dnssec-analyzer

module

v1.0.0 Latest Latest Go to latest Published: Aug 29, 2019 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/StalkR/dnssec-analyzer

Links

Open Source Insights

README ¶

DNSSEC analyzer

A Go library and command-line tools to use Verisign Labs DNSSEC analyzer: https://dnssec-analyzer.verisignlabs.com

Command-line tools

dnssec-analyzer

Source: https://github.com/StalkR/dnssec-analyzer/blob/master/cmd/dnssec-analyzer

It lets you query the web interface from command-line:

$ go get github.com/StalkR/dnssec-analyzer
$ go build github.com/StalkR/dnssec-analyzer/cmd/dnssec-analyzer
$ ./dnssec-analyzer stalkr.net
# .
OK: Found 2 DNSKEY records for .
OK: DS=20326/SHA-256 verifies DNSKEY=20326/SEP
OK: Found 1 RRSIGs over DNSKEY RRset
OK: RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
# net
OK: Found 1 DS records for net in the . zone
OK: DS=35886/SHA-256 has algorithm RSASHA256
OK: Found 1 RRSIGs over DS RRset
OK: RRSIG=59944 and DNSKEY=59944 verifies the DS RRset
OK: Found 3 DNSKEY records for net
OK: DS=35886/SHA-256 verifies DNSKEY=35886/SEP
OK: Found 1 RRSIGs over DNSKEY RRset
OK: RRSIG=35886 and DNSKEY=35886/SEP verifies the DNSKEY RRset
# stalkr.net
OK: Found 1 DS records for stalkr.net in the net zone
OK: DS=1363/SHA-256 has algorithm ECDSAP256SHA256
OK: Found 1 RRSIGs over DS RRset
OK: RRSIG=59540 and DNSKEY=59540 verifies the DS RRset
OK: Found 1 DNSKEY records for stalkr.net
OK: DS=1363/SHA-256 verifies DNSKEY=1363/SEP
OK: Found 1 RRSIGs over DNSKEY RRset
OK: RRSIG=1363 and DNSKEY=1363/SEP verifies the DNSKEY RRset
OK: stalkr.net A RR has value 51.38.54.48
OK: Found 1 RRSIGs over A RRset
OK: RRSIG=1363 and DNSKEY=1363/SEP verifies the A RRset

dnssec-monitor

Source: https://github.com/StalkR/dnssec-analyzer/blob/master/cmd/dnssec-monitor

It lets your monitor domains for their DNSSEC status regularly (default 24h) and send email alerts (using sendmail) when there are errors or warnings 3 times in a row:

$ go get github.com/StalkR/dnssec-analyzer
$ go build github.com/StalkR/dnssec-analyzer/cmd/dnssec-monitor
$ ./dnssec-monitor -domains stalkr.net -from <email> -to <email> -every 24h
...

Alternatively, create the Debian package and install it:

$ cd $GOPATH/src/github.com/StalkR/dnssec-analyzer/cmd/dnssec-monitor
$ fakeroot debian/rules clean binary
$ sudo dpkg -i ../dnssec-monitor_1-1_amd64.deb

Configure in /etc/default/dnssec-monitor and start with /etc/init.d/dnssec-monitor start.

License

Apache License, version 2.0.

Thanks

Verisign Labs for their powerful, stable and longtime supported DNSSEC analyzer.

Bugs, feature requests, questions

Create a new issue.

Directories ¶

Path	Synopsis
cmd
dnssec-analyzer Binary dnssec_analyzer analyzes a domain with Verisign Labs DNSSEC analyzer.	Binary dnssec_analyzer analyzes a domain with Verisign Labs DNSSEC analyzer.
dnssec-monitor Binary dnssec_monitor monitors domains with Verisign Labs DNSSEC analyzer.	Binary dnssec_monitor monitors domains with Verisign Labs DNSSEC analyzer.
dnssec Package dnssec is a library to Verisign Labs DNSSEC analyzer.	Package dnssec is a library to Verisign Labs DNSSEC analyzer.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL