[Smaug] DNS revamp: completed

Rick Moen rick at linuxmafia.com
Fri May 20 22:49:22 PDT 2011


Also:  I've revised my weekly monitoring cronjob, to report
more and make it (I hope) easier to spot if items are missing 
from it.  What does it report?  Alter it to put _your_ e-mail
address on the last line, run it, and see.


#!/bin/sh

# smaug         Cron script to sanity-check domain scruz.org's SOA records at
#               all of its authoritative nameservers, as a quick and 
#               dirty way of making sure (1) they're all online and
#               (2) they're all serving up the same data (or at least
#               data with the same zonefile serial number).
#  
#               The script queries all six nameservers for their current
#               SOA value (for scruz.org), and then uses awk to parse 
#               out of that verbose record just the S/N field, which is 
#               field #3.  The point is that you can visually spot offline 
#               or aberrant nameservers by their S/Ns being (respectively) 
#               missing or an out-of-step value.
#
#               For good measure, we also report authoritative servers from 
#               whois, NS-type records + their glue A records at the zone's 
#               parent, then NS-type records + matching A records in the 
#               zone itself.
#
#		Written by Rick Moen (rick at linuxmafia.com)
#		$Id: cron.weekly,v 1.04 2011/05/20 21:47:05 rick
# Copyright (C) Rick Moen, 2011.  Do anything you want with this work.

set -o errexit  #aka "set -e": exit if any line returns non-true value
set -o nounset  #aka "set -u": exit upon finding an uninitialised variable

test -x /usr/bin/mail || exit 0
test -x /usr/bin/whois || exit 0
test -x /usr/bin/awk || exit 0
test -x /bin/grep || exit 0
test -x /usr/bin/dig || exit 0

{
echo "As of 2011-05-20, there are supposed to be six authoritative nameservers:"
echo ""
echo "ns1.scruz.org. 198.144.195.186, aka ns1.linuxmafia.com. (Rick Moen)"
echo "ns1.svlug.org. 64.62.190.98 (Rick Moen)"
echo "ns6.scruz.org. 38.102.132.186, aka ns1.phosphor.net. (Eric Cain)"
echo "ns7.scruz.org. 209.237.247.49, aka ns.portalpotty.net. (Max Baker)"
echo "ns8.scruz.org. 209.133.21.10, aka ns1.got.net. (got.net NOC)"
echo "ns9.scruz.org. 207.111.232.23 aka ns2.got.net. (got.net NOC)"
echo ""
echo "If any is missing from reports below, or produces odd data, something is wrong."
echo ""
echo "Zonefile S/Ns:"
echo ""
dig -t soa scruz.org. @NS1.SCRUZ.ORG. +short | awk '{ print $3 " on ns1.scruz.org." }'
dig -t soa scruz.org. @NS1.SVLUG.ORG. +short | awk '{ print $3 " on ns1.svlug.org." }'
dig -t soa scruz.org. @NS6.SCRUZ.ORG. +short | awk '{ print $3 " on ns6.scruz.org." }'
dig -t soa scruz.org. @NS7.SCRUZ.ORG. +short | awk '{ print $3 " on ns7.scruz.org."}'
dig -t soa scruz.org. @NS8.SCRUZ.ORG. +short | awk '{ print $3 " on ns8.scruz.org."}'
dig -t soa scruz.org. @NS9.SCRUZ.ORG. +short | awk '{ print $3 " on ns9.scruz.org."}'
echo ""
echo "Authoritative nameservers from whois:"
echo ""
whois scruz.org | grep 'Name Server' | awk -F: '{ print $2 }' | head -n 7
echo ""
echo "Parent-zone NS records and matching A records (glue):"
echo ""
dig -t ns scruz.org. @$(dig -t ns org. +short | head -n 1) +nocmd +noquestion +nostats +nocomments
echo ""
echo "In-domain NS records and matching A records:"
echo ""
dig -t ns scruz.org. @$(dig -t ns scruz.org. +short | head -n 1) +nocmd +noquestion +nostats +nocomments
} |
mail -s "Domain scruz.org SOA check" yourmailbox at example.com




More information about the Smaug mailing list