[dns-operations] anybody awake over at comcast.net?
dwessels at verisign.com
Tue Feb 9 16:43:20 UTC 2021
> On Feb 8, 2021, at 9:27 PM, Paul Vixie <paul at redbarn.org> wrote:
> i expect i'll crib together some bourne shellack to check my whole signature
> chains and warn me when there's less than 72 hours remaining in any validity
> period. going into SERVFAIL like this is an operational risk i shouldn't take.
If you use Nagios or something compatible, there is this:
But it only checks one RR (default SOA) since it doesn't assume access to the whole zone.
That would be a good upgrade, though, to have it axfr the zone and check everything.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4695 bytes
Desc: not available
More information about the dns-operations