--- Begin Message ---> On Feb 9, 2021, at 9:58 AM, Matthew Richardson <matthe...@itconsult.co.uk> > wrote: > > On Tue, 9 Feb 2021 16:43:20 +0000, Duane Wessels wrote:- > >> If you use Nagios or something compatible, there is this: >> >> http://secure-web.cisco.com/1ZWcEZ_A3D0HVUDh0W30HiqK06_fxVH7k6Y8MQ0xEkq1R7DisrP18NBN1e4yKETi4R0R3tKtYvbgbceXgcgJ9C21mjdIL9Y0Pi_Vi2A0Bec1tUqiBtCl2wuBuf4RT9Knwd995i-JtjkwjqGTjcDaMcEBN2Wd3J0kKflgMjk2Quq2zjxyDzHe1onv98qw0k-KwnjHmEXxC0KV139PzFEJNQuXFh0FvDW6UESHUbtewefOJN2wnn7lvU7iwPnTztW2X_FiaYT56yvFT9z4BFBcAwg/http%3A%2F%2Fdns.measurement-factory.com%2Ftools%2Fnagios-plugins%2Fcheck_zone_rrsig_expiration.html >> >> But it only checks one RR (default SOA) since it doesn't assume access to >> the whole zone. >> That would be a good upgrade, though, to have it axfr the zone and check >> everything. > > Are there any existing tools which would take a whole zonefile and check > the expirations? In a similar way to (for example) dnssec-verify from > Bind.YAZVS: Yet Another Zone Validation Script https://github.com/verisign/yazvs It is designed to also show changes between a new and current zone, but you can skip that part with the -x option. DWsmime.p7s
Description: S/MIME cryptographic signature
--- End Message ---
_______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations