DNS Institute provides detailed DNS and DNSSEC analysis via an automated monitoring system. (This is in addition to our consulting services and DNS server system checklist review.) The monitoring can be done frequently or periodically.
It has over 125 tests and queries against the known name servers including using TCP and via IPv6. (This page only shows a few examples.) The reports provide explanations and bibliographic citations for the test statements which are based on Internet standards and IETF RFC specifications; NIST, CERT, and US government mandates; and DNS software documented policies and best practices.
The automated monitoring checks include query response times; EDNS; RRSIG inception and expiration; cryptographic algorithms; sane SOA record data; routing diversity; approved key lengths; and much much more.
We can provide reports and graphs of aggregated results. Depending on your needs we can provide timely or delayed alerts. Contact us about monitoring your DNS as a professional service.
We currently do periodic analysis of thousands of domain names owned by Fortune 500 companies, US federal government, and the top 100 largest banks (as defined in the S&P Global Bank ranking). The following is an arbitrary snapshot out of hundreds of warnings and failures. Even more critical findings may exist currently, so don't assume these are the key issues. (The checks also generate other interesting diagnostic information.)
Feel free to contact us about any of these random examples for bibliographic references, details, and explanations. If this is your company and you want a full report, let us know with your company contact information and a reference to your company relationship, such as LinkedIn or a company webpage (or a TXT record in DNS).