NAME¶
dt-validate - Query the Domain Name System and display results of the DNSSEC
validation process
SYNOPSIS¶
dt-validate [options] DOMAIN_NAME
DESCRIPTION¶
dt-validate is a diagnostic tool built on top of the DNSSEC validator. It
takes
DOMAIN_NAME as an argument and queries the DNS for that domain
name. It outputs the series of responses that were received from the DNS and
the DNSSEC validation results for each domain name. An examination of the
queries and validation results can help an administrator uncover errors in
DNSSEC configuration of DNS zones.
OPTIONS¶
- -c CLASS, --class=CLASS
- This option can be used to specify the DNS class of the Resource Record
queried. If this option is not given, the default class IN is
used.
- -h, --help
- Display the help and exit.
- -p, --print
- Print the answers and validation results. By default, dt-validate
just outputs a series of responses and their validation results on
stderr. When the -p option is used, dt-validate will
also output the final result on stdout.
- -t TYPE, --type=TYPE
- This option can be used to specify the DNS type of the Resource Record
queried. If this option is not given, dt-validate will query for
the A record for the given DOMAIN_NAME.
- -v FILE, --dnsval-conf=FILE
- This option can be used to specify the location of the dnsval.conf
configuration file.
- -r FILE, --resolv-conf=FILE
- This option can be used to specify the location of the resolv.conf
configuration file containing the name servers to use for lookups.
- -i FILE, --root-hints=FILE
- This option can be used to specify the location of the root.hints
configuration file, containing the root name servers. This is only used
when no name server is found, and dt-validate must do recursive
lookups itself.
- -S suite[:suite],
--test-suite=suite[:suite]
- This option specifies the test suite (or range of test suites) to use for
the internal tests.
- -s, --selftest
- This option can be used to specify that the application should perform its
self tests using names from the configured test-suite.
- -T number[:number],
--testcase=number[:number]
- This option can be used to run a specific test (or range of tests) from
the test suite.
- -F file, --testcase-conf=file
- This option is used to specify the file containing the test cases.
- -l label, --label=label
- This option can be used to specify the policy from within the
dnsval.conf file to use during validation.
- -w seconds, --wait=seconds
- This option can be used to run the queries specified by other flags in a
loop, with the specified interval between successive queries.
- -o,
--output=<debug-level>:<dest-type>[:<dest-options>]
- <debug-level> is 1-7, corresponding to syslog levels ALERT-DEBUG
<dest-type> is one of file, net, syslog, stderr, stdout
<dest-options> depends on <dest-type>
file:<file-name> (opened in append mode)
net[:<host-name>:<host-port>] (127.0.0.1:1053
syslog[:facility] (0-23 (default 1 USER))
PRE-REQUISITES¶
libval
COPYRIGHT¶
Copyright 2005-2013 SPARTA, Inc. All rights reserved. See the COPYING file
included with the DNSSEC-Tools package for details.
AUTHORS¶
Abhijit Hayatnagarkar, Suresh Krishnaswamy, Robert Story
SEE ALSO¶
syslog(3)
libval(3)
http://www.dnssec-tools.org