Security Performance Management
Continuous Monitoring
Cyber Insurance
National Cybersecurity

Articles in this section

See more

GET: DNSSEC Finding Details

Avatar
Ingrid
Follow

⇤ Findings

https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=dnssec

Get an organization’s DNSSEC finding details.

Parameters

For details specific to TLS/SSL Certificates, use the ?risk_vector=dnssec parameter. Other query parameters are listed in GET: Finding Details.

Example Request

curl https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?risk_vector=dnssec -u api_token:

Example Response

  [See Fields That Apply to All Diligence Findings]

  "diligence_annotations":{
    "dnskeys":[
      {
        "protocol":3,
        "sepFlag":false,
        "algorithm":"RSASHA1",
        "keyLength":1104,
        "zoneKeyFlag":true,
        "publicKey":"TUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEWmdod1lZb010RG9mYW15d1l6N2lqTmRaSTBwZzM1QytJSGUzekhLdmZrYk5CUllQT3hJMmNpdE5kbFpvM1JhYXFyTkRYS1J1ZG5QQm1Rb2NrbkJkSk0xOUE2YXc4NlRucVZRYjV6TE9SUzc4ckVXK2dTWjYvaWxTS1VLWEhVdkZYYmkvSmRqaFNvSy8wcVU3cVBIbUxQTUFxV25iK3krZnJwR3RVb2xyb3pRSURBUUFC"
      }
    ],
    "rrsigs":[ ],
    "security outcome":"Provably Insecure",
    "nsecs":[
      {
        "recordHash":"1tpjk84ghl5ehmqoutn58emum81uroel",
        "recordType":"NSEC3",
        "algorithm":"SHA1",
        "flags":"Opt-out",
        "iterations":0,
        "nextHash":"1tpl435in5dsmhstd5mo6r6hi5oj3gg9",
        "prevHash":"1TPI9B2TDBBG8L0JGJ4CS6KTTTTL9M2F",
        "salt":"-",
        "types":"NS DS RRSIG"
      }
    ],
    "reason":"{{saperix.com./DNSKEY}} does not have a validated chain of trust",
    "dses":[ ]

Response Attributes

Field Description 
dnskeys
Object		 Contains Domain Name Service (DNS) record details.
  
protocol
Integer		   
sepFlag
Boolean		   
algorithm
String		 The algorithm used for this record. 
keyLength
Integer		 The bit strength of this key. Keys shorter than 2048 bits may be insecure. 
zoneKeyFlag
Boolean		   
publicKey
String		 The public portion of the Zone Signing Key pair. 
rrsigs
String		 The private portion of a Zone Signing Key is used to generate a digital signature, known as a Resource Record Signature (RRSIG). 
security outcome
String		   
nsecs
Object		 Contains Next Secure (NSEC) record details.
  
recordHash
String		 The cryptographic hash, which is the scrambled alphanumeric input going in a unilateral, 1-way direction. 
recordType
String		 The DNS record types that exist for this NSEC record. 
algorithm
String		 The algorithm used for this record. 
flags
String		   
iterations
Integer		 The number of different hash versions within this NSEC record. 
nextHash
String		 The next record name in the zone (DNSSEC sorting order). 
prevHash
String		 The previous record name in the zone (DNSSEC sorting order). 
salt
String		 Random text, that’s publicly appended to the domain name and before the application of the hash function, to prevent re-use. 
types
String		   
reason
String		 Describes the cause of this finding. 
dses
Array		  

Related articles