forked from bortzmeyer/key-checker
-
Notifications
You must be signed in to change notification settings - Fork 0
Monitor and analyze DNSSEC key rollovers
License
huguei/key-checker
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
Public version of the DNSSEC key rollover monitor and checker. The tool has been described in a paper released at the SATIN conference <https://conferences.npl.co.uk/satin/>. See the paper at <https://conferences.npl.co.uk/satin/papers/satin2011-Bortzmeyer.pdf>. Basic instructions: 1) sqlite3 dnssec.sqlite < create.sql 2) Edit ~/.key-report.ini may be using key-report.ini.sample as a starting point. 3) while true: key-store-and-report.py $YOURDOMAIN $YOURSERVER sleep $SOMETIME Or you can put 'key-store-and-report.py $YOURDOMAIN $YOURSERVER' into the crontab. If you want to monitor several domains, an example script is: #!/bin/sh # Remember to add a dot at the end, specially for TLD which match a # type or class name (Mexico, Madagascar...) for domain in example.com example.net example.org ; do sleep $((RANDOM/320)) # Select a name server at random set $(dig +cd +short NS $domain) shift $(($RANDOM % $#)) server=$1 # Select an IP address at random set $(dig +cd +short AAAA $server ; dig +cd +short A $server) shift $(($RANDOM % $#)) address=$1 if [ "$address" = "" ]; then echo "Cannot find an address for $server" exit 1 fi ./key-store-and-report.py $domain $address done which can also, obviously, put in a crontab. -- Comments and requests can be sent to Stéphane Bortzmeyer <[email protected]>
About
Monitor and analyze DNSSEC key rollovers
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published
Languages
- Python 100.0%