dane_raw_tlsa - Linux
Overview
dane_raw_tlsa is a Unix utility that aids in managing Transport Layer Security Authentication Name (TLSA) records stored in the Domain Name System (DNS). It verifies that a domain’s TLSA record matches the TLS certificate used by the corresponding website.
Syntax
dane_raw_tlsa [-a a] [-h] [-s hostname] [-p port] [-d domain] [-p protocol] [-q queries]
Options/Flags
- -a a Raw TLSA record (see RFC 6698)
- -h Display help and usage information
- -s hostname Hostname to connect to
- -p port Port to connect to (default: 443)
- -d domain The domain name to verify (default: hostname)
- -p protocol The protocol to use (default: tls)
- -q queries The queries to run (default: all)
Examples
- Verify the TLSA record for the website
example.com
:
dane_raw_tlsa -d example.com
- Verify the TLSA record for a specific hostname and port:
dane_raw_tlsa -s mail.example.com -p 25
- Verify all TLSA records for a domain:
dane_raw_tlsa -d example.com -q all
Common Issues
- Error connecting to server: Ensure that the specified hostname is correct and the port is open.
- No TLSA records found: The domain may not have any TLSA records configured.
- TLSA records do not match certificate: The TLS certificate used by the website may not match the TLSA records in the DNS.
Integration
dane_raw_tlsa can be used alongside other tools for TLS and DNS management, such as:
- openssl: To retrieve and inspect TLS certificates
- dig: To query DNS records
- bash: For scripting and automation
Related Commands
- dig: DNS record lookup utility
- openssl: TLS certificate management utility