[dns-operations] anybody awake over at comcast.net?
Wessels, Duane
dwessels at verisign.com
Tue Feb 9 16:43:20 UTC 2021
> On Feb 8, 2021, at 9:27 PM, Paul Vixie <paul at redbarn.org> wrote:
>
> i expect i'll crib together some bourne shellack to check my whole signature
> chains and warn me when there's less than 72 hours remaining in any validity
> period. going into SERVFAIL like this is an operational risk i shouldn't take.
If you use Nagios or something compatible, there is this:
http://dns.measurement-factory.com/tools/nagios-plugins/check_zone_rrsig_expiration.html
But it only checks one RR (default SOA) since it doesn't assume access to the whole zone.
That would be a good upgrade, though, to have it axfr the zone and check everything.
DW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4695 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20210209/7d1f7c69/attachment-0001.bin>
More information about the dns-operations
mailing list