On Wed, Nov 01, 2023 at 12:18:42PM -0400, Viktor Dukhovni <[email protected]> wrote a message of 67 lines which said:
> Specifically, in the case of signed zones, monitoring MUST also include > regular checks of the remaining expiration time of at least the core > zone apex records (DNSKEY, SOA and NS), and ideally the whole zone, both > on the primary server and the secondaries. Indeed. If you use Nagios or compatible (such as Icinga), I recommend this plugin for signatures monitoring: http://dns.measurement-factory.com/tools/nagios-plugins/check_zone_rrsig_expiration.html (If you use Debian, it is in the package monitoring-plugins-contrib.) _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
