On Sat, 8 Nov 2014, Stephane Bortzmeyer wrote:
I was not talking about DNSsec monitoring (I already use it, otherwise I would never have deployed DNSsec in production for serious domains) but about DANE monitoring: get the TLSA record, open a TLS connection, get the certificate, check that it is consistent with what the TLSA record announces.
https://www.dnssec-validator.cz/ DNSSEC/TLSA Validator is a web browser add-on which allows you to check the existence and validity of DNS Security Extensions (DNSSEC) records and Transport Layer Security Association (TLSA) records related to domain names. Results of these checks are displayed by using icons and information texts in the page’s address-bar or browser tool-bar. Currently, Internet Explorer (IE), Mozilla Firefox (MF), Google Chrome/Chromium (GC), Opera (OP), Apple Safari (AS) are supported. _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
