--- Begin Message ---
> On Feb 9, 2021, at 9:58 AM, Matthew Richardson <matthe...@itconsult.co.uk>
> wrote:
>
> On Tue, 9 Feb 2021 16:43:20 +0000, Duane Wessels wrote:-
>
>> If you use Nagios or something compatible, there is this:
>>
>> http://secure-web.cisco.com/1ZWcEZ_A3D0HVUDh0W30HiqK06_fxVH7k6Y8MQ0xEkq1R7DisrP18NBN1e4yKETi4R0R3tKtYvbgbceXgcgJ9C21mjdIL9Y0Pi_Vi2A0Bec1tUqiBtCl2wuBuf4RT9Knwd995i-JtjkwjqGTjcDaMcEBN2Wd3J0kKflgMjk2Quq2zjxyDzHe1onv98qw0k-KwnjHmEXxC0KV139PzFEJNQuXFh0FvDW6UESHUbtewefOJN2wnn7lvU7iwPnTztW2X_FiaYT56yvFT9z4BFBcAwg/http%3A%2F%2Fdns.measurement-factory.com%2Ftools%2Fnagios-plugins%2Fcheck_zone_rrsig_expiration.html
>>
>> But it only checks one RR (default SOA) since it doesn't assume access to
>> the whole zone.
>> That would be a good upgrade, though, to have it axfr the zone and check
>> everything.
>
> Are there any existing tools which would take a whole zonefile and check
> the expirations? In a similar way to (for example) dnssec-verify from
> Bind.
YAZVS: Yet Another Zone Validation Script
https://github.com/verisign/yazvs
It is designed to also show changes between a new and current zone, but you can
skip that part with the -x option.
DW
smime.p7s
Description: S/MIME cryptographic signature
--- End Message ---
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
