dane_verification_status_print - Linux

Overview

dane_verification_status_print is a utility for printing the status of DANE verification. It displays the validity and trust status of the DANE chain, as well as the verification errors that were encountered.

Syntax

dane_verification_status_print <hostname> [<port>]

Options/Flags

| Flag | Description | Default |
|—|—|—|
| -f, --file | Read the domain name from a file | stdin |
| -h, --help | Print usage information and exit | |
| -l, --level | Set the verification level (0-3) | 0 |
| -v, --verbose | Enable verbose output | |

Examples

• Print the DANE verification status for the domain example.com:

dane_verification_status_print example.com

• Print the DANE verification status for the domain example.com on port 443:

dane_verification_status_print example.com 443

• Print the DANE verification status for the domain example.com and save the output to a file:

dane_verification_status_print example.com > output.txt

Common Issues

• Verification failed: Ensure that the DNSSEC chain for the domain is valid and that the DANE record is correctly configured.
• No DANE record found: Check the DNSSEC chain for the domain to ensure that it is valid and contains a DANE record.
• Invalid DANE record: Verify that the DANE record is properly formatted and contains a valid TLS certificate.

Integration

• nslookup: Use dane_verification_status_print to verify the DANE status of a hostname after performing a DNS lookup: nslookup -type TLSA example.com | dane_verification_status_print -f -
• openssl: Use dane_verification_status_print to verify the DANE status of a hostname before establishing a secure connection: openssl s_client -dane_verify -showcerts example.com 443 2>/dev/null | dane_verification_status_print -f -

Related Commands

• dig
• nslookup
• openssl