def check_zone(domain):​
 +    serials = list(get_serials(domain))
 +    if len(set([s for _, _, s in serials])) == 1:
 +        print('​ZONE {} OK - serial is {} for {}'​.format(
 +            domain, serials[0][2],​
 +            ', '​.join(['​{} ({})'​.format(ns,​ ip) for ns, ip, _ in serials])))
 +        return 0
 +    else:
 +        print('​ZONE {} CRITICAL - serial differ {}'​.format(
 +            domain, ', '​.join(['​{} for {} ({})'​.format(s,​ ns, ip)
 +                               for ns, ip, s in serials])))
 +        return 2
 +
 +
 +if __name__ == '​__main__':​
 +    parser = argparse.ArgumentParser(sys.argv[0])
 +    parser.add_argument('​domain'​)
 +    args = parser.parse_args()
 +    sys.exit(check_zone(args.domain))
 +</​file>​
 +
 +Example output:
 +
 +<​code>​
 +$ /​usr/​local/​bin/​check_zone fr.
 +ZONE fr. OK - serial is 2225177270 for d.nic.fr. (194.0.9.1),​ e.ext.nic.fr. (193.176.144.22),​ f.ext.nic.fr. (194.146.106.46),​ g.ext.nic.fr. (194.0.36.1),​ d.ext.nic.fr. (192.5.4.2)
 +
 +$ /​usr/​local/​bin/​check_zone org.
 +ZONE org. CRITICAL - serial differ 2013547598 for d0.org.afilias-nst.org. (199.19.57.1),​ 2013547598 for a0.org.afilias-nst.info. (199.19.56.1),​ 2013547597 for a2.org.afilias-nst.info. (199.249.112.1),​ 2013547598 for b0.org.afilias-nst.org. (199.19.54.1),​ 2013547598 for b2.org.afilias-nst.org. (199.249.120.1),​ 2013547598 for c0.org.afilias-nst.info. (199.19.53.1)
 +$
 + /​usr/​local/​bin/​check_zone philpep.org.
 +ZONE philpep.org. OK - serial is 2019061607 for cauchy.philpep.org. (5.39.85.37),​ schwarz.philpep.org. (54.37.73.55)
 +</​code>​
 +
 +As you can see, the script may flap for zones updating very frequently (top level zones), but for your zone it should just work.
soft/checkzone.txt ยท Last modified: 2019/07/14 23:20 by phil