Mark, Thanks. That does answer the first element, but not the other two. I'll pound out a shell script.
Frank -----Original Message----- From: Mark Andrews [mailto:[email protected]] Sent: Tuesday, July 14, 2015 1:29 AM To: Frank Bulk Cc: [email protected] Subject: Re: [dns-operations] Verifying that a recursor is performing DNSSec validation dig +adflag soa $zone @server > tmpfile grep -q "status: NOERROR" tmpfile || exit 1 grep -q "flags:[^;]* ad[^;]*;" tmpfile && cat tmpfile exit 0 add appropriate garbage collection In message <[email protected]>, "Frank Bulk" writes: > Is there an existing tool, ideally a NAGIOS-friendly one, that performs a > check against a resolver that it gets an AD back on DNSSec query for a zone > that is properly signed, failure for one that is not properly signed, and > nothing for one that isn't signed? > http://docs.menandmice.com/display/MM/How+to+test+DNSSEC+validation > > I'd rather not re-invent the wheel if it already exists. > > Regards, > > Frank Bulk > > > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > dns-jobs mailing list > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
