[Dnssec-deployment] Expired RRSIGs for .be

Stephane Bortzmeyer bortzmeyer at nic.fr
Fri Oct 8 11:08:34 EDT 2010


On Fri, Oct 08, 2010 at 09:26:31AM +0200,
 Jakob Schlyter <jakob at kirei.se> wrote 
 a message of 6 lines which said:

> Every time this happens, I kind of wonder why there is no monitoring
> system triggering an alarm.

Shameless plug: a simple shell script such as
<http://www.bortzmeyer.org/files/check-sig.sh> is enough to warn in
advance (you configure the delay) that your signatures are about to
expire. Easy to integrate in any monitoring system (mon, Nagios, etc).

It's an application of Mark Andrews' favorite saying: "To debug
DNSSEC, you only need dig and date."


More information about the Dnssec-deployment mailing list