diff options
| -rw-r--r-- | dnscheck_nsd.py | 58 |
1 files changed, 37 insertions, 21 deletions
diff --git a/dnscheck_nsd.py b/dnscheck_nsd.py index 15760ee..329fa45 100644 --- a/dnscheck_nsd.py +++ b/dnscheck_nsd.py @@ -143,6 +143,13 @@ def main(): parser.add_argument('--verbose', '-v', action='store_true', default=False) parser.add_argument('--debug', action='store_true', default=False) parser.add_argument( + '--exclude', + '-x', + type=argparse.FileType('r'), + default=None, + help="list of zones to exclude from check" + ) + parser.add_argument( 'file', nargs='?', type=argparse.FileType('r'), @@ -155,29 +162,38 @@ def main(): VERBOSE = True if args.debug: logger.setLevel(logging.DEBUG) + if args.exclude: + exclude_list = [line.strip() for line in args.exclude] + print exclude_list + else: + exclude_list = [] ref_resolver = get_resolver(nameserver=args.nameserver, lifetime=args.timeout) for item in parse_file(args.file): - if not args.nochecksoa: - resolver = get_resolver(nameserver=item['ns_address'], lifetime=args.timeout) - soa_result = compare_soa(item['domain'], [ref_resolver, resolver]) - if soa_result == 'match' and VERBOSE: - print 'SOA check complete for zone %s.\n' % item['domain'] - elif not soa_result: - print 'SOA check for zone %s failed.\n' % item['domain'] - elif soa_result == 'timeout': - print 'SOA check for zone %s timed out.\n' % item['domain'] - elif soa_result == 'no match': - print 'SOA did not match:' - print_soa(item['domain'], [ref_resolver, resolver]) - print '' - if not args.nocheckauth: - auth_result = check_auth(item['domain'], ref_resolver) - if auth_result and VERBOSE: - print 'Authority check complete for %s.\n' % item['domain'] - elif auth_result is None: - print 'Authoritative check failed for %s.\n' % item['domain'] - elif not auth_result: - print 'Reference NS is not authoritative for %s.\n' % item['domain'] + if not item['domain'] in exclude_list: + if not args.nochecksoa: + resolver = get_resolver(nameserver=item['ns_address'], lifetime=args.timeout) + soa_result = compare_soa(item['domain'], [ref_resolver, resolver]) + if soa_result == 'match' and VERBOSE: + print 'SOA check complete for zone %s.\n' % item['domain'] + elif not soa_result: + print 'SOA check for zone %s failed.\n' % item['domain'] + elif soa_result == 'timeout': + print 'SOA check for zone %s timed out.\n' % item['domain'] + elif soa_result == 'no match': + print 'SOA did not match:' + print_soa(item['domain'], [ref_resolver, resolver]) + print '' + if not args.nocheckauth: + auth_result = check_auth(item['domain'], ref_resolver) + if auth_result and VERBOSE: + print 'Authority check complete for %s.\n' % item['domain'] + elif auth_result is None: + print 'Authoritative check failed for %s.\n' % item['domain'] + elif not auth_result: + print 'Reference NS is not authoritative for %s.\n' % item['domain'] + else: + if VERBOSE: + logger.info('Zone %s found in exclude list, skipping...' % item['domain']) return 0 if __name__ == '__main__': |