At this year's FrOSCon I repeted my presentation on DNSSEC. In the audience, there was the suggestion of a lack of proper monitoring plugins for a DANE and DNSSEC infrastructure that was easily available. As I already had some personal tools around and some spare time to burn I've just started a repository with some useful tools. It's available on my website and has mirrors on Gitlab and Github. I intent to keep this repository up-to-date with my personal requirements (which also means adding a xmpp check soon) and am happy to take any contributions (either by mail or as "pull requests" on one of the two mirrors). It currently has smtp (both ssmtp and starttls) and https support as well as support for checking valid DNSSEC configuration of a zone.
While working on it it turned out some things can be complicated. My
language of choice was python3 (if only because the ssl library has
improved since 2.7 a lot), however ldns and unbound in Debian lack
python3 support in their bindings. This seems fixable as the
source in Debian is buildable and useable with python3 so it just
needs packaging adjustments. Funnily the ldns module, which is only
needed for check_dnssec
, in debian is currently buggy for
python2 and python3 and ldns' python3 support is somewhat lacking
so I spent several hours hunting SWIG problems.