It'd still be good to have that exposed as a metric, since:
* that way you don't have to wait to make the mistake (or to find the
logs from someone else's mistake) in order to wrap alerting around it
* the metric's more or less the metric forever-ish, while it seems
more likely that a
On Fri, Nov 03, 2023 at 11:09:02AM +0100, Vladimír Čunát via dns-operations
wrote:
> On 01/11/2023 17.18, Viktor Dukhovni wrote:
> > Should authoritative [nameservers] have knobs to perform internal checks on
> > the signed zones they serve and at least syslog loud warnings?
>
> My
--- Begin Message ---
On 01/11/2023 17.18, Viktor Dukhovni wrote:
Should authoritative resolvers have knobs to perform internal checks on
the signed zones they serve and at least syslog loud warnings?
My understanding is that in this case the signer was producing loud
syslog warnings
I liked Viktor’s idea. It would be cool if time-to-re-sign and
time-to-signature-expiration were available on the json/xml stats port. (Or are
they and I missed it? The last time I used the json/xml stuff, I wasn’t
getting metrics for signed zones, just the usual counters and the
