Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

GET: DNSSEC Finding Details

Ingrid

⇤ Findings

https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=dnssec

Get an organization’s DNSSEC finding details.

Parameters

For details specific to TLS/SSL Certificates, use the ?risk_vector=dnssec parameter. Other query parameters are listed in GET: Finding Details.

Example Request

curl https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?risk_vector=dnssec -u api_token:

Example Response

  [See Fields That Apply to All Diligence Findings]

  "diligence_annotations":{
    "dnskeys":[
      {
        "protocol":3,
        "sepFlag":false,
        "algorithm":"RSASHA1",
        "keyLength":1104,
        "zoneKeyFlag":true,
        "publicKey":"TUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEWmdod1lZb010RG9mYW15d1l6N2lqTmRaSTBwZzM1QytJSGUzekhLdmZrYk5CUllQT3hJMmNpdE5kbFpvM1JhYXFyTkRYS1J1ZG5QQm1Rb2NrbkJkSk0xOUE2YXc4NlRucVZRYjV6TE9SUzc4ckVXK2dTWjYvaWxTS1VLWEhVdkZYYmkvSmRqaFNvSy8wcVU3cVBIbUxQTUFxV25iK3krZnJwR3RVb2xyb3pRSURBUUFC"
      }
    ],
    "rrsigs":[ ],
    "security outcome":"Provably Insecure",
    "nsecs":[
      {
        "recordHash":"1tpjk84ghl5ehmqoutn58emum81uroel",
        "recordType":"NSEC3",
        "algorithm":"SHA1",
        "flags":"Opt-out",
        "iterations":0,
        "nextHash":"1tpl435in5dsmhstd5mo6r6hi5oj3gg9",
        "prevHash":"1TPI9B2TDBBG8L0JGJ4CS6KTTTTL9M2F",
        "salt":"-",
        "types":"NS DS RRSIG"
      }
    ],
    "reason":"{{saperix.com./DNSKEY}} does not have a validated chain of trust",
    "dses":[ ]

Response Attributes

Field Description 
dnskeys
Object 		Contains Domain Name Service (DNS) record details.
  
protocol
Integer 		  
sepFlag
Boolean 		  
algorithm
String 		The algorithm used for this record. 
keyLength
Integer 		The bit strength of this key. Keys shorter than 2048 bits may be insecure. 
zoneKeyFlag
Boolean 		  
publicKey
String 		The public portion of the Zone Signing Key pair. 
rrsigs
String 		The private portion of a Zone Signing Key is used to generate a digital signature, known as a Resource Record Signature (RRSIG). 
security outcome
String 		  
nsecs
Object 		Contains Next Secure (NSEC) record details.
  
recordHash
String 		The cryptographic hash, which is the scrambled alphanumeric input going in a unilateral, 1-way direction. 
recordType
String 		The DNS record types that exist for this NSEC record. 
algorithm
String 		The algorithm used for this record. 
flags
String 		  
iterations
Integer 		The number of different hash versions within this NSEC record. 
nextHash
String 		The next record name in the zone (DNSSEC sorting order). 
prevHash
String 		The previous record name in the zone (DNSSEC sorting order). 
salt
String 		Random text, that’s publicly appended to the domain name and before the application of the hash function, to prevent re-use. 
types
String 		  
reason
String 		Describes the cause of this finding. 
dses
Array 		 

Related articles

Feedback

0 comments

Please sign in to leave a comment.