dt-danechk

DT-DANECHK(1)                    User Commands                   DT-DANECHK(1)



NAME
       dt-danechk - validate TLSA records against SSL certificates.

SYNOPSIS
         dt-danechk [options] DOMAIN_NAME

DESCRIPTION
       dt-danechk is a diagnostic tool that can be used to test the validity
       of an SSL/TLS certificate against the TLSA record published in the DNS.
       For more information on TLSA and DANE see RFC 6698.

OPTIONS
       -h, --help
           Display usage and exit.

       -l label, --label=label
           This option can be used to specify the validation policy label.  If
           this option is not given, the default validator policy is used.

       -x proto, --proto proto
           Specifies the protocol associated with the TLSA certificate.
           Possible values for the proto field are:

           ·   tcp   TCP protocol

           ·   udp   UDP protocol

           ·   sc    SCTP protocol (not supported)

           The default value for proto is tcp.

       -p port, --port=port
           Specifies the port associated with the TLSA certificate.  The
           default value for port is 443.

       -o, --output=<debug-level>:<dest-type>[:<dest-options>]
           <debug-level> is 1-7, corresponding to syslog levels ALERT-DEBUG
           <dest-type> is one of file, net, syslog, stderr, stdout
           <dest-options> depends on <dest-type>
               file:<file-name>   (opened in append mode)
               net[:<host-name>:<host-port>] (127.0.0.1:1053
               syslog[:facility] (0-23 (default 1 USER))

       -s, --sync
           Perform synchronous lookups. The default is to perform asynchronous
           lookups.

       -v FILE, --dnsval-conf=FILE
           This option can be used to specify the location of the dnsval.conf
           configuration file.

       -r FILE, --resolv-conf=FILE
           This option can be used to specify the location of the resolv.conf
           configuration file containing the name servers to use for lookups.

       -i FILE, --root-hints=FILE
           This option can be used to specify the location of the root.hints
           configuration file, containing the root name servers.  This is only
           used when no name server is found, and dt-validate must do
           recursive lookups itself.

       -V, --version
           Display the version and exit.

PRE-REQUISITES
       libval

COPYRIGHT
       Copyright 2005-2013 SPARTA, Inc.  All rights reserved.  See the COPYING
       file included with the DNSSEC-Tools package for details.

AUTHORS
       Suresh Krishnaswamy

SEE ALSO
       libval(3)

       dnsval.conf(5)

       http://www.dnssec-tools.org



perl v5.26.2                      2016-12-16                     DT-DANECHK(1)