On Thu 04 Jul 2024 18:16:28 GMT, Randy Bush wrote: > hak whacked me to add > http://dns.measurement-factory.com/tools/nagios-plugins/check_zone_rrsig_expiration.html > to my nagios deployment. > > anyone have some known sick in various ways dns zones against which to > test?
Those domains are broken on purpose: https://www.internetsociety.org/resources/deploy360/2013/dnssec-test-sites/ On the domains that I host I also check for SOA consistency, AXFR isn’t known to be that reliable. For now I use https://github.com/paulla/check_dns_sync but if someone has some more up to date code it could be better. -- Alarig
