DT-DANECHK(1) User Commands DT-DANECHK(1)

dt-danechk - validate TLSA records against SSL certificates.

dt-danechk [options] DOMAIN_NAME

dt-danechk is a diagnostic tool that can be used to test the validity of an SSL/TLS certificate against the TLSA record published in the DNS. For more information on TLSA and DANE see RFC 6698.

Display usage and exit.
This option can be used to specify the validation policy label. If this option is not given, the default validator policy is used.
Specifies the protocol associated with the TLSA certificate. Possible values for the proto field are:
  • tcp TCP protocol
  • udp UDP protocol
  • sc SCTP protocol (not supported)

The default value for proto is tcp.

Specifies the port associated with the TLSA certificate. The default value for port is 443.
<debug-level> is 1-7, corresponding to syslog levels ALERT-DEBUG <dest-type> is one of file, net, syslog, stderr, stdout <dest-options> depends on <dest-type>
file:<file-name> (opened in append mode)
net[:<host-name>:<host-port>] (127.0.0.1:1053
syslog[:facility] (0-23 (default 1 USER))
Perform synchronous lookups. The default is to perform asynchronous lookups.
This option can be used to specify the location of the dnsval.conf configuration file.
This option can be used to specify the location of the resolv.conf configuration file containing the name servers to use for lookups.
This option can be used to specify the location of the root.hints configuration file, containing the root name servers. This is only used when no name server is found, and dt-validate must do recursive lookups itself.
Display the version and exit.

libval

Copyright 2005-2013 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details.

Suresh Krishnaswamy

libval(3)

dnsval.conf(5)

http://www.dnssec-tools.org

2016-12-16 perl v5.26.2