On 9 November 2014 03:59, Stephane Bortzmeyer <[email protected]> wrote:
> On Sat, Nov 08, 2014 at 08:17:15AM +0100,
> Olle E. Johansson <[email protected]> wrote
> a message of 10 lines which said:
>
>> Nagios scripts to monitor DNSsec zones :-)
>
> I was not talking about DNSsec monitoring (I already use it, otherwise
> I would never have deployed DNSsec in production for serious domains)
> but about DANE monitoring: get the TLSA record, open a TLS connection,
> get the certificate, check that it is consistent with what the TLSA
> record announces.
Also for reference Swede [1] can be invoked from Nagios as follows:
define command {
command_name check_tlsa
command_line cd [nagios]/etc/swede && [nagios]/bin/swede
verify -q $HOSTADDRESS$
}
with dlv.isc.org.key and root.key in [nagios]/etc/swede.
[1] https://github.com/pieterlexis/swede
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
