[Opendnssec-user] DNSSEC check tools (CLI, not GUI)?

Fredrik Pettai pettai at nordu.net
Mon Dec 17 22:27:08 CET 2012


On Dec 17, 2012, at 8:30 AM, Jakob Schlyter wrote:
> On 17 dec 2012, at 03:20, Peter Olsson <pol at leissner.se> wrote:
> 
>> * Run from cron
>> 
>> * Preferably written in python, perl, C or bash script
>> 
>> * I want the tool to check, at least, that the DNSSEC
>> zone and its keys and signatures are working and valid
>> from the Internet point of view, and that there are no
>> keys expiring in less than X days
> 
> validns, https://github.com/tobez/validns, is nice (although does not check signature lifetime deltas, perhaps this could be added?)
> 
> For NAGIOS you also have https://github.com/dotse/dnssec-monitor from the merry people at .SE.

We have been using OpenDNSSECs own monitoring plugin successfully for about one year or so…
http://svn.opendnssec.org/trunk/monitor/

The drawback (or advantage, depending how you see it) is that it requires Ruby!

(But we're probably going to migrate over to validns soon, since the auditor is being phased out…)

/P




More information about the Opendnssec-user mailing list