dane_verification_status_print - Linux
Overview
dane_verification_status_print is a utility for printing the status of DANE verification. It displays the validity and trust status of the DANE chain, as well as the verification errors that were encountered.
Syntax
dane_verification_status_print <hostname> [<port>]
Options/Flags
| Flag | Description | Default |
|—|—|—|
| -f, --file
| Read the domain name from a file | stdin |
| -h, --help
| Print usage information and exit | |
| -l, --level
| Set the verification level (0-3) | 0 |
| -v, --verbose
| Enable verbose output | |
Examples
- Print the DANE verification status for the domain
example.com
:
dane_verification_status_print example.com
- Print the DANE verification status for the domain
example.com
on port 443:
dane_verification_status_print example.com 443
- Print the DANE verification status for the domain
example.com
and save the output to a file:
dane_verification_status_print example.com > output.txt
Common Issues
- Verification failed: Ensure that the DNSSEC chain for the domain is valid and that the DANE record is correctly configured.
- No DANE record found: Check the DNSSEC chain for the domain to ensure that it is valid and contains a DANE record.
- Invalid DANE record: Verify that the DANE record is properly formatted and contains a valid TLS certificate.
Integration
- nslookup: Use
dane_verification_status_print
to verify the DANE status of a hostname after performing a DNS lookup:nslookup -type TLSA example.com | dane_verification_status_print -f -
- openssl: Use
dane_verification_status_print
to verify the DANE status of a hostname before establishing a secure connection:openssl s_client -dane_verify -showcerts example.com 443 2>/dev/null | dane_verification_status_print -f -
Related Commands
- dig
- nslookup
- openssl