-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathcheck-SOA-serial.sh
More file actions
executable file
·98 lines (90 loc) · 2.4 KB
/
check-SOA-serial.sh
File metadata and controls
executable file
·98 lines (90 loc) · 2.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
#!/bin/bash
#
# Desc: Check SOA serial records for every NS in a given domain
# Author: Mauricio Vergara Ereche <mave@cero32.cl>
# License: GPL-3.0-or-later
#
export PATH=/usr/local/opt/coreutils/libexec/gnubin/:/usr/local/bin:/bin:/usr/bin:/usr/sbin
QRY="SOA"
FLAGS="+stats +retry=0 +timeout=1 +nocrypto +nomulti +noall +ans +nodnssec"
#####################
# Print func Helper
# params:
# $1: serial
# $2: name_server
# $3: serialdiff (1,0)
#####################
function Colorize(){
serial=${1}
ns=${2}
serialdiff=${3}
# Check if we are doing a title or a serial comp
if [[ $serial =~ ^-?[0-9]+$ ]] ; then
if [[ ${serialdiff} -eq 1 ]] ; then
colorcode="\033[1;32m " # Green
printf "%b%3d%b" ${colorcode} ${serial} "\033[0m ${ns}"
else
colorcode="\033[1;31m " # Red
printf "%b%s%b" ${colorcode} ${serial} "\033[0m ${ns}"
fi
else
colorcode="\033[1;35m " # The REST PURPLE
printf "%b%s%b" ${colorcode} ${*} "\033[0m\n"
fi
}
##########################
# QuerySerial func Helper
# params:
# $1: ipversion (4, 6)
# $2: domain (fqdn)
# $3: NameServer (fqdn)
# $4: Serial to Compare (long int)
##########################
function QuerySerial(){
ipv="${1}" # The "-" is for the flag
domain="${2}"
ns="${3}"
comp="${4}"
declare -a soa_resp=($(dig @${ns} ${FLAGS} ${ipv} ${domain} ${QRY} ))
if [ $? -eq 0 ] ; then
serial=${soa_resp[6]}
unset soa_resp
else
echo "Error getting SOA serial for domain: ${domain} with NS: ${ns}"
exit 2
fi
ns_name=$(dig @${ns} CH TXT hostname.bind +short ${FLAGS} ${ipv})
if [ $? -eq 0 ] ; then
if [ ${serial} -eq ${comp} ] ; then
serialdiff=1
else
serialdiff=0
fi
printf " ${ns}: $(Colorize ${serial} ${ns_name} ${serialdiff}) \n"
else
printf " %s: %bERROR %b\n" ${ROOT} "\033[0;35m" "\033[0m"
fi
}
#######################
# MAIN
#######################
# Printing default info
Colorize "Default_routers:"
netstat -rn|grep default|grep -v "fe80::"|awk '{ print $2}'|uniq
echo
Colorize "Default_DNS_Resolver:"
dig . | grep \;\;\ SERVER\: | cut -d ":" -f2-
echo
# First Query to get SOA serial to compare
domain="."
declare -a soa_orig=($(dig @a.root-servers.net. ${FLAGS} -4 ${domain} ${QRY} ))
serial_orig=${soa_orig[6]}
# Now we compare that against every server
for ipv in "-4" "-6"; do
Colorize "IPv${ipv}:"
for roots in {A..M}; do
ns="${roots}.ROOT-SERVERS.NET."
QuerySerial ${ipv} ${domain} ${ns} ${serial_orig}
done
echo
done