--- Begin Message ---
> On Feb 8, 2021, at 9:27 PM, Paul Vixie <[email protected]> wrote:
>
> i expect i'll crib together some bourne shellack to check my whole signature
> chains and warn me when there's less than 72 hours remaining in any validity
> period. going into SERVFAIL like this is an operational risk i shouldn't take.
If you use Nagios or something compatible, there is this:
http://dns.measurement-factory.com/tools/nagios-plugins/check_zone_rrsig_expiration.html
But it only checks one RR (default SOA) since it doesn't assume access to the
whole zone.
That would be a good upgrade, though, to have it axfr the zone and check
everything.
DW
smime.p7s
Description: S/MIME cryptographic signature
--- End Message ---
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
