GET: DNSSEC Finding Details Ingrid https://api.bitsighttech.com/ratings/v1/companies/company_guid/findings?risk_vector=dnssec Get an organization’s DNSSEC finding details. Parameters For details specific to DNSSEC, use the ?risk_vector=dnssec parameter. Other query parameters are listed in GET: Finding Details. Example Request curl https://api.bitsighttech.com/ratings/v1/companies/a940bb61-33c4-42c9-9231-c8194c305db3/findings?risk_vector=dnssec -u api_token: Example Response [See Fields That Apply to All Diligence Findings] "diligence_annotations":{ "dnskeys":[ { "protocol":3, "sepFlag":false, "algorithm":"RSASHA1", "keyLength":1104, "zoneKeyFlag":true, "publicKey":"TUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEWmdod1lZb010RG9mYW15d1l6N2lqTmRaSTBwZzM1QytJSGUzekhLdmZrYk5CUllQT3hJMmNpdE5kbFpvM1JhYXFyTkRYS1J1ZG5QQm1Rb2NrbkJkSk0xOUE2YXc4NlRucVZRYjV6TE9SUzc4ckVXK2dTWjYvaWxTS1VLWEhVdkZYYmkvSmRqaFNvSy8wcVU3cVBIbUxQTUFxV25iK3krZnJwR3RVb2xyb3pRSURBUUFC" } ], "rrsigs":[ ], "security outcome":"Provably Insecure", "nsecs":[ { "recordHash":"1tpjk84ghl5ehmqoutn58emum81uroel", "recordType":"NSEC3", "algorithm":"SHA1", "flags":"Opt-out", "iterations":0, "nextHash":"1tpl435in5dsmhstd5mo6r6hi5oj3gg9", "prevHash":"1TPI9B2TDBBG8L0JGJ4CS6KTTTTL9M2F", "salt":"-", "types":"NS DS RRSIG" } ], "reason":"{{saperix.com./DNSKEY}} does not have a validated chain of trust", "dses":[ ] Response Attributes Field Description dnskeys Object Contains Domain Name Service (DNS) record details. protocol Integer sepFlag Boolean algorithm String The algorithm used for this record. keyLength Integer The bit strength of this key. Keys shorter than 2048 bits may be insecure. zoneKeyFlag Boolean publicKey String The public portion of the Zone Signing Key pair. rrsigs String The private portion of a Zone Signing Key is used to generate a digital signature, known as a Resource Record Signature (RRSIG). security outcome String nsecs Object Contains Next Secure (NSEC) record details. recordHash String The cryptographic hash, which is the scrambled alphanumeric input going in a unilateral, 1-way direction. recordType String The DNS record types that exist for this NSEC record. algorithm String The algorithm used for this record. flags String iterations Integer The number of different hash versions within this NSEC record. nextHash String The next record name in the zone (DNSSEC sorting order). prevHash String The previous record name in the zone (DNSSEC sorting order). salt String Random text, that’s publicly appended to the domain name and before the application of the hash function, to prevent re-use. types String reason String Describes the cause of this finding. dses Array Related articles GET: Finding Details DNSSEC Findings GET: Mobile Application Security Finding Details DNSSEC Finding Messages GET: SPF Domains Finding Details Feedback 0 comments Please sign in to leave a comment.