Domain Detective

API Reference

Class

DnsSecAnalysis

Namespace DomainDetective
Assembly DomainDetective
Implements

Provides DNSSEC validation utilities for a domain.

Inheritance

  • Object
  • DnsSecAnalysis

Remarks

Using dnsclientx the full DNSSEC chain is retrieved and validated against DS records from the parent zone.

Usage

This type appears in these public API surfaces even when no hand-authored example is attached directly to the page.

Returned or exposed by

Accepted by parameters

Constructors

Methods

AlgorithmNumber(System.String name) #

Maps DNS algorithm names to their numeric identifiers.

Parameters

name System.String required
Algorithm name.

Returns

Numeric algorithm identifier.

public async Task Analyze(String domainName, InternalLogger logger, DnsConfiguration dnsConfiguration = null, CancellationToken ct = null) #
Returns: Task

Performs DNSSEC validation for the specified domain.

Parameters

domainName System.String requiredposition: 0
Domain to validate.
logger DomainDetective.InternalLogger requiredposition: 1
Logger used for diagnostics.
dnsConfiguration DomainDetective.DnsConfiguration = null optionalposition: 2
Optional DNS configuration.
ct System.Threading.CancellationToken = null optionalposition: 3
Cancellation token.
ComputeKeyTag 2 overloads
ComputeKeyTag(System.Collections.Generic.List{System.Byte} rdata) #

Computes the DNSSEC key tag for the given RDATA sequence.

Parameters

rdata System.Collections.Generic.List{System.Byte} required
RDATA bytes from the DNSKEY record.

Returns

The computed key tag.

public static Int32 ComputeKeyTag(String dnskeyRecord) #
Returns: Int32

Computes the DNSSEC key tag from a DNSKEY record.

Parameters

dnskeyRecord System.String requiredposition: 0
Full DNSKEY record string.

Returns

Key tag value or 0 if parsing fails.

public static async Task<ValueTuple<IReadOnlyList<String>, Nullable<DateTimeOffset>>> DownloadTrustAnchors(InternalLogger logger = null, CancellationToken cancellationToken = null, String cacheDirectory = null) #
Returns: Task<ValueTuple<IReadOnlyList<String>, Nullable<DateTimeOffset>>>

Executes the download trust anchors operation.

Parameters

logger DomainDetective.InternalLogger = null optionalposition: 0
cancellationToken System.Threading.CancellationToken = null optionalposition: 1
cacheDirectory System.String = null optionalposition: 2
ToWireFormat(System.String domainName) #

Converts a domain name to its DNS wire format representation.

Parameters

domainName System.String required
Domain name to convert.

Returns

Byte array containing the wire format representation.

public async Task<Boolean> ValidateRecord(String domain, DnsRecordType type, CancellationToken ct = null) #
Returns: Task<Boolean>

Validates that the specified record has a valid DNSSEC signature.

Parameters

domain System.String requiredposition: 0
Domain name to query.
type DnsClientX.DnsRecordType requiredposition: 1
Record type to validate.
ct System.Threading.CancellationToken = null optionalposition: 2
Cancellation token.

Returns

true when the record is signed and validated; otherwise false.

VerifyDsMatch(System.String dnskey, System.String dsRecord, System.String domainName) #

Validates that the provided DS record matches the specified DNSKEY.

Parameters

dnskey System.String required
DNSKEY record data.
dsRecord System.String required
DS record data.
domainName System.String required
Domain name used in the calculation.

Returns

true if the DS record corresponds to the DNSKEY; otherwise false.

Properties

public String Subject { get; set; } #

Gets or sets the subject value.

public Boolean UseLocalDnssecValidation { get; set; } #

When true, DnsClientX performs local DNSSEC validation.

public Func<String, DnsRecordType, CancellationToken, Task<DnsResponse>> QueryDnsResponseOverride { get; set; } #

Optional full-response DNS override used by browser-safe callers.

AdProbeOverride #

Optional override for multi-resolver AD probing used in tests. Returns (ok: response success, ad: AD bit set for DS and DNSKEY).

public IReadOnlyList<String> MismatchSummary { get; } #

Gets a list describing mismatches encountered while validating the DNSSEC chain.

public IReadOnlyList<String> Warnings { get; } #

Collection of warning messages.

public IReadOnlyList<String> DsRecords { get; set; } #

Gets the DS records returned for the domain.

public IReadOnlyList<String> DnsKeys { get; set; } #

Gets the DNSKEY records returned for the domain.

public IReadOnlyList<String> Signatures { get; set; } #

Gets the DNSSEC signatures returned for the domain.

public IReadOnlyList<RrsigInfo> Rrsigs { get; set; } #

Structured RRSIG records returned for the domain.

public Boolean AuthenticData { get; set; } #

Gets a value indicating whether the DNSKEY query returned authentic data.

public Boolean DsAuthenticData { get; set; } #

Gets a value indicating whether the DS query returned authentic data.

public Boolean DsMatch { get; set; } #

Gets a value indicating whether the DS record matches the DNSKEY.

public Boolean ChainValid { get; set; } #

Gets a value indicating whether the full DNSSEC chain is valid.

public IReadOnlyList<Int32> DsTtls { get; set; } #

Gets the TTL values for each parent DS record.

public Int32 RootKeyTag { get; set; } #

Gets the key tag of the root trust anchor.

public TimeSpan KeyExpirationWarningThreshold { get; set; } #

Threshold for raising key expiration warnings.

public Boolean KeyExpiresSoon { get; set; } #

Indicates whether any key expires soon.

public Nullable<DateTimeOffset> RootAnchorExpiration { get; set; } #

Expiration date for the root trust anchor.

public virtual List<Assessment> Assessments { get; } #

Structured assessments captured during DNSSEC validation.

public IReadOnlyList<RecommendationAdvice> Recommendations { get; } #

Represents the recommendations value.

{{ include "footer" }}