check_serials.sh

#!/bin/bash
#< Perform DNS zone serial check against two reference nameservers

AWK="/usr/bin/awk"
BASENAME="/usr/bin/basename"
DIG="/usr/bin/dig"
ECHO="/usr/bin/echo"
GREP="/bin/grep"
SED="/usr/bin/sed"
SCP="/usr/bin/scp"
SLEEP="/usr/bin/sleep"

DIGOPTS="+noadd +noauth +nostats +noquestion +nocomments +nocmd +time=2"
SERVER1="nameserver1.com"
SERVER2="nameserver2.com"
FILEHOST="nameserver1.com"
THISPROG=$( ${BASENAME} $0 )

TMP_DIR="${HOME}/check_serials/tmp"
L_SEC_CONF="${TMP_DIR}/sec.cogent.conf"
R_SEC_CONF="/dns/var/bind/conf/somezones.conf"

RECORDTYPE="soa"
VERBOSE=0

function print_error {
   ${ECHO} "Error: $@" >&2
}

function check_args {
   if [ "${NAME}" = "" ]; then
      print_usage && exit 1  
   elif [ "${RECORDTYPE}" = "" ]; then
      print_usage && exit 1  
   fi
}

function get_conf {
   ${SCP} -q username@${FILEHOST}:${R_SEC_CONF} ${L_SEC_CONF} || {
      print_error "Cannot SCP configuration from ${FILEHOST}" && exit 1
   }
}

function perform_checks {
   ${SED} -n '/^zone/ s/^zone \"\([^"]*\)" {.*$/\1/p' ${L_SEC_CONF} | while read NAME; do
      SERIAL1=""
      SERIAL2=""
      DIGOUTPUT=""
      DIGOUTPUT=$( ${DIG} ${DIGOPTS} ${RECORDTYPE} ${NAME} @${SERVER1} 2>&1 )
      ${ECHO} "${DIGOUTPUT}" | ${AWK} '{print $7}' | ${GREP} '^[0-9]\{1,\}$' >/dev/null 2>&1
      if [ "$?" -eq "0" ]; then
         SERIAL1=$( ${ECHO} "${DIGOUTPUT}" | ${AWK} '{print $7}' )
      else
         # Try again...
         SERIAL1=""
         DIGOUTPUT=$( ${DIG} ${DIGOPTS} ${RECORDTYPE} ${NAME} @${SERVER1} 2>&1 )
         ${ECHO} "${DIGOUTPUT}" | ${AWK} '{print $7}' | ${GREP} '^[0-9]\{1,\}$' >/dev/null 2>&1
         if [ "$?" -eq "0" ]; then
            SERIAL1=$( ${ECHO} "${DIGOUTPUT}" | ${AWK} '{print $7}' )
         else
            print_error "Could not get serial for ${NAME}@${SERVER1}"
         fi
      fi
      DIGOUTPUT=$( ${DIG} ${DIGOPTS} ${RECORDTYPE} ${NAME} @${SERVER2} 2>&1 )
      ${ECHO} "${DIGOUTPUT}" | ${AWK} '{print $7}' | ${GREP} '^[0-9]\{1,\}$' >/dev/null 2>&1
      if [ "$?" -eq "0" ]; then
         SERIAL2=$( ${ECHO} "${DIGOUTPUT}" | ${AWK} '{print $7}' )
      else
         # Try again...
         SERIAL2=""
         DIGOUTPUT=$( ${DIG} ${DIGOPTS} ${RECORDTYPE} ${NAME} @${SERVER2} 2>&1 )
         ${ECHO} "${DIGOUTPUT}" | ${AWK} '{print $7}' | ${GREP} '^[0-9]\{1,\}$' >/dev/null 2>&1
         if [ "$?" -eq "0" ]; then
            SERIAL2=$( ${ECHO} "${DIGOUTPUT}" | ${AWK} '{print $7}' )
         else
            print_error "Could not get serial for ${NAME}@${SERVER2}"
         fi 
      fi
      if [ "${SERIAL1}" != "${SERIAL2}" ]; then
         ${ECHO} "${SERVER1}[${NAME}] Serial: ${SERIAL1} != ${SERVER2}[${NAME}] Serial: ${SERIAL2}"
      fi
   done
}

get_conf
perform_checks

exit 0