Control: SOA expire value should be between 1209600 and 2419200 seconds (2 weeks to 4 weeks)

Description

Number of seconds after which secondary name servers should stop answering request for this zone if the master does not respond. This value must be bigger than the sum of the SOA refresh and retry values. It is recommended that the value should be between 2 weeks to 4 weeks.

Usage

Run the control in your terminal:

powerpipe control run net_insights.control.dns_soa_expire_value_check

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run net_insights.control.dns_soa_expire_value_check --share

Steampipe Tables

net_dns_record

Params

Args	Name	Default	Description	Variable
$1	domain_names	`["github.com","microsoft.com"]`	DNS domain names.	domain_names

SQL

select
  domain as resource,
  case
    when expire < 1209600
    or expire > 2419200 then 'alarm'
    else 'ok'
  end as status,
  domain || ' SOA expire value is ' || expire || ' second(s).' as reason
from
  net_dns_record
where
  domain in (
    select
      jsonb_array_elements_text(to_jsonb($1 :: text [ ]))
  )
  and type = 'SOA';