Control: All name servers listed at the parent server should respond
Description
It is recommended that all name servers listed at parent server should respond individually and return the same NS record as the parent.
Usage
Run the control in your terminal:
powerpipe control run net_insights.control.dns_ns_respondedSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run net_insights.control.dns_ns_responded --shareSteampipe Tables
SQL
with domain_ns_records as ( select domain, target from net_dns_record where domain in (select jsonb_array_elements_text(to_jsonb($1::text[]))) and type = 'NS'),ns_ips as ( select domain, ip from net_dns_record where domain in (select target from domain_ns_records) and type = 'A'),ns_with_ip as ( select domain_ns_records.domain, host(ns_ips.ip) as ip_text from domain_ns_records inner join ns_ips on domain_ns_records.target = ns_ips.domain order by domain_ns_records.domain),ns_individual_count as ( select d.domain, count(*) from net_dns_record as d inner join ns_with_ip as i on d.domain = i.domain and d.dns_server = i.ip_text where d.type = 'NS' group by d.domain),ns_count as ( select domain, count(*) from domain_ns_records group by domain)select nc.domain as resource, case when nic.count = pow(nc.count, 2) then 'ok' else 'alarm' end as status, case when nic.count = pow(nc.count, 2) then nc.domain || ' name servers are responding.' else nc.domain || ' has at least one name server that failed to respond in a timely manner.' end as reasonfrom ns_count as nc, ns_individual_count as nicwhere nc.domain = nic.domaingroup by nc.domain, nic.count, nc.count;
Params
| Args | Name | Default | Description | Variable |
|---|---|---|---|---|
| $1 | domain_names | | DNS domain names. |