Having felt sheepish about the lazy design/implementation of my domain-checking scripts, I figured I'd start small, by rewriting /etc/cron.weekly/baycondomain to be iota more sophisticated.
This was a profoundly primitive script that just reported back (via e-mail) current parent-zone SOA serial numbers of domain baycon.org at its pair of authoritative nameservers -- so I can vgrep and see if they disagree, or if one or both of them don't answer. It was a quick'n'dirty job from 2011, only now revisited.
It's now a _little_ less dumb. Output presentation is meh at best. Also, its continued hard-coding quantity and FQDNs of the auth. nameservers is regrettable, and could be eliminated by revising the thing more, to generalise it. Ditto the continued hardcoded name of the domain being checked.
Still, as the late Adam Osborne used to say, "Adequacy is sufficient."
----- begin cron script -----
#!/bin/sh
# baycondomain Cron script to sanity-check the BayCon domain's SOA records at # all of its authoritative nameservers, as a quick and # dirty way of making sure (1) they're all online and # (2) they're all serving up the same data (or at least # data with the same zonefile serial number). # # The script queries all nameservers for their current # SOA value (for baycon.org), and then uses awk to parse # out of that verbose record just the S/N field, which is # field #3. The point is that you can visually spot offline # or aberrant nameservers by their S/Ns being (respectively) # missing or an out-of-step value. # # Written by Rick Moen (rick@linuxmafia.com) # $Id: cron.weekly,v 1.02 2023/09/14 22:04:55 rick
set -o errexit #aka "set -e": exit if any line returns non-true value set -o nounset #aka "set -u": exit upon finding an uninitialised variable
test -x /usr/bin/mail || exit 0
{ ns1soa=$(dig @NS1.BLUEHOST.COM. baycon.org. soa +short | awk {'print $3'}) ns2soa=$(dig @NS2.BLUEHOST.COM. baycon.org. soa +short | awk {'print $3'}) ( [ "${ns1soa:=nonresponding}" = "${ns2soa:=nonresponding}" ] ) \ && echo "ns1.bluehost.com and ns2.bluehost.com agree on: $ns1soa" \ || echo "ns1.bluehost.com says $ns1soa, but ns2.bluehost.com is a rebel and says $ns2soa" } | /usr/bin/mail -s "Domain baycon.org SOA check" rick@linuxmafia.com
----- end cron script ----- ----- Forwarded message from root root@linuxmafia.com -----
Date: Sun, 17 Sep 2023 06:47:01 -0700 From: root root@linuxmafia.com To: rick@linuxmafia.com Subject: Domain baycon.org SOA check
ns1.bluehost.com and ns2.bluehost.com agree on: 2023082800
----- End forwarded message -----