1DT-DANECHK(1)                    User Commands                   DT-DANECHK(1)
2
3
4

NAME

6       dt-danechk - validate TLSA records against SSL certificates.
7

SYNOPSIS

9         dt-danechk [options] DOMAIN_NAME
10

DESCRIPTION

12       dt-danechk is a diagnostic tool that can be used to test the validity
13       of an SSL/TLS certificate against the TLSA record published in the DNS.
14       For more information on TLSA and DANE see RFC 6698.
15

OPTIONS

17       -h, --help
18           Display usage and exit.
19
20       -l label, --label=label
21           This option can be used to specify the validation policy label.  If
22           this option is not given, the default validator policy is used.
23
24       -x proto, --proto proto
25           Specifies the protocol associated with the TLSA certificate.
26           Possible values for the proto field are:
27
28           ·   tcp   TCP protocol
29
30           ·   udp   UDP protocol
31
32           ·   sc    SCTP protocol (not supported)
33
34           The default value for proto is tcp.
35
36       -p port, --port=port
37           Specifies the port associated with the TLSA certificate.  The
38           default value for port is 443.
39
40       -o, --output=<debug-level>:<dest-type>[:<dest-options>]
41           <debug-level> is 1-7, corresponding to syslog levels ALERT-DEBUG
42           <dest-type> is one of file, net, syslog, stderr, stdout
43           <dest-options> depends on <dest-type>
44               file:<file-name>   (opened in append mode)
45               net[:<host-name>:<host-port>] (127.0.0.1:1053
46               syslog[:facility] (0-23 (default 1 USER))
47
48       -s, --sync
49           Perform synchronous lookups. The default is to perform asynchronous
50           lookups.
51
52       -v FILE, --dnsval-conf=FILE
53           This option can be used to specify the location of the dnsval.conf
54           configuration file.
55
56       -r FILE, --resolv-conf=FILE
57           This option can be used to specify the location of the resolv.conf
58           configuration file containing the name servers to use for lookups.
59
60       -i FILE, --root-hints=FILE
61           This option can be used to specify the location of the root.hints
62           configuration file, containing the root name servers.  This is only
63           used when no name server is found, and dt-validate must do
64           recursive lookups itself.
65
66       -V, --version
67           Display the version and exit.
68

PRE-REQUISITES

70       libval
71

73       Copyright 2005-2013 SPARTA, Inc.  All rights reserved.  See the COPYING
74       file included with the DNSSEC-Tools package for details.
75

AUTHORS

77       Suresh Krishnaswamy
78

SEE ALSO

80       libval(3)
81
82       dnsval.conf(5)
83
84       http://www.dnssec-tools.org
85
86
87
88perl v5.26.2                      2016-12-16                     DT-DANECHK(1)
Impressum