https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=dnssec
Get an organization’s DNSSEC finding details.
Parameters
For details specific to TLS/SSL Certificates, use the ?risk_vector=dnssec
parameter. Other query parameters are listed in GET: Finding Details.
Example Request
curl https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?risk_vector=dnssec -u api_token:
Example Response
[See Fields That Apply to All Diligence Findings] "diligence_annotations":{ "dnskeys":[ { "protocol":3, "sepFlag":false, "algorithm":"RSASHA1", "keyLength":1104, "zoneKeyFlag":true, "publicKey":"TUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEWmdod1lZb010RG9mYW15d1l6N2lqTmRaSTBwZzM1QytJSGUzekhLdmZrYk5CUllQT3hJMmNpdE5kbFpvM1JhYXFyTkRYS1J1ZG5QQm1Rb2NrbkJkSk0xOUE2YXc4NlRucVZRYjV6TE9SUzc4ckVXK2dTWjYvaWxTS1VLWEhVdkZYYmkvSmRqaFNvSy8wcVU3cVBIbUxQTUFxV25iK3krZnJwR3RVb2xyb3pRSURBUUFC" } ], "rrsigs":[ ], "security outcome":"Provably Insecure", "nsecs":[ { "recordHash":"1tpjk84ghl5ehmqoutn58emum81uroel", "recordType":"NSEC3", "algorithm":"SHA1", "flags":"Opt-out", "iterations":0, "nextHash":"1tpl435in5dsmhstd5mo6r6hi5oj3gg9", "prevHash":"1TPI9B2TDBBG8L0JGJ4CS6KTTTTL9M2F", "salt":"-", "types":"NS DS RRSIG" } ], "reason":"{{saperix.com./DNSKEY}} does not have a validated chain of trust", "dses":[ ]
Response Attributes
Field | Description | |
---|---|---|
dnskeysObject |
Contains Domain Name Service (DNS) record details. | |
protocolInteger |
||
sepFlagBoolean |
||
algorithmString |
The algorithm used for this record. | |
keyLengthInteger |
The bit strength of this key. Keys shorter than 2048 bits may be insecure. | |
zoneKeyFlagBoolean |
||
publicKeyString |
The public portion of the Zone Signing Key pair. | |
rrsigsString |
The private portion of a Zone Signing Key is used to generate a digital signature, known as a Resource Record Signature (RRSIG). | |
security outcomeString |
||
nsecsObject |
Contains Next Secure (NSEC) record details. | |
recordHashString |
The cryptographic hash, which is the scrambled alphanumeric input going in a unilateral, 1-way direction. | |
recordTypeString |
The DNS record types that exist for this NSEC record. | |
algorithmString |
The algorithm used for this record. | |
flagsString |
||
iterationsInteger |
The number of different hash versions within this NSEC record. | |
nextHashString |
The next record name in the zone (DNSSEC sorting order). | |
prevHashString |
The previous record name in the zone (DNSSEC sorting order). | |
saltString |
Random text, that’s publicly appended to the domain name and before the application of the hash function, to prevent re-use. | |
typesString |
||
reasonString |
Describes the cause of this finding. | |
dsesArray |
Feedback
0 comments
Please sign in to leave a comment.