.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.if !\nF .nr F 0
.if \nF>0 \{\
.    de IX
.    tm Index:\\$1\t\\n%\t"\\$2"
..
.    if !\nF==2 \{\
.        nr % 0
.        nr F 2
.    \}
.\}
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "DT-DANECHK 1"
.TH DT-DANECHK 1 "2016-12-16" "perl v5.26.2" "User Commands"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
dt\-danechk \- validate TLSA records against SSL certificates.
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\&  dt\-danechk [options] DOMAIN_NAME
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fBdt-danechk\fR is a diagnostic tool that can be used to test the validity
of an \s-1SSL/TLS\s0 certificate against the \s-1TLSA\s0 record published in the \s-1DNS.\s0
For more information on \s-1TLSA\s0 and \s-1DANE\s0 see \s-1RFC 6698.\s0
.SH "OPTIONS"
.IX Header "OPTIONS"
.IP "\-h, \-\-help" 4
.IX Item "-h, --help"
Display usage and exit.
.IP "\-l \fIlabel\fR, \-\-label=\fIlabel\fR" 4
.IX Item "-l label, --label=label"
This option can be used to specify the validation policy label. 
If this option is not given, the default validator policy is used.
.IP "\-x \fIproto\fR, \-\-proto \fIproto\fR" 4
.IX Item "-x proto, --proto proto"
Specifies the protocol associated with the \s-1TLSA\s0 certificate. 
Possible values for the \fIproto\fR field are:
.RS 4
.IP "\(bu" 4
\&\fBtcp\fR   \s-1TCP\s0 protocol
.IP "\(bu" 4
\&\fBudp\fR   \s-1UDP\s0 protocol
.IP "\(bu" 4
\&\fBsc\fR    \s-1SCTP\s0 protocol (not supported)
.RE
.RS 4
.Sp
The default value for \fIproto\fR is \fBtcp\fR.
.RE
.IP "\-p \fIport\fR, \-\-port=\fIport\fR" 4
.IX Item "-p port, --port=port"
Specifies the port associated with the \s-1TLSA\s0 certificate. 
The default value for \fIport\fR is \fB443\fR.
.IP "\-o, \-\-output=<debug\-level>:<dest\-type>[:<dest\-options>]" 4
.IX Item "-o, --output=<debug-level>:<dest-type>[:<dest-options>]"
<debug\-level> is 1\-7, corresponding to syslog levels ALERT-DEBUG
<dest\-type> is one of file, net, syslog, stderr, stdout
<dest\-options> depends on <dest\-type>
    file:<file\-name>   (opened in append mode)
    net[:<host\-name>:<host\-port>] (127.0.0.1:1053
    syslog[:facility] (0\-23 (default 1 \s-1USER\s0))
.IP "\-s, \-\-sync" 4
.IX Item "-s, --sync"
Perform synchronous lookups. The default is to perform asynchronous
lookups.
.IP "\-v \fI\s-1FILE\s0\fR, \-\-dnsval\-conf=\fI\s-1FILE\s0\fR" 4
.IX Item "-v FILE, --dnsval-conf=FILE"
This option can be used to specify the location of the \fBdnsval.conf\fR
configuration file.
.IP "\-r \fI\s-1FILE\s0\fR, \-\-resolv\-conf=\fI\s-1FILE\s0\fR" 4
.IX Item "-r FILE, --resolv-conf=FILE"
This option can be used to specify the location of the \fBresolv.conf\fR
configuration file containing the name servers to use for lookups.
.IP "\-i \fI\s-1FILE\s0\fR, \-\-root\-hints=\fI\s-1FILE\s0\fR" 4
.IX Item "-i FILE, --root-hints=FILE"
This option can be used to specify the location of the root.hints
configuration file, containing the root name servers.  This is only
used when no name server is found, and \fBdt-validate\fR must do recursive
lookups itself.
.IP "\-V, \-\-version" 4
.IX Item "-V, --version"
Display the version and exit.
.SH "PRE-REQUISITES"
.IX Header "PRE-REQUISITES"
\&\fBlibval\fR
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2005\-2013 \s-1SPARTA,\s0 Inc.  All rights reserved.
See the \s-1COPYING\s0 file included with the DNSSEC-Tools package for details.
.SH "AUTHORS"
.IX Header "AUTHORS"
Suresh Krishnaswamy
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fB\f(BIlibval\fB\|(3)\fR
.PP
\&\fB\f(BIdnsval.conf\fB\|(5)\fR
.PP
http://www.dnssec\-tools.org