[dns-operations] anybody awake over at comcast.net?
Wessels, Duane
dwessels at verisign.com
Tue Feb 9 18:53:33 UTC 2021
> On Feb 9, 2021, at 9:58 AM, Matthew Richardson <matthew-l at itconsult.co.uk> wrote:
>
> On Tue, 9 Feb 2021 16:43:20 +0000, Duane Wessels wrote:-
>
>> If you use Nagios or something compatible, there is this:
>>
>> http://secure-web.cisco.com/1ZWcEZ_A3D0HVUDh0W30HiqK06_fxVH7k6Y8MQ0xEkq1R7DisrP18NBN1e4yKETi4R0R3tKtYvbgbceXgcgJ9C21mjdIL9Y0Pi_Vi2A0Bec1tUqiBtCl2wuBuf4RT9Knwd995i-JtjkwjqGTjcDaMcEBN2Wd3J0kKflgMjk2Quq2zjxyDzHe1onv98qw0k-KwnjHmEXxC0KV139PzFEJNQuXFh0FvDW6UESHUbtewefOJN2wnn7lvU7iwPnTztW2X_FiaYT56yvFT9z4BFBcAwg/http%3A%2F%2Fdns.measurement-factory.com%2Ftools%2Fnagios-plugins%2Fcheck_zone_rrsig_expiration.html
>>
>> But it only checks one RR (default SOA) since it doesn't assume access to the whole zone.
>> That would be a good upgrade, though, to have it axfr the zone and check everything.
>
> Are there any existing tools which would take a whole zonefile and check
> the expirations? In a similar way to (for example) dnssec-verify from
> Bind.
YAZVS: Yet Another Zone Validation Script
https://github.com/verisign/yazvs
It is designed to also show changes between a new and current zone, but you can skip that part with the -x option.
DW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4695 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20210209/c343c67c/attachment.bin>
More information about the dns-operations
mailing list