turbot/net_insights
Loading controls...

Control: Name servers should have valid name

Description

It is recommended that all name servers should have a valid name format. DNS names can contain only alphabetical characters (A-Z), numeric characters (0-9), the minus sign (-), and the period (.). Period characters are allowed only when they are used to delimit the components of domain style names.

Usage

Run the control in your terminal:

powerpipe control run net_insights.control.dns_ns_name_valid

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run net_insights.control.dns_ns_name_valid --share

Steampipe Tables

Params

ArgsNameDefaultDescriptionVariable
$1domain_names
["github.com","microsoft.com"]
DNS domain names.

SQL

with invalid_ns_count as (
select
domain,
count(*)
from
net_dns_record
where
domain in (
select
jsonb_array_elements_text(to_jsonb($1 :: text [ ]))
)
and type = 'NS'
and not target ~ '^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}\.?$'
group by
domain
),
domain_list as (
select
distinct domain
from
net_dns_record
where
domain in (
select
jsonb_array_elements_text(to_jsonb($1 :: text [ ]))
)
)
select
d.domain as resource,
case
when r.domain is null
or r.count = 0 then 'ok'
else 'alarm'
end as status,
case
when r.domain is null
or r.count = 0 then d.domain || ' name servers have valid name format.'
else d.domain || ' has at least one name server with invalid name format.'
end as reason
from
domain_list as d
left join invalid_ns_count as r on d.domain = r.domain;