turbot/net_insights

GitHub
Loading controls...

Control: SOA expire value should be between 1209600 and 2419200 seconds (2 weeks to 4 weeks)

Description

Number of seconds after which secondary name servers should stop answering request for this zone if the master does not respond. This value must be bigger than the sum of the SOA refresh and retry values. It is recommended that the value should be between 2 weeks to 4 weeks.

Usage

Run the control in your terminal:

steampipe check net_insights.control.dns_soa_expire_value_check

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share net_insights.control.dns_soa_expire_value_check

Plugins & Tables

Params

ArgsNameDefaultDescriptionVariable
$1domain_names
["github.com","microsoft.com"]
DNS domain names.

SQL

select
domain as resource,
case
when expire < 1209600
or expire > 2419200 then 'alarm'
else 'ok'
end as status,
domain || ' SOA expire value is ' || expire || ' second(s).' as reason
from
net_dns_record
where
domain in (
select
jsonb_array_elements_text(to_jsonb($1 :: text [ ]))
)
and type = 'SOA';