We have had a couple of requests for a log message warning that an NTA has just
expired. The use case is, there is a help desk that needs to know when
validation might be failing because of an NTA that was just removed.
Anyway, in response, Evan wrote a Python script that takes the output of rndc
nta -d and lists the NTA's that are expiring in the next 24 hours. If you ran
rndc nta -d and this script this daily, you would have a daily report.
It gives you the full list of ntas, an indicator of whether they're already
expired or yet to expire, and the time of expiration.
The python script filters out any that are already expired or whose expiration
is more than a day in the future.
#!/bin/python
import sys, time, re
print ('Negative trust anchors expiring in the next 24 hours:')
found = False
for line in sys.stdin.readlines():
r = re.compile('^([^ ]*): (expir[^ ]*) (.*)')
m = r.match(line)
try:
(name, status, date) = m.groups()
except:
continue
now = time.time()
then = time.mktime(time.strptime(date, '%d-%b-%Y %H:%M:%S.%f'))
if status == 'expiry' and then <= now + 86400:
print (' %s at %s' % (name, date))
found = True
if not found:
print (' None')
I thought this might be useful to someone else out there.
Vicky
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
