dt-danechk - Man Page

validate TLSA records against SSL certificates.

Synopsis

  dt-danechk [options] DOMAIN_NAME

Description

dt-danechk is a diagnostic tool that can be used to test the validity of an SSL/TLS certificate against the TLSA record published in the DNS. For more information on TLSA and DANE see RFC 6698.

Options

-h, --help

Display usage and exit.

-l label, --label=label

This option can be used to specify the validation policy label. If this option is not given, the default validator policy is used.

-x proto, --proto proto

Specifies the protocol associated with the TLSA certificate. Possible values for the proto field are:

tcp TCP protocol
udp UDP protocol
sc SCTP protocol (not supported)

The default value for proto is tcp.

-p port, --port=port

Specifies the port associated with the TLSA certificate. The default value for port is 443.

-o, --output=<debug-level>:<dest-type>[:<dest-options>]

<debug-level> is 1-7, corresponding to syslog levels ALERT-DEBUG <dest-type> is one of file, net, syslog, stderr, stdout <dest-options> depends on <dest-type>
file:<file-name> (opened in append mode)
net[:<host-name>:<host-port>] (127.0.0.1:1053
syslog[:facility] (0-23 (default 1 USER))

-s, --sync

Perform synchronous lookups. The default is to perform asynchronous lookups.

-v FILE, --dnsval-conf=FILE

This option can be used to specify the location of the dnsval.conf configuration file.

-r FILE, --resolv-conf=FILE

This option can be used to specify the location of the resolv.conf configuration file containing the name servers to use for lookups.

-i FILE, --root-hints=FILE

This option can be used to specify the location of the root.hints configuration file, containing the root name servers. This is only used when no name server is found, and dt-validate must do recursive lookups itself.

-V, --version

Display the version and exit.

dt-danechk - Man Page

Synopsis

Description

Options

Pre-Requisites

Copyright

Authors

See Also

Info