On 11/8/14 6:59 PM, Stephane Bortzmeyer wrote: > I was not talking about DNSsec monitoring (I already use it, otherwise > I would never have deployed DNSsec in production for serious domains) > but about DANE monitoring: get the TLSA record, open a TLS connection, > get the certificate, check that it is consistent with what the TLSA > record announces.
Shumon Huque wrote something using the getdns Python bindings that may be close to what you're asking about: https://github.com/getdnsapi/getdns-python-bindings/blob/master/examples/checkdanecert.py Melinda _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
