Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Monitor and analyze DNSSEC key rollovers
Fetching latest commit…
Cannot retrieve the latest commit at this time.
|Failed to load latest commit information.|
Public version of the DNSSEC key rollover monitor and checker. The tool has been described in a paper released at the SATIN conference <http://conferences.npl.co.uk/satin/>. See the paper at <http://conferences.npl.co.uk/satin/papers/satin2011-Bortzmeyer.pdf>. Basic instructions: 1) sqlite3 dnssec.sqlite < create.sql [If you had the tool in production before 2015-10-08, upgrade the database with sqlite3 dnssec.sqlite < upgrade-1.sql ] 2) Edit ~/.key-report.ini; you can use key-report.ini.sample as a starting point. Set fileonly to a file which is appended to if you don't want to (or can't) send e-mail. 3) while true: key-store-and-report.py $YOURDOMAIN $YOURSERVER sleep $SOMETIME Or you can put 'key-store-and-report.py $YOURDOMAIN $YOURSERVER' into the crontab. If you want to monitor several domains, an example script is: #!/bin/sh # $RANDOM is actually a bash extension so may be I should use /bin/bash # Remember to add a dot at the end, specially for TLD which match a # type or class name (Mexico, Madagascar...) for domain in example.com example.net example.org ; do sleep $((RANDOM/320)) # Select a name server at random set $(dig +cd +short NS $domain) shift $(($RANDOM % $#)) server=$1 # Select an IP address at random set $(printf %s "$server" | dig +cd +short AAAA -f - ; printf %s "$server" | dig +cd +short A -f -) shift $(($RANDOM % $#)) address=$1 if [ "$address" = "" ]; then echo "Cannot find an address for $server" exit 1 fi ./key-store-and-report.py $domain $address done which can also, obviously, put in a crontab. -- Comments and requests can be sent to Stéphane Bortzmeyer <firstname.lastname@example.org>