/
check_dnssec_expiration.xml
110 lines (107 loc) · 3.75 KB
/
check_dnssec_expiration.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY mpcheckname "check_dnssec_expiration">
]>
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>
<title>Monitoringplug Manual</title>
<productname>&mpcheckname;</productname>
<authorgroup>
<author>
<firstname>Marius</firstname>
<surname>Rieder</surname>
<address>
<email>marius.rieder@durchmesser.ch</email>
</address>
<contrib>For monitoringplug</contrib>
</author>
</authorgroup>
<copyright>
<year>2012</year>
<holder>Marius Rieder</holder>
</copyright>
<legalnotice>
<para>This manual page was written for Monitoringplug
(and may be used by others).</para>
<para>Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU General Public License,
Version 2 or (at your option) any later version published by
the Free Software Foundation.</para>
</legalnotice>
</refentryinfo>
<refmeta>
<refentrytitle>CHECK_DNSSEC_EXPIRATION</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
<refname>&mpcheckname;</refname>
<refpurpose>Check if the zone signature expires.</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>&mpcheckname;</command>
<arg choice="opt">
<option>-H <replaceable>HOST</replaceable></option>
</arg>
<arg choice="plain">
<option>-D <replaceable>DOMAIN</replaceable></option>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id="description">
<title>DESCRIPTION</title>
<para>Check the Domains signatures whether expires soon.</para>
</refsect1>
<refsect1 id="options">
<title>OPTIONS</title>
<para>The Monitoringplug default options</para>
<xi:include href="mp_opts.xml"/>
<para>Check specific options</para>
<variablelist>
<varlistentry>
<term><option>--tcp</option></term>
<listitem>
<para>Use TCP for DNS queries.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-D</option></term>
<term><option>--domain=<replaceable>DOMAIN</replaceable></option></term>
<listitem>
<para>The name of the domain to check.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-k</option></term>
<term><option>--trusted-keys=<replaceable>FILE</replaceable></option></term>
<listitem>
<para>File to read truste-anchors from.</para>
<para>
The keyfile should be a Zonefile alike list of Trusted Keys or DS.
Create the file with 'dig -t <replaceable>DNSKEY|DS</replaceable> +noall +answer <replaceable>ZONE</replaceable> > file'.
Do not forget to verify the DNSKEY/DS record against a trustworthy source.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-w</option></term>
<term><option>--warning=<replaceable>RANGE</replaceable></option></term>
<listitem>
<para>Return warning if expires earlier then.
(Default to 2 Days)</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-c</option></term>
<term><option>--critical=<replaceable>RANGE</replaceable></option></term>
<listitem>
<para>Return critical if expires earlier then.
(Default to 1 Day)</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<xi:include href="mp_seealso.xml"/>
</refentry>
<!-- vim: set ts=2 sw=2 expandtab ai syn=docbk : -->