dane_verification_status_print - Linux


Overview

dane_verification_status_print is a utility for printing the status of DANE verification. It displays the validity and trust status of the DANE chain, as well as the verification errors that were encountered.

Syntax

dane_verification_status_print <hostname> [<port>]

Options/Flags

| Flag | Description | Default |
|—|—|—|
| -f, --file | Read the domain name from a file | stdin |
| -h, --help | Print usage information and exit | |
| -l, --level | Set the verification level (0-3) | 0 |
| -v, --verbose | Enable verbose output | |

Examples

  • Print the DANE verification status for the domain example.com:
dane_verification_status_print example.com
  • Print the DANE verification status for the domain example.com on port 443:
dane_verification_status_print example.com 443
  • Print the DANE verification status for the domain example.com and save the output to a file:
dane_verification_status_print example.com > output.txt

Common Issues

  • Verification failed: Ensure that the DNSSEC chain for the domain is valid and that the DANE record is correctly configured.
  • No DANE record found: Check the DNSSEC chain for the domain to ensure that it is valid and contains a DANE record.
  • Invalid DANE record: Verify that the DANE record is properly formatted and contains a valid TLS certificate.

Integration

  • nslookup: Use dane_verification_status_print to verify the DANE status of a hostname after performing a DNS lookup: nslookup -type TLSA example.com | dane_verification_status_print -f -
  • openssl: Use dane_verification_status_print to verify the DANE status of a hostname before establishing a secure connection: openssl s_client -dane_verify -showcerts example.com 443 2>/dev/null | dane_verification_status_print -f -

Related Commands

  • dig
  • nslookup
  • openssl