33d7d1aacf
* Improve collection of RRSIG expiration times A new record_earliest_rrsig_expiry metric contains the unixtime of the earliest expiring signature per resolver. This allows for different alerting configurations when monitoring a mix of authoritative and caching resolvers. Use a single DNS query instead of querying for RRSIG separately. While some resolvers (reasonably enough) return REFUSED when queried for type RRSIG, they will include relevant RRSIG records when queried for other types (as required by RFC 4034). * Document the improved RRSIG expiration handling While here, also clarify the limitations of the record_days_left metric.
4.9 KiB
4.9 KiB