check_dnssec is a set of Nagios plugins to monitor DNSSEC services/zones. check_dnssec is based on ldns, a low-level DNS(SEC) library. check_dnssec_expiration checks if a domain is signed and the signature is not exited or expiring soon. check_dnssec_trace checks if a domain can trust traces from a domain with a trust-anchor. check_dnssec_trust_anchor checks if all trust anchors in a file are valid.
Phreebird is a DNSSEC proxy that operates in front of an existing DNS server (such as BIND, Unbound, PowerDNS, Microsoft DNS, or QIP) and supplements its records with DNSSEC responses. Features of Phreebird include automatic key generation, realtime record signing, support for arbitrary responses, zero configuration, NSEC3 "White Lies", caching and rate limiting to deter DoS attacks, and experimental support for both Coarse Time over DNS and HTTP Virtual Channels. The suite also contains a large amount of sample code, including support for federated identity over OpenSSH. Finally, "Phreeload" enhances existing OpenSSL applications with DNSSEC support.