imrehg
commented
9 years ago DNSSEC does not seem to be part of the standard SSLLabs Test API just yet (see their API docs). Thus would have to run an external command with extra files by the look of what you wrote.
It's a) a different layer than SSL, b) more advanced security and the currently monitored sites need a long way to get there if ever, c) would need external tools. These three parts make the changes very low priority for me. If you have any workable patch, I'm happy to test, though.
test@test-VirtualBox ~ $ dig +sigchase +trusted-key=./root.keys www.asio.gov.au. A |grep validation ;; RRSIG is missing for continue validation: FAILED
test@test-VirtualBox ~ $ dig +sigchase +trusted-key=./root.keys www.eurid.eu. A |grep validation ;; Ok this DNSKEY is a Trusted Key, DNSSEC validation is ok: SUCCESS
This works well.