[Opendnssec-user] Re: DNSSEC check tools (CLI, not GUI)?

Stephane Bortzmeyer bortzmeyer at nic.fr
Mon Dec 17 10:06:21 CET 2012


On Mon, Dec 17, 2012 at 08:30:44AM +0100,
 Jakob Schlyter <jakob at kirei.se> wrote 
 a message of 25 lines which said:

> validns, https://github.com/tobez/validns, is nice (although does
> not check signature lifetime deltas, perhaps this could be added?)

+1 validns really rocks. But what do you mean by "not check signature
lifetime deltas"? You would like to detect that the signatures still
have at least N days of validity?

If so, the option -t is convenient:

% validns  -p all example.signed                                    

% validns  -p all example.signed  -t $(date --date="now+31days" +%s)
example.signed:21: example. signature is too old



More information about the Opendnssec-user mailing list