On Sat, 8 Nov 2014, Stephane Bortzmeyer wrote:

I was not talking about DNSsec monitoring (I already use it, otherwise
I would never have deployed DNSsec in production for serious domains)
but about DANE monitoring: get the TLSA record, open a TLS connection,
get the certificate, check that it is consistent with what the TLSA
record announces.

https://www.dnssec-validator.cz/

DNSSEC/TLSA Validator is a web browser add-on which allows you to check
the existence and validity of DNS Security Extensions (DNSSEC) records
and Transport Layer Security Association (TLSA) records related to
domain names. Results of these checks are displayed by using icons and
information texts in the page’s address-bar or browser tool-bar.
Currently, Internet Explorer (IE), Mozilla Firefox (MF), Google
Chrome/Chromium (GC), Opera (OP), Apple Safari (AS) are supported.

_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane

Reply via email to