Control: Name servers should be in different locations
Description
Having more than 1 name server located in the same location is not recommended, as this increases the likelihood of a single failure disabling all of your name servers.
Usage
Run the control in your terminal:
powerpipe control run net_insights.control.dns_ns_different_autonomous_systemsSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run net_insights.control.dns_ns_different_autonomous_systems --shareSteampipe Tables
Params
| Args | Name | Default | Description | Variable |
|---|---|---|---|---|
| $1 | domain_names | | DNS domain names. |
SQL
with domain_records as ( select domain, type, target from net_dns_record where domain in (select jsonb_array_elements_text(to_jsonb($1::text[])))),ns_ips as ( select domain, type, host(ip) as ip_text from net_dns_record where domain in ( select target from domain_records where type = 'NS' )),check_ips as ( select distinct array_to_string(array_remove(string_to_array(ns_ips.ip_text, '.'), split_part(ns_ips.ip_text, '.', 4)), '.'), domain_records.domain as domain from domain_records inner join ns_ips on domain_records.target = ns_ips.domain where ns_ips.type = 'A' and domain_records.type = 'NS')select domain as resource, case when count(*) = 1 then 'alarm' else 'ok' end as status, case when count(*) = 1 then domain || ' name servers are in the same location.' else domain || ' name servers are in different locations.' end as reasonfrom check_ipsgroup by domain;