GitLab

dnssec-checkds CDS support, and other improvements

* Use `dnssec-dsfromkey -p` to work out what the delegation records
  should be, based on CDS records.

* Better error checking for failures by `dig`.

* Add a --every mode for checking all the parent name servers. This is
  for extra protection against long propagation delays.

* Add a --quiet mode to avoid unwanted cronspam. There is still output
  if something unexpected happens, so --quiet mode is better for cron
  jobs than just redirecting the output.

* Explain how this tool relates to other tools. The current strict
  consistency logic was introduced when SHA-1 was deprecated, but it
  wasn't documented. The manual has now been updated. (Users who want
  checks based on validation semantics should use something like
  zonemaster or dnsviz instead.)