Control: SOA retry value should be between 120 and 7200 seconds (2 minutes to 2 hours)

Description

Number of seconds after which secondary name servers should retry to request the serial number from the master if the master does not respond. It must be less than the SOA refresh value. It is recommended that the value should be between 2 minutes to 2 hours.

Usage

Run the control in your terminal:

powerpipe control run net_insights.control.dns_soa_retry_value_check

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run net_insights.control.dns_soa_retry_value_check --share

Steampipe Tables

net_dns_record

Params

Args	Name	Default	Description	Variable
$1	domain_names	`["github.com","microsoft.com"]`	DNS domain names.	domain_names

SQL

select
  domain as resource,
  case
    when retry < 120
    or retry > 7200 then 'alarm'
    else 'ok'
  end as status,
  domain || ' SOA retry value is ' || retry || ' second(s).' as reason
from
  net_dns_record
where
  domain in (
    select
      jsonb_array_elements_text(to_jsonb($1 :: text [ ]))
  )
  and type = 'SOA';