dt-danechk






dt−danechk − validate TLSA records against SSL certificates.


  dt−danechk [options] DOMAIN_NAME

dt‐danechk is a diagnostic tool that can be used to test the
validity of an SSL/TLS certificate against the TLSA record
published in the DNS.  For more information on TLSA and DANE
see RFC 6698.



−h, −−help
    Display usage and exit.

−l label, −−label=label
    This option can be used to specify the validation policy
    label.  If this option is not given, the default
    validator policy is used.

−x proto, −−proto proto
    Specifies the protocol associated with the TLSA
    certificate.  Possible values for the proto field are:

    •   tcp   TCP protocol

    •   udp   UDP protocol

    •   sc    SCTP protocol (not supported)

        The default value for proto is tcp.

−p port, −−port=port
    Specifies the port associated with the TLSA certificate.
    The default value for port is 443.

−o, −−output=<debug−level>:<dest−type>[:<dest−options>]
    <debug−level> is 1−7, corresponding to syslog levels
    ALERT‐DEBUG <dest−type> is one of file, net, syslog,
    stderr, stdout <dest−options> depends on <dest−type>
        file:<file−name>   (opened in append mode)
        net[:<host−name>:<host−port>] (127.0.0.1:1053
        syslog[:facility] (0−23 (default 1 USER))

−s, −−sync
    Perform synchronous lookups. The default is to perform
    asynchronous lookups.

−v FILE, −−dnsval−conf=FILE
    This option can be used to specify the location of the
    dnsval.conf configuration file.

−r FILE, −−resolv−conf=FILE
    This option can be used to specify the location of the









                             ‐2‐


    resolv.conf configuration file containing the name
    servers to use for lookups.

−i FILE, −−root−hints=FILE
    This option can be used to specify the location of the
    root.hints configuration file, containing the root name
    servers.  This is only used when no name server is
    found, and dt‐validate must do recursive lookups itself.

−V, −−version
    Display the version and exit.

libval

Copyright 2005−2013 SPARTA, Inc.  All rights reserved.  See
the COPYING file included with the DNSSEC‐Tools package for
details.

Suresh Krishnaswamy

libval(3)

     dnsval.conf(5)

     http://www.dnssec−tools.org