#Here's a shar file containing two scripts for running from cron to#check zone data and a modified doc 2.0 for use by the scripts.##Jim Knutson#knutson@mcc.com#cs.utexas.edu!milano!knutson#Wk: (512) 338-3362# This is a shell archive.  Remove anything before this line,# then unpack it by saving it in a file and typing "sh file".## Wrapped by weber.sw.mcc.com!knutson on Wed Apr 24 10:03:07 CDT 1991# Contents:  ckdomaincf.sh ckserial.sh echo x - ckdomaincf.shsed 's/^@//' > "ckdomaincf.sh" <<'@//E*O*F ckdomaincf.sh//'#!/bin/sh# @(#)ckdomaincf.sh	1.3	1/4/91## ckdomaincf - check domain configuration## SYNOPSIS#	ckdomaincf [ -n ]## ckdomaincf checks the domain configuration.  It determines which# domains to check by examining /etc/named.boot and checking all domains# listed on the primary and secondar lines.  However, ckdomaincf ignores# checking the 0.0.127.in-addr.arpa domain and any domain with unixhosts# as the data file.  It is assumed that these domain data files will# contain domain definitions for the unix localhost and will be specific# to the local definition.# # If the -n flag is specified, no mail will be sent after checking.# BOOTFILE=/etc/named.bootMAIL=/usr/ucb/MailNOTIFY=hostmasterNOTIFYLEVEL=10	# 10 - any warning or greater		# 50 - any error or greater		# 100 - any abortPATH=$PATH:/usr/local/etc export PATHTMP=/tmp/.ckd$$set -- `getopt n $*`if [ $? != 0 ]; then	echo usage: ckdomaincf [ -n ]	exit 2fifor i in $*; do	case $i in	-n ) MAIL="echo /usr/ucb/Mail"; shift;;	--)	 shift; break;;	esacdonetolower() {	echo $1 | tr A-Z a-z}is_in_addr() {	if [ `expr $1 : '.*in-addr'` -gt 0 ]; then		true;	else		false;	fi}# strip comments from zone datastripcomments() {        sed -e '/^;/d' -e 's/;.*//' $*}# get mail address of person in charge of the zonegetpersonincharge() {	dig soa $1. +pfset=0xa224 | \        stripcomments | tr a-z A-Z | awk '$3 == "SOA" {print $5}'}# convert domain name to mail addressdomaintoaddr() {        echo $1 | sed -e 's/\.$//' -e 's/\./@/'}# notify the person in charge of a zone of detected errorsnotifypersonincharge() {	failtype=problems	if [ $2 -gt 50 ]; then		failtype=errors	fi	if [ $2 -gt 100 ]; then		failtype=failures	fi        MB=`getpersonincharge $1`	( cat $1.log;	  echo ""; echo ""; echo ""; echo "Complete log of test follows:"; echo "";	  cat log.$1.	) | \        $MAIL -s "$1 zone configuration $failtype" $NOTIFY `domaintoaddr $MB`         echo $1 zone configuration $failtype	sed 's/^/  /' $1.log        echo "  $NOTIFY, `domaintoaddr $MB` notified via mail."	echo ""}cd /tmptrap "rm -f $TMP*; exit 1" 2 3egrep '^(primary|secondary)' $BOOTFILE >$TMP.domainswhile read line; do	set -- $line	domainname=`tolower $2`	if is_in_addr $domainname; then		parent=arpa.	else		parent=	fi	# find data file	while [ "$2" != "" ]; do		shift	done	datafile=$1	# ignore localhost domain stuff	if [ $domainname = 0.0.127.in-addr.arpa -o $datafile = unixhosts ]; then		continue	fi	rm -f log.$domainname.	doc -w -e $domainname. $parent 2>/dev/null >$TMP.docout	status=$?	egrep -v '^(Doc-|DIGERR|Done testing)' <$TMP.docout >$domainname.log		if [ $status -gt $NOTIFYLEVEL ]; then		notifypersonincharge $domainname $status	fi		rm -f log.$domainname. $domainname.logdone <$TMP.domainsrm -f $TMP*@//E*O*F ckdomaincf.sh//chmod u=r,g=r,o=r ckdomaincf.sh echo x - ckserial.shsed 's/^@//' > "ckserial.sh" <<'@//E*O*F ckserial.sh//'#!/bin/sh# @(#)ckserial.sh	1.4	11/21/90## ckserial - check zone file serial numbers## ckserial checks the serial numbers of zone files to ensure# that they are sequenced properly.  It keeps a checkpointed# set of data for comparison purposes.## USAGE#	ckserial [ bootfile ]## BUGS#	Assumes optional ttl field for SOA record is not used.BOOTFILE=/etc/named.bootCKPTDIR=ckpoint		# relative to 'directory' in bootfileLOGFILE=/tmp/.ckslog$$SEDFILE=/tmp/.ckssed$$MAIL=/usr/ucb/MailNOTIFY=hostmaster# change default bootfile if necessaryif [ "$1" != "" ]; then	if [ -f $1 ]; then		BOOTFILE=$1	else		echo usage: `basename $0` "[ bootfile ]"		exit 1	fifitrap "rm -f /tmp/.cks*$$; exit 1" 2 3# sed file for massaging zone datacat >$SEDFILE <<!/^;/ds/;.*//:join/([^)]*$/Ns/\n[ 	]*/ /t joins/(\(.*\))/\1/!# strip comments from zone datastripcomments() {	sed -e '/^;/d' -e 's/;.*//' $*}# list zone files used by boot file#  secondary zones are not checked.  These are assumed to be correct#  as far as transfers go because old serial numbers won't (shouldn't)#  be transferred.  Besides, I'm not sure of the semantics for determining#  whether the last entry is a file or not.  I suppose a simple test of#  existence would work though.getzonefiles() {	awk '\	$1 == "cache" || $1 == "CACHE" || \	$1 == "primary" || $1 == "PRIMARY" {		printf "%s\n",$NF }' $1}# get zone file directorygetzonedir() {	stripcomments $1 | awk 'BEGIN { dir = "/"; }	$1 == "directory" || $1 == "DIRECTORY" {		dir = $2 }	END {print dir}'}# get SOA serial numbergetserialnumber() {	tr a-z A-Z <$1 | sed -f $SEDFILE | awk '$3 == "SOA" { print $6}'}# get mail address of person in charge of the zonegetpersonincharge() {	stripcomments $1 | tr a-z A-Z | awk '$3 == "SOA" {print $5}'}# get zone origingetzone() {	# get zone from zone data file	zone=`stripcomments $1 | tr a-z A-Z | awk '$3 == "SOA" {print $1}'`	# if zone is current origin	if [ "$zone" = "@" ]; then		# get zone from bootfile		zone=`grep $1 $BOOTFILE | awk '{print $2}'`	fi	echo $zone}# checkpoint a list of filescheckpoint() {	while [ "$1" != "" ]; do		# copy file preserving modes/dates		cp -p $1 $CKPTDIR/$1		shift	done}# get list of include files from zone fileincludefiles() {	grep -i '^\$include' $1 | awk '{print $2}'}# is arg 1 < arg2#  test integer and floating numberslt() {	awk 'BEGIN{ if ('$1' < '$2') exit 0; else exit 1; }'}# compare two files ignoring white space changescompare() {	diff -b $1 $2 >/dev/null}# log a zonefile error messageerrlog() {	ERRORFILE=$1	# save zone file for error reporting	echo "$2" 1>&2	echo "$2" >>$LOGFILE}# convert domain name to mail addressdomaintoaddr() {	echo $1 | sed -e 's/\.$//' -e 's/\./@/'}# notify the person in charge of a zone of detected errorsnotifypersonincharge() {	MB=`getpersonincharge $1`	ZONE=`getzone $1`	$MAIL -s "$ZONE zone configuration error" $NOTIFY `domaintoaddr $MB` <$LOGFILE	echo "	$NOTIFY, `domaintoaddr $MB` notified via mail."}processerrors() {	# if errors found, notify person in charge	if [ -f $LOGFILE ]; then		notifypersonincharge $ERRORFILE		# truncate error log file		rm -f $LOGFILE	fi}########################## real work starts here ########################### cd to the zone file data directorycd `getzonedir $BOOTFILE`ZONEFILES=`getzonefiles $BOOTFILE`SOAFILES=`grep -il '[ 	]IN[ 	]*SOA[ 	]' $ZONEFILES | stripcomments`EXIT=0for f in $SOAFILES; do	# process any logged errors	processerrors	# check for zone file existence	if [ ! -f $f ]; then		echo "$BOOTFILE: $f doesn't exist" 1>&2		continue	fi	# if this zone file is new, checkpoint it	if [ ! -f $CKPTDIR/$f ]; then 		checkpoint $f		continue	fi	#get serial number of current version	nserialno=`getserialnumber $f`	#get serial number of checkpointed version	oserialno=`getserialnumber $CKPTDIR/$f`	#if serial number differs, continue	if [ $nserialno != $oserialno ]; then		# sanity check first		if lt $nserialno $oserialno; then			errlog $f "$f: serial number ($nserialno) < previous ($oserialno)"			EXIT=1			continue		fi		# checkpoint new zone file and included files		checkpoint $f `includefiles $f`		continue	fi	#if file differs from ckpoint - error	if compare $f $CKPTDIR/$f; then		: all ok	else		errlog $f "$f: zone file changed, but serial number didn't"		EXIT=1		continue	fi	# test included files as well	for i in `includefiles $f`; do		# if this zone file is new, checkpoint it		if [ ! -f $CKPTDIR/$i ]; then 			checkpoint $i			continue		fi		#if file differs from ckpoint - error		if compare $i $CKPTDIR/$i; then			: all ok		else			errlog $f "$f included changed zone data from $i, but serial number didn't change"			EXIT=1			continue		fi		# check for nested includes.  these aren't handled		# but we don't expect them either.		if [ "`grep -i '\$include' $i`" != "" ]; then			errlog $i "include file $i includes other files."			EXIT=1		fi	donedone# process any remaining errorsprocesserrorsrm -f /tmp/.cks*$$exit $EXIT@//E*O*F ckserial.sh//chmod u=r,g=r,o=r ckserial.sh exit 0