#!/bin/env python ''' Check whether the authoritative nameservers returned for all puzzle managed domains belong to the list of pitc_nameservers and fail if one does not. ''' import sys import yaml from dns import resolver # list of puzzle authoritative name servers pitc_nameservers = [ 'ns1.dnsimple.com.', 'ns2.dnsimple.com.', 'ns3.dnsimple.com.', 'ns4.dnsimple.com.', 'ns5.dnsmadeeasy.com.', 'ns6.dnsmadeeasy.com.', 'ns7.dnsmadeeasy.com.' ] # list of puzzle managed zone files pitc_domains = [ 'puzzle.ch.yaml', 'puzzle.yaml', 'nonpuzzle.yaml' ] # configure opendns resolver resolver = resolver.Resolver() resolver.nameservers = ['208.67.222.222','208.67.220.220'] def get_authoritative_ns(domains): ''' dsc: Query the domains and return the authoritative name server. arg: [list], domain to query ret: [str], nameserver ''' for domain in domains: answers = resolver.resolve(domain,'NS') for server in answers: if not verify_authoritative_ns(str(server)): print("ERROR: {} got answer from {}, not managed by puzzle".format(domain, server), file=sys.stderr) return False else: #print("{} got answer from {}".format(domain, server)) pass return True def get_domains(filenames): ''' dsc: Loads domain names from a list of yaml files. arg: [list], filenames ret: [list], arbitrary list of domain names ''' domains = [] for file in filenames: with open(file, 'r') as zone_file: yaml_data = yaml.safe_load(zone_file) yaml_list = list(yaml_data.get('zones')) domains.extend(yaml_list) return domains def verify_authoritative_ns(nameserver): ''' dsc: Verifies if the authoritative NS belongs to the puzzle managed NS. arg: [str], nameserver ret: [boolean], true if ok; false if nok. ''' if nameserver in pitc_nameservers: return True return False if __name__ == "__main__": dns = get_domains(pitc_domains) if not get_authoritative_ns(dns): sys.exit(1) sys.exit(0)