Use delv to monitor your DNSSEC configuration in icinga2

First you need to install delv. delv is a new diagnostic tool like dig, but with improved DNSSEC support (read more). It comes with bind 9.10 and newer. If you’re already using bind >9.10 then it should be already installed. Otherwise you can grab the latest bind tarball, compile it and use the compiled delv binary:

Then download the check_delv nagios plugin script:

Add a command definition to icinga2 by creating /etc/icinga2/conf.d/check_delv.conf with the following content:

Also add an service definition to /etc/icinga2/conf.d/services.conf:

Now configure the domains your want to monitor in your host definitions. For example to monitor