- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Script to supervise DNSSEC for infoblox
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
04-29-2016 04:42 AM
Hi,
I need a script to supervise the DNSSec service (key validity, key expiration for each kind of key zsk, ksk
Best regards
Re: Script to supervise DNSSEC for infoblox
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
05-09-2016 09:22 AM
Are you talking about rfc 5011 support ? or some other kind of management ?
Re: Script to supervise DNSSEC for infoblox
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-22-2016 10:51 PM
I need such a script too -> Automated Updates of DNS Security (DNSSEC) Trust Anchors is that possible?
Re: Script to supervise DNSSEC for infoblox
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
12-03-2018 05:59 AM
Hi,
This can be accomplished with a REST API call.
Below is a sample call
https://xx.xx.xx.xx.xx/wapi/v2.7/zone_auth?_return_fields=fqdn,is_dnssec_signed,dnssec_ksk_rollover_date,dnssec_zsk_rollover_date,dnssec_key_params&_return_type=json-pretty
Below is a sample output.
5 _ref "zone_auth/ZG5zLnpvbmUkLl9kZWZhdWx0LmNvbS50ZXN0:test.com/default" dnssec_key_params enable_ksk_auto_rollover false ksk_algorithms [] ksk_email_notification_enabled false ksk_rollover 31536000 ksk_rollover_notification_config "REQUIRE_MANUAL_INTERVENTION" ksk_snmp_notification_enabled true next_secure_type "NSEC3" nsec3_iterations 10 nsec3_salt_max_length 15 nsec3_salt_min_length 1 signature_expiration 345600 zsk_algorithms [] zsk_rollover 2592000 zsk_rollover_mechanism "PRE_PUBLISH" dnssec_ksk_rollover_date 1574544459 dnssec_zsk_rollover_date 1545600459 fqdn "test.com" is_dnssec_signed true
You can specify individual zones in the calls to fine tune the results like below.
https://xx.xx.xx.xx.xx/wapi/v2.7/zone_auth?fqdn=test.com&_return_fields=fqdn,is_dnssec_signed,dnssec_ksk_rollover_date,dnssec_zsk_rollover_date,dnssec_key_params&_return_type=json-pretty
Please note that the dates are returned in epoch time format.
Regards,
Sandeep