Fetching latest commit…
Cannot retrieve the latest commit at this time.
|Failed to load latest commit information.|
Public version of the DNSSEC key rollover monitor and checker. The tool has been described in a paper released at the SATIN conference <http://conferences.npl.co.uk/satin/>. See the paper at <http://conferences.npl.co.uk/satin/papers/satin2011-Bortzmeyer.pdf>. Basic instructions: 1) sqlite3 dnssec.sqlite < create.sql [If you had the tool in production before 2015-10-08, upgrade the database with sqlite3 dnssec.sqlite < upgrade-1.sql ] 2) Edit ~/.key-report.ini; you can use key-report.ini.sample as a starting point. Set fileonly to a file which is appended to if you don't want to (or can't) send e-mail. 3) while true: key-store-and-report.py $YOURDOMAIN $YOURSERVER sleep $SOMETIME Or you can put 'key-store-and-report.py $YOURDOMAIN $YOURSERVER' into the crontab. If you want to monitor several domains, an example script is: #!/bin/sh # $RANDOM is actually a bash extension so may be I should use /bin/bash # Remember to add a dot at the end, specially for TLD which match a # type or class name (Mexico, Madagascar...) for domain in example.com example.net example.org ; do sleep $((RANDOM/320)) # Select a name server at random set $(dig +cd +short NS $domain) shift $(($RANDOM % $#)) server=$1 # Select an IP address at random set $(printf %s "$server" | dig +cd +short AAAA -f - ; printf %s "$server" | dig +cd +short A -f -) shift $(($RANDOM % $#)) address=$1 if [ "$address" = "" ]; then echo "Cannot find an address for $server" exit 1 fi ./key-store-and-report.py $domain $address done which can also, obviously, put in a crontab. -- Comments and requests can be sent to Stéphane Bortzmeyer <firstname.lastname@example.org>