--- Begin Message ---> On Feb 8, 2021, at 9:27 PM, Paul Vixie <p...@redbarn.org> wrote: > > i expect i'll crib together some bourne shellack to check my whole signature > chains and warn me when there's less than 72 hours remaining in any validity > period. going into SERVFAIL like this is an operational risk i shouldn't take.If you use Nagios or something compatible, there is this: http://dns.measurement-factory.com/tools/nagios-plugins/check_zone_rrsig_expiration.html But it only checks one RR (default SOA) since it doesn't assume access to the whole zone. That would be a good upgrade, though, to have it axfr the zone and check everything. DWsmime.p7s
Description: S/MIME cryptographic signature
--- End Message ---
_______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations