Control: SOA serial number should be between 1 and 4294967295

Description

The SOA serial number is used as a version number for your DNS zone. For all name servers to be up to date with the current version of your zone, they must have the same SOA serial number. It is recommended that the format should be in YYYYMMDDnn format (per RFC1912 2.2).

Usage

Run the control in your terminal:

powerpipe control run net_insights.control.dns_soa_serial_check

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run net_insights.control.dns_soa_serial_check --share

Steampipe Tables

net_dns_record

SQL

select
  domain as resource,
  case
    when serial < 1 or serial > 4294967295 then 'alarm'
    when not (select serial::text ~ '^\d{4}[0-1]{1}[0-9]{1}[0-3]{1}[0-9]{1}\d{2}$') then 'info'
    else 'ok'
  end as status,
  case
    when not (select serial::text ~ '^\d{4}[0-1]{1}[0-9]{1}[0-3]{1}[0-9]{1}\d{2}$') then domain || ' SOA serial number is ' || serial || '. The recommended format is YYYYMMDDnn (per RFC1912 2.2).'
    else domain || ' SOA serial number is ' || serial || '.'
  end as reason
from
  net_dns_record
where
  domain in (select jsonb_array_elements_text(to_jsonb($1::text[])))
  and type = 'SOA';

Params

Args	Name	Default	Description	Variable
$1	domain_names	`["github.com","microsoft.com"]`	DNS domain names.	domain_names