[Opendnssec-user] Re: DNSSEC check tools (CLI, not GUI)?
bortzmeyer at nic.fr
Mon Dec 17 10:06:21 CET 2012
On Mon, Dec 17, 2012 at 08:30:44AM +0100,
Jakob Schlyter <jakob at kirei.se> wrote
a message of 25 lines which said:
> validns, https://github.com/tobez/validns, is nice (although does
> not check signature lifetime deltas, perhaps this could be added?)
+1 validns really rocks. But what do you mean by "not check signature
lifetime deltas"? You would like to detect that the signatures still
have at least N days of validity?
If so, the option -t is convenient:
% validns -p all example.signed
% validns -p all example.signed -t $(date --date="now+31days" +%s)
example.signed:21: example. signature is too old
More information about the Opendnssec-user