Pyng: DANE check

Description

DANE check allows to verify TLS authentication with DANE (RFC 6698).

DANE requires ldns-dane command to be present in $PATH.

Options

DANE supports following options, which may be used upon creation of a new check object:

name
Server name to connect to, and to use for the TLSA resource records (required)
port
Server port to connect to (required)
address
Address to connect to instead of resolving name
keyfile
Key file with trusted DNSKEY or DS resrouce records
noverify
Skip verification of server name in certificate
proto
TCP or UDP transport for the connection
ipv6
IP version to use when resolving addresses (IPv6 or IPv4)

In addition, DANE supports following generic check settings:

desc
Check description
silent
Information about check runs is not output by certain runners
interval
Number of seconds between check runs
result
Require that check output matches result in order to consider check successful. During the matching, check output is evaluated as a list of lines of output without newlines. result may be provided in multiple ways:
alert
Callable (or a list of callables) to run in order to alert of check status changes
notify
Callable (or a list of callables) to run in order to notify of changes in check's output
run_condition
Callable to run to decide if check run should be skipped
run_threshold
Threshold for mean run time in order to consider check to be degraded
result_filter
Callable to run to filter check command output lines prior to matching check results
on_result
on_first
on_up
on_down
on_degrade
on_restore
on_change
Callable to run with the result of the check on the specified events

Example 

DANE(
    'smtp.domain.example', 465,
)
Return to Pyng