[dns-operations] anybody awake over at comcast.net?

Wessels, Duane dwessels at verisign.com
Tue Feb 9 16:43:20 UTC 2021

> On Feb 8, 2021, at 9:27 PM, Paul Vixie <paul at redbarn.org> wrote:
> i expect i'll crib together some bourne shellack to check my whole signature
> chains and warn me when there's less than 72 hours remaining in any validity
> period. going into SERVFAIL like this is an operational risk i shouldn't take.

If you use Nagios or something compatible, there is this:


But it only checks one RR (default SOA) since it doesn't assume access to the whole zone.
That would be a good upgrade, though, to have it axfr the zone and check everything.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4695 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20210209/7d1f7c69/attachment-0001.bin>

More information about the dns-operations mailing list