API Reference
DnsSecAnalysis
Provides DNSSEC validation utilities for a domain.
Inheritance
- Object
- DnsSecAnalysis
Remarks
Using dnsclientx the full DNSSEC chain is retrieved and validated against DS records from the parent zone.
Usage
This type appears in these public API surfaces even when no hand-authored example is attached directly to the page.
Returned or exposed by
- Property DomainHealthCheck.DnsSecAnalysis
- Property DnssecStatusInfo.Raw
Accepted by parameters
- Method DnsSecConverter.Convert
- Method DnssecNarrative.Build
- Method Converters.Convert
Constructors
public DnsSecAnalysis() #Methods
AlgorithmNumber(System.String name) #Maps DNS algorithm names to their numeric identifiers.
Parameters
- name System.String
- Algorithm name.
Returns
Numeric algorithm identifier.
public async Task Analyze(String domainName, InternalLogger logger, DnsConfiguration dnsConfiguration = null, CancellationToken ct = null) #TaskPerforms DNSSEC validation for the specified domain.
Parameters
- domainName System.String
- Domain to validate.
- logger DomainDetective.InternalLogger
- Logger used for diagnostics.
- dnsConfiguration DomainDetective.DnsConfiguration = null
- Optional DNS configuration.
- ct System.Threading.CancellationToken = null
- Cancellation token.
ComputeKeyTag(System.Collections.Generic.List{System.Byte} rdata) #Computes the DNSSEC key tag for the given RDATA sequence.
Parameters
- rdata System.Collections.Generic.List{System.Byte}
- RDATA bytes from the DNSKEY record.
Returns
The computed key tag.
public static Int32 ComputeKeyTag(String dnskeyRecord) #Int32Computes the DNSSEC key tag from a DNSKEY record.
Parameters
- dnskeyRecord System.String
- Full DNSKEY record string.
Returns
Key tag value or 0 if parsing fails.
public static async Task<ValueTuple<IReadOnlyList<String>, Nullable<DateTimeOffset>>> DownloadTrustAnchors(InternalLogger logger = null, CancellationToken cancellationToken = null, String cacheDirectory = null) #Task<ValueTuple<IReadOnlyList<String>, Nullable<DateTimeOffset>>>Executes the download trust anchors operation.
Parameters
- logger DomainDetective.InternalLogger = null
- cancellationToken System.Threading.CancellationToken = null
- cacheDirectory System.String = null
ToWireFormat(System.String domainName) #Converts a domain name to its DNS wire format representation.
Parameters
- domainName System.String
- Domain name to convert.
Returns
Byte array containing the wire format representation.
public async Task<Boolean> ValidateRecord(String domain, DnsRecordType type, CancellationToken ct = null) #Task<Boolean>Validates that the specified record has a valid DNSSEC signature.
Parameters
- domain System.String
- Domain name to query.
- type DnsClientX.DnsRecordType
- Record type to validate.
- ct System.Threading.CancellationToken = null
- Cancellation token.
Returns
true when the record is signed and validated; otherwise false.
VerifyDsMatch(System.String dnskey, System.String dsRecord, System.String domainName) #Validates that the provided DS record matches the specified DNSKEY.
Parameters
- dnskey System.String
- DNSKEY record data.
- dsRecord System.String
- DS record data.
- domainName System.String
- Domain name used in the calculation.
Returns
true if the DS record corresponds to the DNSKEY; otherwise false.
Inherited Methods
public override Boolean Equals(Object obj) #BooleanParameters
- obj Object
Properties
public String Subject { get; set; } #Gets or sets the subject value.
public Boolean UseLocalDnssecValidation { get; set; } #When true, DnsClientX performs local DNSSEC validation.
public Func<String, DnsRecordType, CancellationToken, Task<DnsResponse>> QueryDnsResponseOverride { get; set; } #Optional full-response DNS override used by browser-safe callers.
AdProbeOverride #Optional override for multi-resolver AD probing used in tests. Returns (ok: response success, ad: AD bit set for DS and DNSKEY).
public IReadOnlyList<String> MismatchSummary { get; } #Gets a list describing mismatches encountered while validating the DNSSEC chain.
public IReadOnlyList<String> Warnings { get; } #Collection of warning messages.
public IReadOnlyList<String> DsRecords { get; set; } #Gets the DS records returned for the domain.
public IReadOnlyList<String> DnsKeys { get; set; } #Gets the DNSKEY records returned for the domain.
public IReadOnlyList<String> Signatures { get; set; } #Gets the DNSSEC signatures returned for the domain.
public IReadOnlyList<RrsigInfo> Rrsigs { get; set; } #Structured RRSIG records returned for the domain.
public Boolean AuthenticData { get; set; } #Gets a value indicating whether the DNSKEY query returned authentic data.
public Boolean DsAuthenticData { get; set; } #Gets a value indicating whether the DS query returned authentic data.
public Boolean DsMatch { get; set; } #Gets a value indicating whether the DS record matches the DNSKEY.
public Boolean ChainValid { get; set; } #Gets a value indicating whether the full DNSSEC chain is valid.
public IReadOnlyList<Int32> DsTtls { get; set; } #Gets the TTL values for each parent DS record.
public Int32 RootKeyTag { get; set; } #Gets the key tag of the root trust anchor.
public TimeSpan KeyExpirationWarningThreshold { get; set; } #Threshold for raising key expiration warnings.
public Boolean KeyExpiresSoon { get; set; } #Indicates whether any key expires soon.
public Nullable<DateTimeOffset> RootAnchorExpiration { get; set; } #Expiration date for the root trust anchor.
public virtual List<Assessment> Assessments { get; } #Structured assessments captured during DNSSEC validation.
public IReadOnlyList<RecommendationAdvice> Recommendations { get; } #Represents the recommendations value.