--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/dns_check.py	Mon Feb 14 21:53:36 2022 -0800
@@ -0,0 +1,49 @@
+# run key dns lookups everywhere
+import subprocess
+import tempfile
+
+import requests
+from pyinfra import host
+from pyinfra.operations import apt, files, server, systemd
+
+def check(name, addr):
+    server.shell(commands=[
+        # note: one big string
+        f"out=`dnsget -q {name}`; "
+        f'[ -n "$out" ] || exit 1; '
+        f"if [ $out != {addr} ]; then echo got $out >&2 ; exit 1; fi"
+        ])
+
+'''
+idea: read a file that looks like this:
+
+on host:   bang       dash      slash     prime
+lookup:
+bang       127.0.1.1  10.1.0.1  10.1.0.1  10.5.0.1
+bang5      10.5.0.1   10.5.0.1  10.5.0.1  10.5.0.1
+dash       10.1.0.5   127.0.1.1 10.1.0.5  10.5.0.5
+etc
+
+(or another idea: wireguard everywhere all the time)
+'''
+
+# outside k8s
+if host.name in ['dash', 'bang', 'slash']:
+    check('dash', '10.1.0.5')
+elif host.name in ['prime']:
+    check('dash', '10.5.0.5')
+else:
+    check('dash', '10.1.0.5')
+
+if host.name in ['bang']:
+    check('bang', '10.2.0.1')
+elif host.name in ['prime']:
+    check('bang', '10.5.0.1')
+else:
+    check('bang', '10.2.0.1')
+
+check('bang5', '10.5.0.1')
+check('prime', '10.5.0.2')
+check('slash', '10.1.0.6')
+
+# inside k8s
\ No newline at end of file

--- a/tasks.py	Mon Feb 14 21:52:47 2022 -0800
+++ b/tasks.py	Mon Feb 14 21:53:36 2022 -0800
@@ -36,6 +36,11 @@
 @task
 def dns(ctx):
     ctx.run(cmd + 'inventory.py dns.py -v', pty=True)
+    ctx.run(cmd + 'inventory.py dns_check.py -v', pty=True)
+
+@task
+def dns_check(ctx):
+    ctx.run(cmd + 'inventory.py dns_check.py -v', pty=True)
 
 
 @task
@@ -45,7 +50,7 @@
 
 @task
 def kube(ctx):
-    ctx.run(cmd + 'inventory.py kube.py ', pty=True)
+    ctx.run(cmd + 'inventory.py kube.py -vv ', pty=True)
 
 
 @task
@@ -55,7 +60,7 @@
 
 @task
 def mail(ctx):
-    ctx.run(cmd + 'inventory.py mail.py', pty=True)
+    ctx.run(cmd + 'inventory.py mail.py ', pty=True)
 
 
 @task