/contrib/bind9/bin/dnssec/dnssec-dsfromkey.8

https://bitbucket.org/freebsd/freebsd-head/ · Unknown · 143 lines · 143 code · 0 blank · 0 comment · 0 complexity · b35b50c354768b5f1eab634ebe616d6c MD5 · raw file

  1. .\" Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC")
  2. .\"
  3. .\" Permission to use, copy, modify, and/or distribute this software for any
  4. .\" purpose with or without fee is hereby granted, provided that the above
  5. .\" copyright notice and this permission notice appear in all copies.
  6. .\"
  7. .\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  8. .\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  9. .\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  10. .\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  11. .\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  12. .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  13. .\" PERFORMANCE OF THIS SOFTWARE.
  14. .\"
  15. .\" $Id$
  16. .\"
  17. .hy 0
  18. .ad l
  19. .\" Title: dnssec\-dsfromkey
  20. .\" Author:
  21. .\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
  22. .\" Date: August 26, 2009
  23. .\" Manual: BIND9
  24. .\" Source: BIND9
  25. .\"
  26. .TH "DNSSEC\-DSFROMKEY" "8" "August 26, 2009" "BIND9" "BIND9"
  27. .\" disable hyphenation
  28. .nh
  29. .\" disable justification (adjust text to left margin only)
  30. .ad l
  31. .SH "NAME"
  32. dnssec\-dsfromkey \- DNSSEC DS RR generation tool
  33. .SH "SYNOPSIS"
  34. .HP 17
  35. \fBdnssec\-dsfromkey\fR [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] {keyfile}
  36. .HP 17
  37. \fBdnssec\-dsfromkey\fR {\-s} [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-s\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfile\fR\fR] [\fB\-A\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {dnsname}
  38. .SH "DESCRIPTION"
  39. .PP
  40. \fBdnssec\-dsfromkey\fR
  41. outputs the Delegation Signer (DS) resource record (RR), as defined in RFC 3658 and RFC 4509, for the given key(s).
  42. .SH "OPTIONS"
  43. .PP
  44. \-1
  45. .RS 4
  46. Use SHA\-1 as the digest algorithm (the default is to use both SHA\-1 and SHA\-256).
  47. .RE
  48. .PP
  49. \-2
  50. .RS 4
  51. Use SHA\-256 as the digest algorithm.
  52. .RE
  53. .PP
  54. \-a \fIalgorithm\fR
  55. .RS 4
  56. Select the digest algorithm. The value of
  57. \fBalgorithm\fR
  58. must be one of SHA\-1 (SHA1), SHA\-256 (SHA256) or GOST. These values are case insensitive.
  59. .RE
  60. .PP
  61. \-K \fIdirectory\fR
  62. .RS 4
  63. Look for key files (or, in keyset mode,
  64. \fIkeyset\-\fR
  65. files) in
  66. \fBdirectory\fR.
  67. .RE
  68. .PP
  69. \-f \fIfile\fR
  70. .RS 4
  71. Zone file mode: in place of the keyfile name, the argument is the DNS domain name of a zone master file, which can be read from
  72. \fBfile\fR. If the zone name is the same as
  73. \fBfile\fR, then it may be omitted.
  74. .RE
  75. .PP
  76. \-A
  77. .RS 4
  78. Include ZSK's when generating DS records. Without this option, only keys which have the KSK flag set will be converted to DS records and printed. Useful only in zone file mode.
  79. .RE
  80. .PP
  81. \-l \fIdomain\fR
  82. .RS 4
  83. Generate a DLV set instead of a DS set. The specified
  84. \fBdomain\fR
  85. is appended to the name for each record in the set. The DNSSEC Lookaside Validation (DLV) RR is described in RFC 4431.
  86. .RE
  87. .PP
  88. \-s
  89. .RS 4
  90. Keyset mode: in place of the keyfile name, the argument is the DNS domain name of a keyset file.
  91. .RE
  92. .PP
  93. \-c \fIclass\fR
  94. .RS 4
  95. Specifies the DNS class (default is IN). Useful only in keyset or zone file mode.
  96. .RE
  97. .PP
  98. \-v \fIlevel\fR
  99. .RS 4
  100. Sets the debugging level.
  101. .RE
  102. .SH "EXAMPLE"
  103. .PP
  104. To build the SHA\-256 DS RR from the
  105. \fBKexample.com.+003+26160\fR
  106. keyfile name, the following command would be issued:
  107. .PP
  108. \fBdnssec\-dsfromkey \-2 Kexample.com.+003+26160\fR
  109. .PP
  110. The command would print something like:
  111. .PP
  112. \fBexample.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94\fR
  113. .SH "FILES"
  114. .PP
  115. The keyfile can be designed by the key identification
  116. \fIKnnnn.+aaa+iiiii\fR
  117. or the full file name
  118. \fIKnnnn.+aaa+iiiii.key\fR
  119. as generated by
  120. dnssec\-keygen(8).
  121. .PP
  122. The keyset file name is built from the
  123. \fBdirectory\fR, the string
  124. \fIkeyset\-\fR
  125. and the
  126. \fBdnsname\fR.
  127. .SH "CAVEAT"
  128. .PP
  129. A keyfile error can give a "file not found" even if the file exists.
  130. .SH "SEE ALSO"
  131. .PP
  132. \fBdnssec\-keygen\fR(8),
  133. \fBdnssec\-signzone\fR(8),
  134. BIND 9 Administrator Reference Manual,
  135. RFC 3658,
  136. RFC 4431.
  137. RFC 4509.
  138. .SH "AUTHOR"
  139. .PP
  140. Internet Systems Consortium
  141. .SH "COPYRIGHT"
  142. Copyright \(co 2008\-2010 Internet Systems Consortium, Inc. ("ISC")
  143. .br