|
Packit |
57988d |
##########################################################################
|
|
Packit |
57988d |
# $Id$
|
|
Packit |
57988d |
##########################################################################
|
|
Packit |
57988d |
|
|
Packit |
57988d |
#####################################################
|
|
Packit |
57988d |
## Copyright (c) 2008 Kirk Bauer
|
|
Packit |
57988d |
## Covered under the included MIT/X-Consortium License:
|
|
Packit |
57988d |
## http://www.opensource.org/licenses/mit-license.php
|
|
Packit |
57988d |
## All modifications and contributions by other persons to
|
|
Packit |
57988d |
## this script are assumed to have been donated to the
|
|
Packit |
57988d |
## Logwatch project and thus assume the above copyright
|
|
Packit |
57988d |
## and licensing terms. If you want to make contributions
|
|
Packit |
57988d |
## under your own copyright or a different license this
|
|
Packit |
57988d |
## must be explicitly stated in the contribution an the
|
|
Packit |
57988d |
## Logwatch project reserves the right to not accept such
|
|
Packit |
57988d |
## contributions. If you have made significant
|
|
Packit |
57988d |
## contributions to this script and want to claim
|
|
Packit |
57988d |
## copyright please contact logwatch-devel@lists.sourceforge.net.
|
|
Packit |
57988d |
#########################################################
|
|
Packit |
57988d |
|
|
Packit |
57988d |
use Logwatch ':ip';
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
#$DoLookup = ValueOrDefault($ENV{'named_ip_lookup'}, 0);
|
|
Packit |
57988d |
$Debug = ValueOrDefault($ENV{'LOGWATCH_DEBUG'}, 0);
|
|
Packit |
57988d |
$Detail = ValueOrDefault($ENV{'LOGWATCH_DETAIL_LEVEL'}, 0);
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# Avoid "Use of uninitialized value" warning messages.
|
|
Packit |
57988d |
sub ValueOrDefault {
|
|
Packit |
57988d |
my ($value, $default) = @_;
|
|
Packit |
57988d |
return ($value ? $value : $default);
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( $Debug >= 5 ) {
|
|
Packit |
57988d |
print STDERR "\n\nDEBUG: Inside NAMED Filter \n\n";
|
|
Packit |
57988d |
$DebugCounter = 1;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
|
|
Packit |
57988d |
while (defined($ThisLine = <STDIN>)) {
|
|
Packit |
57988d |
if ( $Debug >= 30 ) {
|
|
Packit |
57988d |
print STDERR "DEBUG($DebugCounter): $ThisLine";
|
|
Packit |
57988d |
$DebugCounter++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (
|
|
Packit |
57988d |
($ThisLine =~ /RR negative cache entry/) or
|
|
Packit |
57988d |
($ThisLine =~ /ns_....: .* NS points to CNAME/) or
|
|
Packit |
57988d |
($ThisLine =~ /accept: connection reset by peer/) or
|
|
Packit |
57988d |
($ThisLine =~ /Connection reset by peer/) or
|
|
Packit |
57988d |
# typo fixed in 2004 release
|
|
Packit |
57988d |
($ThisLine =~ /transfer(r)?ed serial/) or
|
|
Packit |
57988d |
($ThisLine =~ /There may be a name server already running/) or
|
|
Packit |
57988d |
($ThisLine =~ /exiting/) or
|
|
Packit |
57988d |
($ThisLine =~ /running/) or
|
|
Packit |
57988d |
($ThisLine =~ /NSTATS /) or
|
|
Packit |
57988d |
($ThisLine =~ /Cleaned cache of \d+ RRs/) or
|
|
Packit |
57988d |
($ThisLine =~ /USAGE \d+ \d+ CPU=\d+.*/) or
|
|
Packit |
57988d |
($ThisLine =~ /XSTATS /) or
|
|
Packit |
57988d |
($ThisLine =~ /Ready to answer queries/) or
|
|
Packit |
57988d |
($ThisLine =~ /Forwarding source address is/) or
|
|
Packit |
57988d |
($ThisLine =~ /bad referral/) or
|
|
Packit |
57988d |
($ThisLine =~ /prerequisite not satisfied/) or
|
|
Packit |
57988d |
($ThisLine =~ /(rcvd|Sent) NOTIFY/) or
|
|
Packit |
57988d |
($ThisLine =~ /ns_resp: TCP truncated/) or
|
|
Packit |
57988d |
($ThisLine =~ /No possible A RRs/) or
|
|
Packit |
57988d |
($ThisLine =~ /points to a CNAME/) or
|
|
Packit |
57988d |
($ThisLine =~ /dangling CNAME pointer/) or
|
|
Packit |
57988d |
($ThisLine =~ /listening on/) or
|
|
Packit |
57988d |
($ThisLine =~ /unrelated additional info/) or
|
|
Packit |
57988d |
($ThisLine =~ /Response from unexpected source/) or
|
|
Packit |
57988d |
($ThisLine =~ /No root nameservers for class IN/) or
|
|
Packit |
57988d |
($ThisLine =~ /recvfrom: No route to host/) or
|
|
Packit |
57988d |
# Be sure to catch: transfer of 'zone' from IP#53: failed to connect: timed out
|
|
Packit |
57988d |
# not exact just triggers a full transfer
|
|
Packit |
57988d |
($ThisLine =~ /transfer of .*: (AXFR(|-style IXFR) (started|ended)|connected using|Transfer completed|failed while receiving responses: not exact)/) or
|
|
Packit |
57988d |
($ThisLine =~ /using \d+ CPU/) or
|
|
Packit |
57988d |
($ThisLine =~ /loading configuration/) or
|
|
Packit |
57988d |
($ThisLine =~ /command channel listening/) or
|
|
Packit |
57988d |
($ThisLine =~ /no IPv6 interfaces found/) or
|
|
Packit |
57988d |
($ThisLine =~ /^running/) or
|
|
Packit |
57988d |
($ThisLine =~ /^exiting/) or
|
|
Packit |
57988d |
($ThisLine =~ /no longer listening/) or
|
|
Packit |
57988d |
($ThisLine =~ /the default for the .* option is now/) or
|
|
Packit |
57988d |
($ThisLine =~ /stopping command channel on \S+/) or
|
|
Packit |
57988d |
($ThisLine =~ /Malformed response from/) or
|
|
Packit |
57988d |
($ThisLine =~ /client .* response from Internet for .*/) or
|
|
Packit |
57988d |
($ThisLine =~ /client .+ query \(cache\) '.*' denied/) or
|
|
Packit |
57988d |
($ThisLine =~ /client .+(?: \([^)]+\))?: query:/) or
|
|
Packit |
57988d |
# Do we really want to ignore these?
|
|
Packit |
57988d |
#($ThisLine =~ /unknown logging category/) or
|
|
Packit |
57988d |
($ThisLine =~ /could not open entropy source/) or
|
|
Packit |
57988d |
($ThisLine =~ /\/etc\/rndc.key: file not found/) or
|
|
Packit |
57988d |
($ThisLine =~ /sending notifies/) or
|
|
Packit |
57988d |
# file syntax error get reported twice and are already caught below
|
|
Packit |
57988d |
($ThisLine =~ /loading master file/) or
|
|
Packit |
57988d |
($ThisLine =~ /^ succeeded$/) or
|
|
Packit |
57988d |
($ThisLine =~ /\*\*\* POKED TIMER \*\*\*/) or
|
|
Packit |
57988d |
# The message about the end of transfer is the interesting one
|
|
Packit |
57988d |
($ThisLine =~ /: Transfer started./) or
|
|
Packit |
57988d |
($ThisLine =~ /D-BUS service (disabled|enabled)./) or
|
|
Packit |
57988d |
($ThisLine =~ /D-BUS dhcdbd subscription disabled./) or
|
|
Packit |
57988d |
($ThisLine =~ /automatic empty zone/) or
|
|
Packit |
57988d |
($ThisLine =~ /binding TCP socket: address in use/) or
|
|
Packit |
57988d |
($ThisLine =~ /dbus_mgr initialization failed. D-BUS service is disabled./) or
|
|
Packit |
57988d |
($ThisLine =~ /dbus_svc_add_filter failed/) or
|
|
Packit |
57988d |
($ThisLine =~ /isc_log_open 'named.run' failed: permission denied/) or
|
|
Packit |
57988d |
($ThisLine =~ /weak RSASHA1 \(5\) key found \(exponent=3\)/) or
|
|
Packit |
57988d |
($ThisLine =~ /Bad file descriptor/) or
|
|
Packit |
57988d |
($ThisLine =~ /open: .*: file not found/) or
|
|
Packit |
57988d |
($ThisLine =~ /queries: client [\.0-9a-fA-F#:]* view localhost_resolver: query: .* IN .*/) or
|
|
Packit |
57988d |
($ThisLine =~ /zone .*: NS '.*' is a CNAME \(illegal\)/) or
|
|
Packit |
57988d |
($ThisLine =~ /zone .*: zone serial unchanged. zone may fail to transfer to slaves/) or
|
|
Packit |
57988d |
($ThisLine =~ /zone .*: loading from master file .* failed/) or
|
|
Packit |
57988d |
($ThisLine =~ /zone .*: NS '.*' has no address records/) or
|
|
Packit |
57988d |
($ThisLine =~ /.*: not a valid number$/) or
|
|
Packit |
57988d |
($ThisLine =~ /.*: unexpected end of input/) or
|
|
Packit |
57988d |
($ThisLine =~ /too many timeouts resolving '.*' .*: disabling EDNS/) or
|
|
Packit |
57988d |
($ThisLine =~ /too many timeouts resolving '.*' .*: reducing the advertised EDNS UDP packet size to .* octets/) or
|
|
Packit |
57988d |
($ThisLine =~ /reloading zones succeeded/) or
|
|
Packit |
57988d |
($ThisLine =~ /generating session key/) or
|
|
Packit |
57988d |
($ThisLine =~ /success resolving '.*' \(in '.*'?\) after disabling EDNS/) or
|
|
Packit |
57988d |
($ThisLine =~ /success resolving '.*' \(in '.*'?\) after reducing the advertised EDNS UDP packet size to 512 octets/) or
|
|
Packit |
57988d |
($ThisLine =~ /the working directory is not writable/) or
|
|
Packit |
57988d |
($ThisLine =~ /using default UDP\/IPv[46] port range: \[[0-9]*, [0-9]*\]/) or
|
|
Packit |
57988d |
($ThisLine =~ /adjusted limit on open files from [0-9]* to [0-9]*/) or
|
|
Packit |
57988d |
($ThisLine =~ /using up to [0-9]* sockets/) or
|
|
Packit |
57988d |
($ThisLine =~ /built with/) or
|
|
Packit |
57988d |
($ThisLine =~ /TTL differs in rdataset, adjusting [0-9]* -> [0-9]*/) or
|
|
Packit |
57988d |
($ThisLine =~ /max open files \([0-9]*\) is smaller than max sockets \([0-9]*\)/) or
|
|
Packit |
57988d |
($ThisLine =~ /clients-per-query (?:de|in)creased to .*/) or
|
|
Packit |
57988d |
($ThisLine =~ /^must-be-secure resolving '.*': .*/) or
|
|
Packit |
57988d |
($ThisLine =~ /^(error \()?no valid (DS|KEY|RRSIG)\)? resolving '.*': .*/) or
|
|
Packit |
57988d |
($ThisLine =~ /^not insecure resolving '.*': .*/) or
|
|
Packit |
57988d |
($ThisLine =~ /^validating \@0x[[:xdigit:]]+: .* DS: must be secure failure/) or
|
|
Packit |
57988d |
($ThisLine =~ /^(error \()?broken trust chain\)? resolving '.*': .*/) or
|
|
Packit |
57988d |
($ThisLine =~ /journal file [^ ]* does not exist, creating it/) or
|
|
Packit |
57988d |
($ThisLine =~ /serial number \(\d+\) received from master/) or
|
|
Packit |
57988d |
($ThisLine =~ /zone is up to date/) or
|
|
Packit |
57988d |
($ThisLine =~ /refresh in progress, refresh check queued/) or
|
|
Packit |
57988d |
($ThisLine =~ /refresh: NODATA response from master/) or
|
|
Packit |
57988d |
($ThisLine =~ /update with no effect/) or
|
|
Packit |
57988d |
($ThisLine =~ /reading built-in trusted keys from file/) or
|
|
Packit |
57988d |
($ThisLine =~ /using built-in trusted-keys/) or
|
|
Packit |
57988d |
($ThisLine =~ /set up managed keys zone/) or
|
|
Packit |
57988d |
# the following seems okay since it says "success"
|
|
Packit |
57988d |
($ThisLine =~ /managed-keys-zone .*: No DNSKEY RRSIGs found for '.*': success/) or
|
|
Packit |
57988d |
($ThisLine =~ /validating \@0x[[:xdigit:]]+: .* no valid signature found/) or
|
|
Packit |
57988d |
($ThisLine =~ /^sizing zone task pool based on \d+ zones/) or
|
|
Packit |
57988d |
($ThisLine =~ /^BIND \d+ is maintained by Internet Systems Consortium/) or
|
|
Packit |
57988d |
($ThisLine =~ /a non-profit 501/) or
|
|
Packit |
57988d |
($ThisLine =~ /corporation. Support and training for BIND \d+ are/) or
|
|
Packit |
57988d |
($ThisLine =~ /available at https:\/\/www.isc.org\/support/) or
|
|
Packit |
57988d |
($ThisLine =~ /----------------------------------------------------/) or
|
|
Packit |
57988d |
($ThisLine =~ /next key event: /) or
|
|
Packit |
57988d |
($ThisLine =~ /reconfiguring zone keys/) or
|
|
Packit |
57988d |
($ThisLine =~ /using built-in DLV key/) or
|
|
Packit |
57988d |
($ThisLine =~ /reading built-in trusted keys from file/) or
|
|
Packit |
57988d |
($ThisLine =~ /all zones loaded/) or
|
|
Packit |
57988d |
($ThisLine =~ /client .* signer .* approved/) or
|
|
Packit |
57988d |
# ignore this line because the following line describes the error
|
|
Packit |
57988d |
($ThisLine =~ /unexpected error/)
|
|
Packit |
57988d |
) {
|
|
Packit |
57988d |
# Don't care about these...
|
|
Packit |
57988d |
} elsif (
|
|
Packit |
57988d |
($ThisLine =~ /starting\..*named/) or
|
|
Packit |
57988d |
($ThisLine =~ /starting BIND/) or
|
|
Packit |
57988d |
($ThisLine =~ /named startup succeeded/)
|
|
Packit |
57988d |
) {
|
|
Packit |
57988d |
$StartNamed++;
|
|
Packit |
57988d |
} elsif ( $ThisLine =~ /(reloading nameserver|named reload succeeded)/ ) {
|
|
Packit |
57988d |
$ReloadNamed++;
|
|
Packit |
57988d |
} elsif (
|
|
Packit |
57988d |
($ThisLine =~ /shutting down/) or
|
|
Packit |
57988d |
($ThisLine =~ /named shutting down/ ) or
|
|
Packit |
57988d |
($ThisLine =~ /named shutdown succeeded/ )
|
|
Packit |
57988d |
) {
|
|
Packit |
57988d |
$ShutdownNamed++;
|
|
Packit |
57988d |
} elsif ( $ThisLine =~ /named shutdown failed/ ) {
|
|
Packit |
57988d |
$ShutdownNamedFail++;
|
|
Packit |
57988d |
} elsif ( (($Host, $Zone) = ( $ThisLine =~ /client ([^\#]+)#[^\:]+: (?:view \w+: )?zone transfer '(.+)' denied/ )) or
|
|
Packit |
57988d |
(($Host, $Zone) = ( $ThisLine =~ /client ([^\#]+)#[^\:]+: (?:view \w+: )?bad zone transfer request: '(.+)':/ )) ) {
|
|
Packit |
57988d |
$DeniedZoneTransfers{$Host}{$Zone}++;
|
|
Packit |
57988d |
} elsif ( ($Zone) = ( $ThisLine =~ /zone (.+) zone transfer deferred due to quota/ ) ) {
|
|
Packit |
57988d |
$DeferredZoneTransfers{$Zone}++;
|
|
Packit |
57988d |
} elsif ( ($Zone, $Host) = ( $ThisLine =~ /transfer of '(.+)' from ([^\#]+)#[^\:]+: failed/ ) ) {
|
|
Packit |
57988d |
$FailedZoneTransfers{$Host}{$Zone}++;
|
|
Packit |
57988d |
} elsif ( ($Zone) = ( $ThisLine =~ /cache zone \"(.*)\" loaded/ ) ) {
|
|
Packit |
57988d |
$ZoneLoaded{"cache $Zone"}++;
|
|
Packit |
57988d |
} elsif ( ($Zone) = ( $ThisLine =~ /cache zone \"(.*)\" .* loaded/ ) ) {
|
|
Packit |
57988d |
$ZoneLoaded{"cache $Zone"}++;
|
|
Packit |
57988d |
} elsif ( ($Zone) = ( $ThisLine =~ /automatic empty zone: (.*)/ ) ) {
|
|
Packit |
57988d |
$ZoneLoaded{"automatic empty zone $Zone"}++;
|
|
Packit |
57988d |
} elsif ( ($Zone) = ( $ThisLine =~ /primary zone \"(.+)\" loaded/ ) ) {
|
|
Packit |
57988d |
$ZoneLoaded{$Zone}++;
|
|
Packit |
57988d |
} elsif ( ($Zone) = ( $ThisLine =~ /master zone \"(.+)\" .* loaded/ ) ) {
|
|
Packit |
57988d |
$ZoneLoaded{$Zone}++;
|
|
Packit |
57988d |
} elsif ( ($Zone) = ( $ThisLine =~ /secondary zone \"(.+)\" loaded/ ) ) {
|
|
Packit |
57988d |
$ZoneLoaded{"secondary $Zone"}++;
|
|
Packit |
57988d |
} elsif ( ($Zone) = ( $ThisLine =~ /slave zone \"(.+)\" .* loaded/ ) ) {
|
|
Packit |
57988d |
$ZoneLoaded{"secondary $Zone"}++;
|
|
Packit |
57988d |
} elsif ( ($Zone) = ( $ThisLine =~ /zone (.+): expired/ ) ) {
|
|
Packit |
57988d |
$ZoneExpired{$Zone}++;
|
|
Packit |
57988d |
} elsif ( ($Zone) = ( $ThisLine =~ /zone (.+): loaded serial/ ) ) {
|
|
Packit |
57988d |
$ZoneLoaded{$Zone}++;
|
|
Packit |
57988d |
} elsif ( (undef,$Addr,$Server) = ( $ThisLine =~ /(C|c)onnection refused\)? resolving '(.+)': (.+)/ ) ) {
|
|
Packit |
57988d |
$ConnectionRefused{$Addr}{$Server}++;
|
|
Packit |
57988d |
} elsif ( (undef,$Addr,undef,$Server) = ( $ThisLine =~ /ame server (on|resolving) '(.+)' \(in .+\):\s+(\[.+\]\.\d+)?\s*'?(.+)'?:?/ ) ) {
|
|
Packit |
57988d |
$LameServer{$Addr}{$Server}++;
|
|
Packit |
57988d |
} elsif ( (($Zone) = ( $ThisLine =~ /Zone \"(.+)\" was removed/ )) or
|
|
Packit |
57988d |
(($Zone) = ( $ThisLine =~ /zone (.+): \(.*\) removed/ )) ) {
|
|
Packit |
57988d |
$ZoneRemoved{$Zone}++;
|
|
Packit |
57988d |
} elsif ( ($Zone) = ( $ThisLine =~ /received notify for zone '(.*)'/ ) ) {
|
|
Packit |
57988d |
$ZoneReceivedNotify{$Zone}++;
|
|
Packit |
57988d |
} elsif ( ($Zone) = ( $ThisLine =~ /zone (.*): notify from .* up to date/ ) ) {
|
|
Packit |
57988d |
$ZoneReceivedNotify{$Zone}++;
|
|
Packit |
57988d |
} elsif ( ($Zone) = ( $ThisLine =~ /zone (.+): refused notify from non-master/ ) ) {
|
|
Packit |
57988d |
$ZoneRefusedNotify{$Zone}++;
|
|
Packit |
57988d |
# } elsif ( ($Rhost,$Ldom,$Reason) = ( $ThisLine =~ /client ([\d\.a-fA-F:]+) bad zone transfer request: '(.+)': (.+)$/ ) ) {
|
|
Packit |
57988d |
} elsif ( ($Rhost,$Ldom,$Reason) = ( $ThisLine =~ /client ([\.0-9a-fA-F:]+)#\d+: bad zone transfer request: '(.+)': (.+)/ ) ) {
|
|
Packit |
57988d |
$BadZone{$Reason}{"$Rhost ($Ldom)"}++;
|
|
Packit |
57988d |
} elsif ( ($Host) = ( $ThisLine =~ /([^ ]+) has CNAME and other data \(invalid\)/ ) ) {
|
|
Packit |
57988d |
push @CNAMEAndOther, $Host;
|
|
Packit |
57988d |
} elsif ( ($File,$Line,$Entry,$Error) = ( $ThisLine =~ /dns_master_load: ([^:]+):(\d+): ([^ ]+): (.+)$/ ) ) {
|
|
Packit |
57988d |
$ZoneFileErrors{$File}{"$Entry: $Error"}++;
|
|
Packit |
57988d |
} elsif ( ($File,$Line,$Entry,$Error) = ( $ThisLine =~ /warning: ([^:]+):(\d+): (.+)$/ ) ) {
|
|
Packit |
57988d |
$ZoneFileErrors{$File}{"file does not end with newline: $Error"}++;
|
|
Packit |
57988d |
} elsif ( ($Way,$Host) = ( $ThisLine =~ /([^ ]+): sendto\(\[([^ ]+)\].+\): Network is unreachable/ ) ) {
|
|
Packit |
57988d |
$FullHost = LookupIP ($Host);
|
|
Packit |
57988d |
$NetworkUnreachable{$Way}{$FullHost}++;
|
|
Packit |
57988d |
} elsif ( ($Zone,$Message) = ( $ThisLine =~ /client [^\#]+#[^\:]+: (?:view \w+: )?updating zone '([^\:]+)': (.*)$/ ) ) {
|
|
Packit |
57988d |
$ZoneUpdates{$Zone}{$Message}++;
|
|
Packit |
57988d |
} elsif ( ($Host,$Zone) = ( $ThisLine =~ /approved AXFR from \[(.+)\]\..+ for \"(.+)\"/ ) ) {
|
|
Packit |
57988d |
$FullHost = LookupIP ($Host);
|
|
Packit |
57988d |
$AXFR{$Zone}{$FullHost}++;
|
|
Packit |
57988d |
} elsif ( ($Client) = ( $ThisLine =~ /warning: client (.*) no more TCP clients/ ) ) {
|
|
Packit |
57988d |
$FullClient = LookupIP ($Client);
|
|
Packit |
57988d |
$DeniedTCPClient{$FullClient}++;
|
|
Packit |
57988d |
} elsif ( ($Client) = ( $ThisLine =~ /client (.*)#\d+: (?:view \w+: )?query \(cache\) denied/ ) ) {
|
|
Packit |
57988d |
$FullClient = LookupIP ($Client);
|
|
Packit |
57988d |
$DeniedQuery{$FullClient}++;
|
|
Packit |
57988d |
} elsif ( ($Client) = ( $ThisLine =~ /client (.*)#\d+: query '.*' denied/ ) ) {
|
|
Packit |
57988d |
$FullClient = LookupIP ($Client);
|
|
Packit |
57988d |
$DeniedQueryNoCache{$FullClient}++;
|
|
Packit |
57988d |
} elsif ( ($Rhost, $ViewName, $Ldom) = ($ThisLine =~ /client ([\.0-9a-fA-F:]+)#\d+: (?:view \w+: )?update '(.*)' denied/)) {
|
|
Packit |
57988d |
$ViewName = ($ViewName ? "/$ViewName" : "");
|
|
Packit |
57988d |
$UpdateDenied{"$Rhost ($Ldom$ViewName)"}++;
|
|
Packit |
57988d |
} elsif ( ($Rhost, $Ldom) = ($ThisLine =~ /client ([\d\.]+)#\d+: update forwarding '(.*)' denied/)) {
|
|
Packit |
57988d |
$UpdateForwardingDenied{"$Rhost ($Ldom)"}++;
|
|
Packit |
57988d |
} elsif ( ($Zone) = ($ThisLine =~ /zone '([0-9a-zA-Z.-]+)' allows updates by IP address, which is insecure/)) {
|
|
Packit |
57988d |
$InsecUpdate{$Zone}++;
|
|
Packit |
57988d |
} elsif ( ($Zone) = ($ThisLine =~ /zone ([0-9a-zA-Z.\/-]+): journal rollforward failed: journal out of sync with zone/)) {
|
|
Packit |
57988d |
$JournalFail{$Zone}++;
|
|
Packit |
57988d |
} elsif ( ($Channel,$Reason) = ($ThisLine =~ /couldn't add command channel (.+#\d+): (.*)$/)) {
|
|
Packit |
57988d |
$ChannelAddFail{$Channel}{$Reason}++;
|
|
Packit |
57988d |
} elsif ( ($Zone,$Host,$Reason) = ($ThisLine =~ /zone ([^ ]*): refresh: failure trying master ([^ ]*)#\d+: (.*)/) ) {
|
|
Packit |
57988d |
$MasterFailure{"$Zone from $Host"}{$Reason}++;
|
|
Packit |
57988d |
} elsif ( ($Zone,$Reason,$Host) = ($ThisLine =~ /zone ([^ ]*): refresh: unexpected rcode \((.*)\) from master ([^ ]*)#\d+/) ) {
|
|
Packit |
57988d |
$MasterFailure{"$Zone from $Host"}{$Reason}++;
|
|
Packit |
57988d |
} elsif ( ($Zone) = ($ThisLine =~ /zone ([^\/]+)\/.+: refresh: non-authoritative answer from master/)) {
|
|
Packit |
57988d |
$NonAuthoritative{$Zone}++;
|
|
Packit |
57988d |
} elsif ( ($Zone) = ($ThisLine =~ /zone ([^\/]+)\/.+: refresh: retry limit for master \S+ exceeded/) ) {
|
|
Packit |
57988d |
$RetryLimit{$Zone}++;
|
|
Packit |
57988d |
} elsif ( ($Rcode, $Zone, $Host) = ($ThisLine =~ /(?:error \()?unexpected RCODE\)? \(?(.*?)\)? resolving '(.*)': (.*)$/) ){
|
|
Packit |
57988d |
$UnexpRCODE{$Rcode}{$Zone}{$Host}++;
|
|
Packit |
57988d |
} elsif ( ($ThisLine =~ /(?:error \()?FORMERR\)? resolving '[^ ]+: [.0-9a-fA-F:#]+/) or
|
|
Packit |
57988d |
($ThisLine =~ /DNS format error from [^ ]+ resolving [^ ]+( for client [^ ]+)?: .*/) ) {
|
|
Packit |
57988d |
chomp($ThisLine);
|
|
Packit |
57988d |
$FormErr{$ThisLine}++;
|
|
Packit |
57988d |
} elsif ( ($ThisLine =~ /found [0-9]* CPU(s)?, using [0-9]* worker thread(s)?/) ) {
|
|
Packit |
57988d |
chomp($ThisLine);
|
|
Packit |
57988d |
$StartLog{$ThisLine}++;
|
|
Packit |
57988d |
} elsif ( (($File,$Line,$Problem) = ($ThisLine =~ /\/etc\/(rndc.key|named.conf):([0-9]+): (unknown option '[^ ]*')/)) or
|
|
Packit |
57988d |
(($File,$Line,$Problem) = ($ThisLine =~ /\/etc\/(rndc.key|named.conf):([0-9]+): ('[^ ]' expected near end of file)/)) or
|
|
Packit |
57988d |
(($File,$Line,$Problem) = ($ThisLine =~ /\/etc\/(named.*.conf):([0-9]+): (.*)/)) or
|
|
Packit |
57988d |
(($File,$Line,$Problem) = ($ThisLine =~ /()()(could not configure root hints from '.*': file not found)/))) {
|
|
Packit |
57988d |
$ConfProb{$File}{"$Line,$Problem"}++;
|
|
Packit |
57988d |
} elsif ( (($ErrorText) = ($ThisLine =~ /^(RUNTIME_CHECK.*)/))or
|
|
Packit |
57988d |
(($ErrorText) = ($ThisLine =~ /^(.* REQUIRE.* failed.*)$/)) or
|
|
Packit |
57988d |
(($ErrorText) = ($ThisLine =~ /(.*: fatal error)/)) ) {
|
|
Packit |
57988d |
$NError{$ErrorText}++;
|
|
Packit |
57988d |
} elsif ( (($ErrorText) = ($ThisLine =~ /^(internal_accept: fcntl\(\) failed: Too many open files)/)) or
|
|
Packit |
57988d |
(($ErrorText) = ($ThisLine =~ /^(socket: too many open file descriptors)/)) ) {
|
|
Packit |
57988d |
$ErrOpenFiles{$ErrorText}++;
|
|
Packit |
57988d |
} elsif ( ($From,$Log) = ($ThisLine =~ /invalid command from ([\.0-9a-fA-F:]*)#[0-9]*: (.*)/) ) {
|
|
Packit |
57988d |
$CCMessages{"$From,$Log"}++;
|
|
Packit |
57988d |
} elsif ( (($Log) = ($ThisLine =~ /(freezing .*zone.*)/)) or
|
|
Packit |
57988d |
(($Log) = ($ThisLine =~ /(thawing .*zone.*)/)) ) {
|
|
Packit |
57988d |
$CCMessages2{$Log}++;
|
|
Packit |
57988d |
} elsif (($CCC) = ($ThisLine =~ /unknown control channel command '(.*)'/)) {
|
|
Packit |
57988d |
$UnknownCCCommands{$CCC}++;
|
|
Packit |
57988d |
} elsif (($CCC) = ($ThisLine =~ /received control channel command '(.*)'/)) {
|
|
Packit |
57988d |
$CCCommands{$CCC}++;
|
|
Packit |
57988d |
} elsif (($Name,$Address) = ($ThisLine =~ /(?:error \()?network unreachable\)? resolving '(.*)': (.*)/)) {
|
|
Packit |
57988d |
$NUR{$Name}{$Address}++;
|
|
Packit |
57988d |
} elsif (($Name,$Address) = ($ThisLine =~ /(?:error \()?host unreachable\)? resolving '(.*)': (.*)/)) {
|
|
Packit |
57988d |
$HUR{$Name}{$Address}++;
|
|
Packit |
57988d |
} elsif (($Client) = ($ThisLine =~ /client ([\da-fA-F.:]+)(?:#\d*:)? notify question section contains no SOA/)) {
|
|
Packit |
57988d |
$NoSOA{$Client}++;
|
|
Packit |
57988d |
} elsif (($Hint) = ($ThisLine =~ /checkhints: (.*)/) ) {
|
|
Packit |
57988d |
$Hints{$Hint}++;
|
|
Packit |
57988d |
} elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): got insecure response; parent indicates it should be secure/)) {
|
|
Packit |
57988d |
$DNSSECInsec{'__Total__'}++;
|
|
Packit |
57988d |
$DNSSECInsec{$Zone}{$RR}++;
|
|
Packit |
57988d |
} elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): no valid signature found/)) {
|
|
Packit |
57988d |
$DNSSECInvalid{'__Total__'}++;
|
|
Packit |
57988d |
$DNSSECInvalid{$Zone}{$RR}++;
|
|
Packit |
57988d |
} elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): bad cache hit/)) {
|
|
Packit |
57988d |
$DNSSECBadCache{'__Total__'}++;
|
|
Packit |
57988d |
$DNSSECBadCache{$Zone}{$RR}++;
|
|
Packit |
57988d |
} elsif (($Error,$Host) = ($ThisLine =~ /error \((.*)\) resolving '([^']+)':/)) {
|
|
Packit |
57988d |
$DNSSECError{$Error}{'__Total__'}++;
|
|
Packit |
57988d |
$DNSSECError{$Error}{$Host}++;
|
|
Packit |
57988d |
} elsif ($ThisLine =~ /^samba_dlz:/) {
|
|
Packit |
57988d |
if ( ($Rhost, $Error) = ($ThisLine =~ /disallowing update of signer=.* name=(.*) type=.* error=(.*)/ )) {
|
|
Packit |
57988d |
$UpdateDenied{"$Rhost ($Error)"}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
# ignore rest of samba4 dlz entries for now
|
|
Packit |
57988d |
} else {
|
|
Packit |
57988d |
# Report any unmatched entries...
|
|
Packit |
57988d |
# remove PID from named messages
|
|
Packit |
57988d |
$ThisLine =~ s/(client [\.0-9a-fA-F:]+)\S+/$1/;
|
|
Packit |
57988d |
chomp($ThisLine);
|
|
Packit |
57988d |
$OtherList{$ThisLine}++;
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
#######################################
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( keys %ZoneExpired ) {
|
|
Packit |
57988d |
print "\nZones expired:\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort {$a cmp $b} keys %ZoneExpired) {
|
|
Packit |
57988d |
print " $ThisOne: $ZoneExpired{$ThisOne} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( keys %FailedZoneTransfers ) {
|
|
Packit |
57988d |
print "\nFailed Zone Transfers:\n";
|
|
Packit |
57988d |
foreach my $Host (keys %FailedZoneTransfers) {
|
|
Packit |
57988d |
print " $Host:\n";
|
|
Packit |
57988d |
foreach my $Zone (keys %{$FailedZoneTransfers{$Host}}) {
|
|
Packit |
57988d |
print " $Zone: $FailedZoneTransfers{$Host}{$Zone} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( keys %DeniedZoneTransfers ) {
|
|
Packit |
57988d |
print "\nDenied Zone Transfers:\n";
|
|
Packit |
57988d |
foreach my $Host (keys %DeniedZoneTransfers) {
|
|
Packit |
57988d |
print " $Host:\n";
|
|
Packit |
57988d |
foreach my $Zone (keys %{$DeniedZoneTransfers{$Host}}) {
|
|
Packit |
57988d |
print " $Zone: $DeniedZoneTransfers{$Host}{$Zone} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( keys %UpdateDenied ) {
|
|
Packit |
57988d |
print "\nZone update refused:\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort {$a cmp $b} keys %UpdateDenied) {
|
|
Packit |
57988d |
print " $ThisOne: $UpdateDenied{$ThisOne} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( keys %UpdateForwardingDenied ) {
|
|
Packit |
57988d |
print "\nZone update forwarding refused:\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort {$a cmp $b} keys %UpdateForwardingDenied) {
|
|
Packit |
57988d |
print " $ThisOne: $UpdateForwardingDenied{$ThisOne} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( keys %InsecUpdate ) {
|
|
Packit |
57988d |
print "\nInsecure zones (dynamic update allowed by IP address):\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort {$a cmp $b} keys %InsecUpdate) {
|
|
Packit |
57988d |
print " " . $ThisOne . ": " . $InsecUpdate{$ThisOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( keys %JournalFail ) {
|
|
Packit |
57988d |
print "\nJournall rollforward failed:\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort {$a cmp $b} keys %JournalFail) {
|
|
Packit |
57988d |
print " " . $ThisOne . ": " . $JournalFail{$ThisOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %ConfProb) {
|
|
Packit |
57988d |
print "\nErrors in configuration files\n";
|
|
Packit |
57988d |
foreach $File (sort keys %ConfProb) {
|
|
Packit |
57988d |
if ($File =~ /.+/) {
|
|
Packit |
57988d |
print " file " . $File . "\n";
|
|
Packit |
57988d |
foreach (keys %{$ConfProb{$File}}) {
|
|
Packit |
57988d |
($Line,$Problem) = split ",";
|
|
Packit |
57988d |
print " " . $File . ":" . "$Line" . ": " . $Problem . ": " . $ConfProb{$File}{"$Line,$Problem"} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
else {
|
|
Packit |
57988d |
foreach (keys %{$ConfProb{$File}}) {
|
|
Packit |
57988d |
($Line,$Problem) = split ",";
|
|
Packit |
57988d |
print " " . $Problem . ": " . $ConfProb{$File}{"$Line,$Problem"} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %NError) {
|
|
Packit |
57988d |
print "\nErrors:\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %NError) {
|
|
Packit |
57988d |
print " " . $ThisOne . ": " . $NError{$ThisOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %ErrOpenFiles) {
|
|
Packit |
57988d |
print "\nThe following seams to be caused by the patches for CVE-2008-1447.";
|
|
Packit |
57988d |
print "\nPlease update your bind.\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %ErrOpenFiles) {
|
|
Packit |
57988d |
print " " . $ThisOne . ": " . $ErrOpenFiles{$ThisOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ((keys %CCMessages) or (keys %CCMessages2)){
|
|
Packit |
57988d |
print "\nMessages from control channel\n";
|
|
Packit |
57988d |
foreach (keys %CCMessages) {
|
|
Packit |
57988d |
($From,$Log) = split ",";
|
|
Packit |
57988d |
print " " . $From . ": " . $Log . ": " . $CCMessages{"$From,$Log"} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
foreach $ThisOne (keys %CCMessages2) {
|
|
Packit |
57988d |
print " " . $ThisOne . ": " . $CCMessages2{$ThisOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 5 ) and ($StartNamed) ) {
|
|
Packit |
57988d |
print "\nNamed started: $StartNamed Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 5 ) and ($ReloadNamed) ) {
|
|
Packit |
57988d |
print "Named reloaded: $ReloadNamed Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 5 ) and ($ShutdownNamed) ) {
|
|
Packit |
57988d |
print "Named shutdown: $ShutdownNamed Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 5 ) and ($ShutdownNamedFail) ) {
|
|
Packit |
57988d |
print "Named shutdown failed: $ShutdownNamedFail Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 5 ) and (keys %ZoneLoaded) ) {
|
|
Packit |
57988d |
print "\nLoaded Zones:\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort {$a cmp $b} keys %ZoneLoaded) {
|
|
Packit |
57988d |
print " $ThisOne: $ZoneLoaded{$ThisOne} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 5 ) and (keys %ZoneReceivedNotify) ) {
|
|
Packit |
57988d |
print "\nZones receiving notify:\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort {$a cmp $b} keys %ZoneReceivedNotify) {
|
|
Packit |
57988d |
print " $ThisOne: $ZoneReceivedNotify{$ThisOne} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 5 ) and (keys %ZoneRefusedNotify) ) {
|
|
Packit |
57988d |
print "\nZones refused notify:\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort {$a cmp $b} keys %ZoneRefusedNotify) {
|
|
Packit |
57988d |
print " $ThisOne: $ZoneRefusedNotify{$ThisOne} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ($Detail >= 5) and (keys %ChannelAddFail) ) {
|
|
Packit |
57988d |
print "\nCan't add command channel:\n";
|
|
Packit |
57988d |
foreach $Channel (sort {$a cmp $b} keys %ChannelAddFail) {
|
|
Packit |
57988d |
print " $Channel:\n";
|
|
Packit |
57988d |
foreach $Reason (sort {$a cmp $b} keys %{$ChannelAddFail{$Channel}}) {
|
|
Packit |
57988d |
print " $Reason: $ChannelAddFail{$Channel}{$Reason} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ($Detail >= 5) and (keys %MasterFailure) ) {
|
|
Packit |
57988d |
print "\nFailure trying to refresh zone:\n";
|
|
Packit |
57988d |
foreach $Zone (sort {$a cmp $b} keys %MasterFailure) {
|
|
Packit |
57988d |
print " $Zone:\n";
|
|
Packit |
57988d |
foreach $Reason (sort {$a cmp $b} keys %{$MasterFailure{$Zone}}) {
|
|
Packit |
57988d |
print " $Reason: $MasterFailure{$Zone}{$Reason} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 5 ) and (keys %DeferredZoneTransfers) ) {
|
|
Packit |
57988d |
print "\nDeferred Zone Transfers:\n";
|
|
Packit |
57988d |
foreach my $Zone (keys %DeferredZoneTransfers) {
|
|
Packit |
57988d |
print " $Zone: $DeferredZoneTransfers{$Zone} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 5 ) and (keys %ZoneRemoved) ) {
|
|
Packit |
57988d |
print "\nRemoved Zones:\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort {$a cmp $b} keys %ZoneRemoved) {
|
|
Packit |
57988d |
print " $ThisOne: $ZoneRemoved{$ThisOne} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 5 ) and (keys %AXFR) ) {
|
|
Packit |
57988d |
print "\nZone Transfers:\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %AXFR) {
|
|
Packit |
57988d |
print " Zone: $ThisOne\n";
|
|
Packit |
57988d |
foreach $Temp (keys %{$AXFR{$ThisOne}}) {
|
|
Packit |
57988d |
print " by $Temp: $AXFR{$ThisOne}{$Temp} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 10 ) and (keys %BadZone) ) {
|
|
Packit |
57988d |
print "\nBad Zone Transfer Request:\n";
|
|
Packit |
57988d |
foreach $Reason (keys %BadZone) {
|
|
Packit |
57988d |
print " Reason: $Reason\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort {$a cmp $b} (keys %{$BadZone{$Reason}}) ) {
|
|
Packit |
57988d |
print " $ThisOne: $BadZone{$Reason}{$ThisOne} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 5 ) and (keys %DeniedTCPClient) ) {
|
|
Packit |
57988d |
print "\nno more TCP clients warning:\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %DeniedTCPClient) {
|
|
Packit |
57988d |
print " from $ThisOne: $DeniedTCPClient{$ThisOne} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 5 ) and (keys %DeniedQuery) ) {
|
|
Packit |
57988d |
print "\nQueries (cached) that were denied:\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %DeniedQuery) {
|
|
Packit |
57988d |
print " from $ThisOne: $DeniedQuery{$ThisOne} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 10 ) and (keys %DeniedQueryNoCache) ) {
|
|
Packit |
57988d |
print "\nQueries (not cached) that were denied:\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort {$a cmp $b} keys %DeniedQueryNoCache) {
|
|
Packit |
57988d |
print " from $ThisOne: $DeniedQueryNoCache{$ThisOne} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 10 ) and (@CNAMEAndOther) ) {
|
|
Packit |
57988d |
print "\nThese hosts have CNAME and other data (invalid):\n";
|
|
Packit |
57988d |
foreach $ThisOne (@CNAMEAndOther) {
|
|
Packit |
57988d |
print " $ThisOne\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 5 ) and (keys %ZoneFileErrors) ) {
|
|
Packit |
57988d |
print "\nSyntax errors in zone files:\n";
|
|
Packit |
57988d |
for $File (keys %ZoneFileErrors) {
|
|
Packit |
57988d |
print " $File\n";
|
|
Packit |
57988d |
for $Error ( keys %{$ZoneFileErrors{$File}} ) {
|
|
Packit |
57988d |
print " \"$Error\" " . $ZoneFileErrors{$File}{$Error} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 10 ) and (keys %ConnectionRefused) ) {
|
|
Packit |
57988d |
print "\nConnection refused resolving:\n";
|
|
Packit |
57988d |
foreach $Addr (sort keys %ConnectionRefused) {
|
|
Packit |
57988d |
print " $Addr:\n";
|
|
Packit |
57988d |
foreach $Server (sort SortIP keys %{$ConnectionRefused{$Addr}}) {
|
|
Packit |
57988d |
print " $Server: $ConnectionRefused{$Addr}{$Server} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 10 ) and (keys %LameServer) ) {
|
|
Packit |
57988d |
print "\nThese addresses had lame server references:\n";
|
|
Packit |
57988d |
foreach $Addr (sort keys %LameServer) {
|
|
Packit |
57988d |
print " $Addr:\n";
|
|
Packit |
57988d |
foreach $Server (sort SortIP keys %{$LameServer{$Addr}}) {
|
|
Packit |
57988d |
print " $Server: $LameServer{$Addr}{$Server} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 10 ) and (keys %NonAuthoritative) ) {
|
|
Packit |
57988d |
print "\nNon-authoritative answer from master for these zones:\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %NonAuthoritative) {
|
|
Packit |
57988d |
print " " . $ThisOne . ": " . $NonAuthoritative{$ThisOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ($Detail >= 10) and (keys %RetryLimit) ) {
|
|
Packit |
57988d |
print "\nRetry limit exceeded for these zones:\n";
|
|
Packit |
57988d |
foreach $Zone (sort {$a cmp $b} keys %RetryLimit) {
|
|
Packit |
57988d |
print " $Zone: $RetryLimit{$Zone} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ($Detail >= 10) and (keys %NoSOA) ) {
|
|
Packit |
57988d |
print "\nNotify question sections of these clients contained no SOA:\n";
|
|
Packit |
57988d |
foreach $Client (sort {$a cmp $b} keys %NoSOA) {
|
|
Packit |
57988d |
print " $Client: $NoSOA{$Client} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 10 ) and (keys %NetworkUnreachable) ) {
|
|
Packit |
57988d |
print "\nNetwork is unreachable for:\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort {$a cmp $b} keys %NetworkUnreachable) {
|
|
Packit |
57988d |
print " $ThisOne:\n";
|
|
Packit |
57988d |
foreach $Host (sort {$a cmp $b} keys %{$NetworkUnreachable{$ThisOne}}) {
|
|
Packit |
57988d |
print " $Host: $NetworkUnreachable{$ThisOne}{$Host} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 10 ) and (keys %NUR) ) {
|
|
Packit |
57988d |
print "\nNetwork unreachable resolving for:\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort {$a cmp $b} keys %NUR) {
|
|
Packit |
57988d |
print " $ThisOne:\n";
|
|
Packit |
57988d |
foreach $Host (sort {$a cmp $b} keys %{$NUR{$ThisOne}}) {
|
|
Packit |
57988d |
print " $Host: $NUR{$ThisOne}{$Host} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 10 ) and (keys %HUR) ) {
|
|
Packit |
57988d |
print "\nHost unreachable resolving for:\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort {$a cmp $b} keys %HUR) {
|
|
Packit |
57988d |
print " $ThisOne:\n";
|
|
Packit |
57988d |
foreach $Host (sort {$a cmp $b} keys %{$HUR{$ThisOne}}) {
|
|
Packit |
57988d |
print " $Host: $HUR{$ThisOne}{$Host} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if ( ( $Detail >= 5 ) and (keys %ZoneUpdates) ) {
|
|
Packit |
57988d |
print "\nZone Updates:\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort {$a cmp $b} keys %ZoneUpdates) {
|
|
Packit |
57988d |
print " $ThisOne:\n";
|
|
Packit |
57988d |
foreach $Message (sort {$a cmp $b} keys %{$ZoneUpdates{$ThisOne}}) {
|
|
Packit |
57988d |
print " $Message: $ZoneUpdates{$ThisOne}{$Message} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (($Detail >= 5) and (keys %UnexpRCODE)) {
|
|
Packit |
57988d |
print "\n Unexpected DNS RCODEs:\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort {$a cmp $b} keys %UnexpRCODE) {
|
|
Packit |
57988d |
print " " . $ThisOne . ":\n";
|
|
Packit |
57988d |
foreach $Zone (sort {$a cmp $b} keys %{$UnexpRCODE{$ThisOne}}) {
|
|
Packit |
57988d |
print " " . $Zone . ":\n";
|
|
Packit |
57988d |
foreach $Host (sort SortIP keys %{$UnexpRCODE{$ThisOne}{$Zone}}) {
|
|
Packit |
57988d |
print " " . $Host . ": " . $UnexpRCODE{$ThisOne}{$Zone}{$Host} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (($Detail >= 5) and (keys %FormErr)) {
|
|
Packit |
57988d |
print "\n Incorrect response format:\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %FormErr) {
|
|
Packit |
57988d |
print " " . $ThisOne . ": " . $FormErr{$ThisOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (($Detail >= 10) and (keys %StartLog)) {
|
|
Packit |
57988d |
print "\n Named startup logs:\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %StartLog) {
|
|
Packit |
57988d |
print " " . $ThisOne . ": " . $StartLog{$ThisOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (($Detail and (keys %CCCommands)) or (keys %UnknownCCCommands)) {
|
|
Packit |
57988d |
print "\nReceived control channel commands\n";
|
|
Packit |
57988d |
foreach $ThisOne (keys %CCCommands) {
|
|
Packit |
57988d |
print " " . $ThisOne . ": " . $CCCommands{$ThisOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
foreach $ThisOne (keys %UnknownCCCommands) {
|
|
Packit |
57988d |
print " " . $ThisOne . "(unknown command): " . $CCCommands{$ThisOne} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %Hints) {
|
|
Packit |
57988d |
print "\nCheckhints:\n";
|
|
Packit |
57988d |
foreach $ThisOne (sort {$a cmp $b} keys %Hints) {
|
|
Packit |
57988d |
print " " .$ThisOne .": $Hints{$ThisOne} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (($Detail >= 5) and (keys %DNSSECInsec)) {
|
|
Packit |
57988d |
print "\n DNSSEC Insecure Responses: " . $DNSSECInsec{'__Total__'} . " Time(s)\n";
|
|
Packit |
57988d |
foreach $Zone (sort keys %DNSSECInsec) {
|
|
Packit |
57988d |
if (($Detail >= 10) and ($Zone =~ /.+/) and ($Zone ne '__Total__')) {
|
|
Packit |
57988d |
foreach $RR (sort keys %{$DNSSECInsec{$Zone}}) {
|
|
Packit |
57988d |
print " " . "$Zone/$RR: " . $DNSSECInsec{$Zone}{$RR} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (($Detail >= 5) and (keys %DNSSECInvalid)) {
|
|
Packit |
57988d |
print "\n DNSSEC No Valid Signature: " . $DNSSECInvalid{'__Total__'} . " Time(s)\n";
|
|
Packit |
57988d |
foreach $Zone (sort keys %DNSSECInvalid) {
|
|
Packit |
57988d |
if (($Detail >= 10) and ($Zone =~ /.+/) and ($Zone ne '__Total__')) {
|
|
Packit |
57988d |
foreach $RR (sort keys %{$DNSSECInvalid{$Zone}}) {
|
|
Packit |
57988d |
print " " . "$Zone/$RR: " . $DNSSECInvalid{$Zone}{$RR} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (($Detail >= 5) and (keys %DNSSECBadCache)) {
|
|
Packit |
57988d |
print "\n DNSSEC Bad Cache hit: " . $DNSSECBadCache{'__Total__'} . " Time(s)\n";
|
|
Packit |
57988d |
foreach $Zone (sort keys %DNSSECBadCache) {
|
|
Packit |
57988d |
if (($Detail >= 10) and ($Zone =~ /.+/) and ($Zone ne '__Total__')) {
|
|
Packit |
57988d |
foreach $RR (sort keys %{$DNSSECBadCache{$Zone}}) {
|
|
Packit |
57988d |
print " " . "$Zone/$RR: " . $DNSSECBadCache{$Zone}{$RR} . " Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (($Detail >= 5) and (keys %DNSSECError)) {
|
|
Packit |
57988d |
print "\n DNS Errors:\n";
|
|
Packit |
57988d |
foreach $Error (sort keys %DNSSECError) {
|
|
Packit |
57988d |
print " $Error: " . $DNSSECError{$Error}{'__Total__'} . " Time(s)\n";
|
|
Packit |
57988d |
if ($Detail >= 10) {
|
|
Packit |
57988d |
foreach $Host (sort keys %{$DNSSECError{$Error}}) {
|
|
Packit |
57988d |
print " " . "$Host: " . $DNSSECError{$Error}{$Host} . " Time(s)\n" unless ($Host eq '__Total__');
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
if (keys %OtherList) {
|
|
Packit |
57988d |
print "\n**Unmatched Entries**\n";
|
|
Packit |
57988d |
foreach $line (sort {$a cmp $b} keys %OtherList) {
|
|
Packit |
57988d |
print " $line: $OtherList{$line} Time(s)\n";
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
}
|
|
Packit |
57988d |
|
|
Packit |
57988d |
exit(0);
|
|
Packit |
57988d |
|
|
Packit |
57988d |
# vi: shiftwidth=3 tabstop=3 syntax=perl et
|
|
Packit |
57988d |
# Local Variables:
|
|
Packit |
57988d |
# mode: perl
|
|
Packit |
57988d |
# perl-indent-level: 3
|
|
Packit |
57988d |
# indent-tabs-mode: nil
|
|
Packit |
57988d |
# End:
|