SYNOPSIS
dt-danechk [options] DOMAIN_NAME
DESCRIPTION
dt-danechk is a diagnostic tool that can be used to test the validity of an SSL/TLS certificate against the TLSA record published in the DNS. For more information on TLSA and DANE see RFC 6698.OPTIONS
- -h, --help
- Display usage and exit.
- -l label, --label=label
- This option can be used to specify the validation policy label. If this option is not given, the default validator policy is used.
- -x proto, --proto proto
-
Specifies the protocol associated with the TLSA certificate.
Possible values for the proto field are:
-
- tcp TCP protocol
- udp UDP protocol
- sc SCTP protocol (not supported)
-
The default value for proto is tcp.
-
- -p port, --port=port
- Specifies the port associated with the TLSA certificate. The default value for port is 443.
- -o, --output=<debug-level>:<dest-type>[:<dest-options>]
-
<debug-level> is 1-7, corresponding to syslog levels ALERT-DEBUG
<dest-type> is one of file, net, syslog, stderr, stdout
<dest-options> depends on <dest-type>
file:<file-name> (opened in append mode)
net[:<host-name>:<host-port>] (127.0.0.1:1053
syslog[:facility] (0-23 (default 1 USER)) - -s, --sync
- Perform synchronous lookups. The default is to perform asynchronous lookups.
- -v FILE, --dnsval-conf=FILE
- This option can be used to specify the location of the dnsval.conf configuration file.
- -r FILE, --resolv-conf=FILE
- This option can be used to specify the location of the resolv.conf configuration file containing the name servers to use for lookups.
- -i FILE, --root-hints=FILE
- This option can be used to specify the location of the root.hints configuration file, containing the root name servers. This is only used when no name server is found, and dt-validate must do recursive lookups itself.
- -V, --version
- Display the version and exit.