search

domainaware / checkdmarc

A parser for SPF and DMARC DNS records
https://domainaware.github.io/checkdmarc
Apache License 2.0
239 stars 75 forks source link

DANE support #63

Open ada86 opened 3 years ago

ada86 commented 3 years ago

It would be a great add to have a look if the domain has TLSA record and if possible, even verify its validity

seanthegeek commented 6 months ago

I have a lot of reading to do before I tackle this.

https://datatracker.ietf.org/doc/html/rfc6698

https://datatracker.ietf.org/doc/html/rfc7672

https://dnspython.readthedocs.io/en/latest/dnssec.html

https://www.mailhardener.com/tools/dane-validator

seanthegeek commented 6 months ago

@ada86 checkdmarc will now return TLSA records. However, it does not currently validate that the certificates match.