dt-danechk man page

dt-danechk — validate TLSA records against SSL certificates.

Synopsis

dt-danechk [options] DOMAIN_NAME

Description

dt-danechk is a diagnostic tool that can be used to test the validity of an SSL/TLS certificate against the TLSA record published in the DNS. For more information on TLSA and DANE see RFC 6698.

Options

-h, --help
Display usage and exit.
-l label, --label=label
This option can be used to specify the validation policy label. If this option is not given, the default validator policy is used.
-x proto, --proto proto

Specifies the protocol associated with the TLSA certificate. Possible values for the proto field are:

·
tcp TCP protocol
·
udp UDP protocol
·
sc SCTP protocol (not supported)

The default value for proto is tcp.

-p port, --port=port
Specifies the port associated with the TLSA certificate. The default value for port is 443.
-o, --output=<debug-level>:<dest-type>[:<dest-options>]
<debug-level> is 1-7, corresponding to syslog levels ALERT-DEBUG <dest-type> is one of file, net, syslog, stderr, stdout <dest-options> depends on <dest-type>
file:<file-name> (opened in append mode)
net[:<host-name>:<host-port>] (127.0.0.1:1053
syslog[:facility] (0-23 (default 1 USER))
-s, --sync
Perform synchronous lookups. The default is to perform asynchronous lookups.
-v FILE, --dnsval-conf=FILE
This option can be used to specify the location of the dnsval.conf configuration file.
-r FILE, --resolv-conf=FILE
This option can be used to specify the location of the resolv.conf configuration file containing the name servers to use for lookups.
-i FILE, --root-hints=FILE
This option can be used to specify the location of the root.hints configuration file, containing the root name servers. This is only used when no name server is found, and dt-validate must do recursive lookups itself.
-V, --version
Display the version and exit.

Pre-Requisites

libval

Authors

Suresh Krishnaswamy

See Also

libval(3)

dnsval.conf(5)

http://www.dnssec-tools.org

Info

2013-03-07 perl v5.12.4 User Commands