Check DNS

To monitor DNSSEC and some other baisc DNS errors we use: https://github.com/zonemaster/zonemaster

Install

# install a load of base dependencies
apt install knot-dnsutils jq git vim sudo \
	apt install autoconf automake build-essential \
	cpanminus libclone-perl libdevel-checklib-perl libemail-valid-perl libfile-sharedir-perl libfile-slurp-perl libidn11-dev libintl-perl libio-socket-inet6-perl libjson-pp-perl liblist-moreutils-perl liblocale-msgfmt-perl libmodule-find-perl libmodule-install-xsutil-perl libmoose-perl libmoosex-singleton-perl libnet-ip-perl libpod-coverage-perl libreadonly-xs-perl libssl-dev libtest-differences-perl libtest-exception-perl libtest-fatal-perl libtest-pod-perl libtext-csv-perl libtool m4 libmoosex-getopt-perl libtext-reflow-perl libmodule-install-perl libnet-interface-perl

# add the required locale and generate them
perl -pi -e 's/^# (da_DK\.UTF-8.*|en_US\.UTF-8.*|fr_FR\.UTF-8.*|nb_NO\.UTF-8.*|sv_SE\.UTF-8.*)/$1/' /etc/locale.gen

locale-gen
locale -a


# install the cpanm modules
cpanm Module::Install Test::More
cpanm Zonemaster::LDNS Zonemaster::Engine --force
cpanm Zonemaster::CLI

# run to see help
zonemaster-cli --help

generating report

we can use the following script to generate a big report for all domains in the specified file

#!/usr/bin/env bash

IPV6="--no-ipv6"
LEVEL="WARNING"

DOMAIN_LIST=$1

while read line; do
	echo "; started generating report for $line"
	zonemaster-cli ${IPV6} --json --level ${LEVEL} ${line} > tmp/${line}.json
	echo "; ended generating report for $line"
done < <(cat ${DOMAIN_LIST})