Example usage

Make sure the Perl modules Net::DNS, Net::DNS::SEC and Crypt::OpenSSL::Random is installed.

dnssec_monitor.pl usage:

dnssec_monitor [options] [nameservers]

Options:

 --help           brief help message
 --zone ZONE      zone to check
 --kskcritical N  check for KSK expire within DAYS days
 --kskwarning  N  check for KSK expire within DAYS days
 --zskcritical N  check for ZSK expire within DAYS days
 --zskwarning  N  check for ZSK expire within DAYS days
 --debug          turn on debugging
 --quiet          be really quiet
 --version        display version and exit

 If no nameservers are specified, all nameservers for ZONE are checked.

Example:

mask$~/src/monitor>perl -I . dnssec_monitor.pl --zone iis.se  
Checking 194.17.45.54 ...  
WARNING: iis.se. RRSIG DNSKEY iis.se/RSASHA1/18937 will expire in 8.0 days  
iis.se/IN/SOA verified  
iis.se/IN/NS verified  
teteszivydsuzyclamarkukontasuc.iis.se/IN/NS verified (NXDOMAIN)  
Checking 212.247.3.83 ...  
WARNING: iis.se. RRSIG DNSKEY iis.se/RSASHA1/18937 will expire in 8.0 days  
iis.se/IN/SOA verified  
iis.se/IN/NS verified  
teteszivydsuzyclamarkukontasuc.iis.se/IN/NS verified (NXDOMAIN)  
Checking 212.247.7.228 ...  
WARNING: iis.se. RRSIG DNSKEY iis.se/RSASHA1/18937 will expire in 8.0 days  
iis.se/IN/SOA verified  
iis.se/IN/NS verified  
teteszivydsuzyclamarkukontasuc.iis.se/IN/NS verified (NXDOMAIN)  

Nagios plugin usage (nagios_dnssec.pl):

nagios_dssec.pl --zone zonename nameserver

    --zone zone         The zone to test (required argument)
    --kskcritical=i     KSK critical (days)
    --kskwarning=i      KSK warning (days)
    --zskcritical=i     ZSK critical (days)
    --zskwarning=i      ZSK warning (days)
    --debug             Debug mode
    --dstport=i         Destination port on name server (53 is default)

Test run the Nagios plugin:

mask$~/src/monitor>perl nagios_dnssec.pl --zone iis.se ns.nic.se
DNSSEC WARNING: iis.se. RRSIG DNSKEY iis.se/RSASHA1/18937 will expire in 8.0 days